Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to use internet after Combofix.


  • This topic is locked This topic is locked
13 replies to this topic

#1 Aspida

Aspida

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 18 June 2012 - 12:18 PM

Hi.

If any of you out there are thinking "this stupid kid probably messed something up, using Combofix on her own without supervision from a professional on this website", then you're absolutely right.

So here's my problem:

For the past few days, I've had some kind of problem with a Google redirect virus. Whenever I made a Google search, half of the links would be directed to Infosearch or some other kind of cheap-looking search engine. I tried a full scan with Avast!, Malwarebytes, SUPERAntiSpyware, and Hitman Pro, but nothing came up, the problem was still there, and a website had Combofix mentioned in its list of programs to use for this particular problem. (This all happened yesterday at about 3:00 PM Pacific time, so approximately 19 hours ago.)

Before using Combofix, I had System Restore create a restore point to return to.

I then used Combofix. When Combofix was finished, I couldn't used any program; Internet Explorer and Firefox had the warning that a rootkit was marked for deletion, and even opening text files that I previously made in notepad had the error. I was able to use them, however, if I specifically opened them as an administrator.

So I went into System Restore and restored the computer to a point just before using Combofix. I could use all of my programs again without the warning and everything was working fine.

I decided to uninstalled Combofix as per the instructions on the Bleeping Computer's "A guide and tutorial on using ComboFix". Everything was working fine now (although that Google redirect thing was still there; that was fine), and I did some general browsing on the internet for a couple of hours. (Basically just Wikipedia surfing.)

I shut my laptop off for about an hour and when I turned it back on, I couldn't use the internet anymore. The laptop kept attempting to connect to the internet but was unable to. It is also unable to connect to my college's network, which I am at right now and have been able to connect to before. I also have a second computer at home, in case I need to get anything off the internet.

Since this problem happened shortly after using Combofix, I assume this problem is probably related to using it. (Which is not the fault of the creator or anyone on this website; again, it was completely my fault for attempting to use it on my own.)

Can anyone help me with possibly getting my internet back?

I still have the log from after using Combofix, and I should be able to post that in a little bit.

(This was also with Windows 7. I noticed DanW1967 posted a similar problem a few days ago and just got a reply today; perhaps they're related?)

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:08 AM

Posted 18 June 2012 - 01:31 PM

Hi,

His is a different issue than your own

unfortunately, there is a slight glitch with combofix at the moment

please download a fresh copy of ComboFix and run it (transfer over to your desktop via USB)

that should restore your internet connection

post the log

ComboFix

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Aspida

Aspida
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 18 June 2012 - 03:17 PM

Hi again.

My internet's back now. :lol:

That problem I had with the message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to open or use any file/program is also back, though. (But I'm just glad to have my internet back!)

And thank you for taking the time to help out! I really very appreciate it.

Here's the log: (In the Other Deletions at the beginning, Elsword is an MMO.)

ComboFix 12-06-16.02 - Aspida 06/18/2012 12:55:12.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.2647 [GMT -7:00]
Running from: c:\users\Aspida\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ElswordInstaller_v2.0523.2.2.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-18 to 2012-06-18 )))))))))))))))))))))))))))))))
.
.
2012-06-18 19:58 . 2012-06-18 19:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-18 01:14 . 2012-06-18 01:14 -------- d-----w- c:\users\Aspida\AppData\Local\ElevatedDiagnostics
2012-06-18 00:07 . 2012-06-18 09:12 -------- d-----w- C:\uninstall
2012-06-17 11:11 . 2012-06-17 11:11 -------- d-----w- c:\programdata\GFI Software
2012-06-17 06:00 . 2012-06-17 06:00 -------- d-----w- c:\programdata\SUPERSetup
2012-06-17 04:48 . 2012-06-17 04:48 -------- d-----w- c:\users\Aspida\AppData\Roaming\Malwarebytes
2012-06-17 04:48 . 2012-06-17 04:48 -------- d-----w- c:\programdata\Malwarebytes
2012-06-16 23:28 . 2012-06-16 23:28 -------- d-----w- c:\program files\HitmanPro
2012-06-16 23:23 . 2012-06-16 23:23 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-16 23:13 . 2012-06-16 23:23 -------- d-----w- c:\programdata\HitmanPro
2012-06-16 21:52 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{51363061-DD7B-41A2-AE7F-FED6E8DBDBDB}\mpengine.dll
2012-06-14 08:44 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 08:44 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 08:44 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 08:44 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 08:44 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 08:44 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 08:44 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 08:44 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-27 22:55 . 2012-05-27 22:55 -------- d-----w- c:\program files (x86)\Kill3rCombo
2012-05-27 22:27 . 2012-05-27 22:55 1773185549 ----a-w- c:\program files (x86)\ElswordInstaller_v2.0523.2.2-1a.bin
2012-05-27 22:26 . 2012-05-29 07:44 -------- d-----w- c:\users\Aspida\AppData\Local\PMB Files
2012-05-27 22:26 . 2012-05-27 22:27 -------- d-----w- c:\programdata\PMB Files
2012-05-27 22:26 . 2012-05-27 22:26 -------- d-----w- c:\program files (x86)\Pando Networks
2012-05-20 03:33 . 2012-05-20 03:33 -------- d-----w- c:\users\Aspida\AppData\Roaming\Unity
2012-05-20 03:32 . 2012-05-20 03:32 -------- d-----w- c:\users\Aspida\AppData\Local\Unity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 02:17 . 2012-04-24 01:22 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 02:17 . 2011-11-03 12:51 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 02:17 . 2012-04-24 02:16 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 11:35 . 2012-05-10 00:09 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN1]
@="{CC8811D1-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D1-1B32-4f3d-A9BF-D21C8F3C0366}]
2011-12-20 21:46 249856 ----a-w- c:\program files (x86)\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN2]
@="{CC8811D2-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D2-1B32-4f3d-A9BF-D21C8F3C0366}]
2011-12-20 21:46 249856 ----a-w- c:\program files (x86)\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN3]
@="{CC8811D3-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D3-1B32-4f3d-A9BF-D21C8F3C0366}]
2011-12-20 21:46 249856 ----a-w- c:\program files (x86)\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN4]
@="{CC8811D4-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D4-1B32-4f3d-A9BF-D21C8F3C0366}]
2011-12-20 21:46 249856 ----a-w- c:\program files (x86)\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN5]
@="{CC8811D5-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D5-1B32-4f3d-A9BF-D21C8F3C0366}]
2011-12-20 21:46 249856 ----a-w- c:\program files (x86)\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN6]
@="{CC8811D6-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D6-1B32-4f3d-A9BF-D21C8F3C0366}]
2011-12-20 21:46 249856 ----a-w- c:\program files (x86)\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN7]
@="{CC8811D7-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D7-1B32-4f3d-A9BF-D21C8F3C0366}]
2011-12-20 21:46 249856 ----a-w- c:\program files (x86)\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SmartSVN 6.6 (background).lnk - c:\program files (x86)\SmartSVN 6.6\bin\smartsvn.exe [2011-12-20 213504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-05-12 135608]
R2 statuscached;SmartSVN Status Cache;c:\program files (x86)\SmartSVN 6.6\bin\statuscached.exe [2011-12-20 216576]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 02:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-07 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-07 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-07 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
FF - ProfilePath - c:\users\Aspida\AppData\Roaming\Mozilla\Firefox\Profiles\mm8zfizf.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-18 13:02:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-18 20:02
ComboFix2.txt 2012-06-17 22:39
.
Pre-Run: 266,999,623,680 bytes free
Post-Run: 266,842,087,424 bytes free
.
- - End Of File - - 9670ABF8C1E5535060AF910D4D753E92

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:08 AM

Posted 18 June 2012 - 03:24 PM

That problem I had with the message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to open or use any file/program is also back, though. (But I'm just glad to have my internet back!)


a reboot, will resolve that issue

I'll get back to you with further instructions as soon as I've had a chance to research your log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:08 AM

Posted 18 June 2012 - 03:30 PM

In the Other Deletions at the beginning, Elsword is an MMO


I suspect that installer file was bundled with adware or other unwanted programs but let's have a look at it

It will now be located at:

C:\Qoobox\Quarantine\c\program files (x86)\ElswordInstaller_v2.0523.2.2.exe.vir


submit a file to virustotal for analysis
  • Use the browse button on that page to navigate to the location of the file to be scanned.
  • In the right hand panel,
  • click on the file C:\Qoobox\Quarantine\c\program files (x86)\ElswordInstaller_v2.0523.2.2.exe.vir
  • then click the open button.
  • The file will now be displayed in the submit box.
  • Scroll down a bit and click "send file", wait for the results
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Once scanned, copy and paste the link to the results page in your next reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 Aspida

Aspida
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 18 June 2012 - 06:33 PM

Alrighty. This should be the correct link:

https://www.virustotal.com/file/2d83d56ca15c0a2cf21d3b56e30fb8b1cf20bc45db9f2974dd74d3bdcf6a9bc7/analysis/1340062144/

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:08 AM

Posted 18 June 2012 - 06:37 PM

OK,

only McAffee finds it suspicious, if you have the program installed, then you shouldn't need the installation file, but let me know and I can dequarantine it if you wish to keep it

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 Aspida

Aspida
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 18 June 2012 - 06:45 PM

OK,

only McAffee finds it suspicious, if you have the program installed, then you shouldn't need the installation file, but let me know and I can dequarantine it if you wish to keep it


No thank you. I don't need the file and don't want it for any reason, but thank you for offering!

Is there anything else I should know at this point?

I'm still a little worried about that "Illegal operation attempted on a registry key that has been marked for deletion." warning when clicking on any program. Is it safe to live with that for now?

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:08 AM

Posted 18 June 2012 - 07:35 PM

"Illegal operation attempted on a registry key that has been marked for deletion."


reboot and that will be resolved, it's just a glitch

please run the following:


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 Aspida

Aspida
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 23 June 2012 - 11:02 PM

Hi.

I apologize for the delay. I really got caught up in finals week!

Anyway, here's the log for MalwareBytes:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.23.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Aspida :: ASPIDA-PC [administrator]

Protection: Disabled

6/23/2012 6:46:46 PM
mbam-log-2012-06-23 (18-46-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205728
Time elapsed: 1 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

And here's the result from ESET:

C:\Users\Aspida\AppData\Roaming\Mozilla\Firefox\Profiles\mm8zfizf.default\extensions\wserislpgg@wserislpgg.org.xpi JS/Redirector.NBX trojan

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:08 AM

Posted 23 June 2012 - 11:46 PM

Hi

Please run the following:

Note:

Please allow ComboFix to update if it asks to do so

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Users\Aspida\AppData\Roaming\Mozilla\Firefox\Profiles\mm8zfizf.default\extensions\wserislpgg@wserislpgg.org.xpi

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 Aspida

Aspida
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 24 June 2012 - 12:43 AM

Hi again. Here's my log from the latest scan:

ComboFix 12-06-23.06 - Aspida 06/23/2012 22:05:42.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.2592 [GMT -7:00]
Running from: c:\users\Aspida\Desktop\ComboFix.exe
Command switches used :: c:\users\Aspida\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Aspida\AppData\Roaming\Mozilla\Firefox\Profiles\mm8zfizf.default\extensions\wserislpgg@wserislpgg.org.xpi"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Aspida\AppData\Roaming\Mozilla\Firefox\Profiles\mm8zfizf.default\extensions\wserislpgg@wserislpgg.org.xpi
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-24 05:09 . 2012-06-24 05:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-24 01:45 . 2012-06-24 01:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-24 01:45 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-24 01:34 . 2012-06-24 01:34 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-06-24 01:32 . 2012-06-24 01:32 -------- d-----w- c:\programdata\Symantec
2012-06-24 00:51 . 2012-06-24 00:51 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-24 00:51 . 2012-06-24 00:51 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-23 01:21 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6DC3B87-35DB-44EB-A186-2BBBBB71FEF6}\mpengine.dll
2012-06-22 06:02 . 2012-06-22 06:02 -------- d-----w- c:\users\Aspida\AppData\Roaming\PCCUStubInstaller
2012-06-22 03:43 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 03:43 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 03:43 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 03:43 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 03:42 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 03:42 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 03:42 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 03:42 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 03:42 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 11:12 . 2012-06-20 11:12 -------- d-----w- c:\users\Aspida\AppData\Local\Macromedia
2012-06-18 01:14 . 2012-06-18 01:14 -------- d-----w- c:\users\Aspida\AppData\Local\ElevatedDiagnostics
2012-06-18 00:07 . 2012-06-18 09:12 -------- d-----w- C:\uninstall
2012-06-17 11:11 . 2012-06-17 11:11 -------- d-----w- c:\programdata\GFI Software
2012-06-17 06:00 . 2012-06-17 06:00 -------- d-----w- c:\programdata\SUPERSetup
2012-06-17 04:48 . 2012-06-17 04:48 -------- d-----w- c:\users\Aspida\AppData\Roaming\Malwarebytes
2012-06-17 04:48 . 2012-06-17 04:48 -------- d-----w- c:\programdata\Malwarebytes
2012-06-16 23:28 . 2012-06-16 23:28 -------- d-----w- c:\program files\HitmanPro
2012-06-16 23:23 . 2012-06-16 23:23 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-06-16 23:13 . 2012-06-16 23:23 -------- d-----w- c:\programdata\HitmanPro
2012-06-14 08:44 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 08:44 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 08:44 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 08:44 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 08:44 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 08:44 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 08:44 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 08:44 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-27 22:55 . 2012-05-27 22:55 -------- d-----w- c:\program files (x86)\Kill3rCombo
2012-05-27 22:27 . 2012-05-27 22:55 1773185549 ----a-w- c:\program files (x86)\ElswordInstaller_v2.0523.2.2-1a.bin
2012-05-27 22:26 . 2012-05-29 07:44 -------- d-----w- c:\users\Aspida\AppData\Local\PMB Files
2012-05-27 22:26 . 2012-05-27 22:27 -------- d-----w- c:\programdata\PMB Files
2012-05-27 22:26 . 2012-05-27 22:26 -------- d-----w- c:\program files (x86)\Pando Networks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-20 11:04 . 2012-04-24 01:22 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-20 11:04 . 2011-11-03 12:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 02:17 . 2012-04-24 02:16 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 11:35 . 2012-05-10 00:09 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-18_20.00.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-06-24 05:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-18 19:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-24 05:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-18 19:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-18 19:51 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-24 05:10 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-06-22 23:51 43564 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-06-18 19:53 50220 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-22 23:51 50220 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2012-06-22 23:53 93024 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-24 05:10 . 2012-06-24 05:10 4608 c:\windows\temp\e4j4D73.tmp_dir14169\i4jdel.exe
+ 2012-02-27 02:06 . 2012-06-22 23:51 9734 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3288304763-3680461620-3333654360-1000_UserData.bin
+ 2012-06-24 05:10 . 2012-06-24 05:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-18 19:59 . 2012-06-18 19:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-18 19:59 . 2012-06-18 19:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-24 05:10 . 2012-06-24 05:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-20 11:04 . 2012-06-20 11:04 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe
+ 2012-04-24 01:22 . 2012-06-20 11:04 257224 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-02-27 02:47 . 2012-06-24 00:50 204498 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2012-02-27 01:35 . 2012-06-24 03:39 211306 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-06-24 00:53 624622 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-18 19:57 624622 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-18 19:57 106708 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-24 00:53 106708 c:\windows\system32\perfc009.dat
+ 2012-06-20 11:04 . 2012-06-20 11:04 417480 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_Plugin.exe
- 2009-07-14 05:01 . 2012-06-18 19:59 235008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-24 05:10 235008 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-20 11:04 . 2012-06-20 11:04 9459912 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
+ 2012-06-20 11:04 . 2012-06-20 11:04 1535176 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
- 2009-07-14 04:45 . 2012-06-15 01:05 7185859 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-06-22 23:52 7185859 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-02-27 02:03 . 2012-06-19 01:17 4249848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3288304763-3680461620-3333654360-1000-12288.dat
+ 2009-07-14 02:34 . 2012-06-22 03:54 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-06-14 14:31 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-06-20 11:04 . 2012-06-20 11:04 12310216 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll
+ 2012-02-27 02:03 . 2012-06-24 05:10 21178524 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3288304763-3680461620-3333654360-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN1]
@="{CC8811D1-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D1-1B32-4f3d-A9BF-D21C8F3C0366}]
2011-12-20 21:46 249856 ----a-w- c:\program files (x86)\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN2]
@="{CC8811D2-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D2-1B32-4f3d-A9BF-D21C8F3C0366}]
2011-12-20 21:46 249856 ----a-w- c:\program files (x86)\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN3]
@="{CC8811D3-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D3-1B32-4f3d-A9BF-D21C8F3C0366}]
2011-12-20 21:46 249856 ----a-w- c:\program files (x86)\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN4]
@="{CC8811D4-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D4-1B32-4f3d-A9BF-D21C8F3C0366}]
2011-12-20 21:46 249856 ----a-w- c:\program files (x86)\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN5]
@="{CC8811D5-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D5-1B32-4f3d-A9BF-D21C8F3C0366}]
2011-12-20 21:46 249856 ----a-w- c:\program files (x86)\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN6]
@="{CC8811D6-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D6-1B32-4f3d-A9BF-D21C8F3C0366}]
2011-12-20 21:46 249856 ----a-w- c:\program files (x86)\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SmartSVN7]
@="{CC8811D7-1B32-4f3d-A9BF-D21C8F3C0366}"
[HKEY_CLASSES_ROOT\CLSID\{CC8811D7-1B32-4f3d-A9BF-D21C8F3C0366}]
2011-12-20 21:46 249856 ----a-w- c:\program files (x86)\SmartSVN 6.6\lib\shellext32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SmartSVN 6.6 (background).lnk - c:\program files (x86)\SmartSVN 6.6\bin\smartsvn.exe [2011-12-20 213504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-05-12 135608]
R2 statuscached;SmartSVN Status Cache;c:\program files (x86)\SmartSVN 6.6\bin\statuscached.exe [2011-12-20 216576]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-24 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-07 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-07 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-07 416024]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
FF - ProfilePath - c:\users\Aspida\AppData\Roaming\Mozilla\Firefox\Profiles\mm8zfizf.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-23 22:13:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-24 05:13
ComboFix2.txt 2012-06-18 20:02
ComboFix3.txt 2012-06-17 22:39
.
Pre-Run: 263,003,430,912 bytes free
Post-Run: 262,902,702,080 bytes free
.
- - End Of File - - FC2A57195A939658AF7E1CC70C01CC18

I don't seem to have any additional problems. All of my programs are running fine and my computer's running as well as it ever has been.

With that latest run of ComboFix, the redirect virus seems to have been taken care of. Doing a search for Wikipedia on Google and going to links I knew could be trusted, none of the links were redirected, whereas most of them would have been redirected before.

I wholeheartedly thank you for all of your help; never have I been given such well-informed, speedy, and excellent service! This is definitely a place I'll keep in mind in case I start having more issues in the future.

If you don't have anything left for me to do, everything seems to be fine on my computer for the time being.

Once again, thank you very much!

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:08 AM

Posted 24 June 2012 - 07:44 AM

we do have a tool routine to run, but I need a list of your installed programs so I can make sure everything is up to date, please do the following:


  • Press the Win key + R to open a run box, then copy/paste the following single-line command into the Run box and click OK:

    C:\Qoobox\Add-Remove Programs.txt

  • A text file should open.
  • Post the contents of that file in your next reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:08 AM

Posted 01 July 2012 - 03:15 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users