Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirecting to Adobe (rootkit?)


  • This topic is locked This topic is locked
14 replies to this topic

#1 DSchuler

DSchuler

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 25 June 2013 - 04:35 PM

I believe my computer is infected with something or other.  Every time I try to browse to google.com it goes to Adobe instead.  I've tried scanning with my anti-virus software, with Malwarebytes, and with Kaspersky's TDSSKiller--no joy.

 

Help!

Attached Files

  • Attached File  DDS.txt   16.19KB   0 downloads


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:37 PM

Posted 25 June 2013 - 08:42 PM

Please download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.

  • Press Scan button.

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 DSchuler

DSchuler
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 26 June 2013 - 12:39 PM

FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-06-2013 02
Ran by Dave (administrator) on 26-06-2013 12:36:38
Running from C:\Users\Dave\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Roxio\BackOnTrack\App\BService.exe
() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
() C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2svc.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\center\KodakSvc.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2comm.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2pre.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2tray.exe
(Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe
(Wacom Technology, Corp.) C:\Windows\system32\WTablet\Pen_TabletUser.exe
() C:\Program Files\GIGABYTE\ET6\GUI.exe
(Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files\Roxio 2012\5.0\CPMonitor.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe
() C:\Program Files\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files\Plustek\OpticFilm 7600i\QuickScan.exe
(Rovi Corporation) C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchUser.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
(Spigot, Inc.) C:\Program Files\Application Updater\ApplicationUpdater.exe
(Spigot, Inc.) C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
(Plex, Inc.) C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe
(Plex, Inc.) C:\Program Files\Plex\Plex Media Server\PlexDlnaServer.exe
() C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
(Opera Software) C:\Program Files\Opera\opera.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10021480 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [Conime] %windir%\system32\conime.exe [27648 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [1511424 2009-04-07] (Eastman Kodak Company)
HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [293360 2011-07-13] (Rovi Corporation)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler [324976 2010-05-21] (Flexera Software, Inc.)
HKLM\...\Run: [CPMonitor] "C:\Program Files\Roxio 2012\5.0\CPMonitor.exe" [84464 2011-07-08] ()
HKLM\...\Run: [Desktop Disc Tool] "C:\Program Files\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe" [506352 2011-06-12] ()
HKLM\...\Run: [] [x]
HKLM\...\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" [1302336 2013-06-07] (Spigot, Inc.)
HKLM\...\RunOnce: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETCall.exe [20480 2007-07-26] ()
HKLM\...\RunOnce: [1] C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p [218184 2013-04-04] ()
HKCU\...\Run: [StartUp This] "C:\Program Files\Laplink\PCmover\LaunchSt.exe" [251256 2010-06-16] (Laplink Software, Inc.)
HKCU\...\Run: [Plex Media Server] "C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe" [3795688 2012-12-04] (Plex, Inc.)
HKCU\...\RunOnce: [Application Restart #0] C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe "C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe" "C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe" "C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe" [294400 2009-07-13] (Microsoft Corporation)
MountPoints2: {9e35aabe-16bb-11e2-8f3c-80d28ca2c754} - G:\LaunchU3.exe -a
MountPoints2: {c1dfbcbf-b530-11e1-bff1-f1ce92e2885c} - G:\LaunchU3.exe -a
Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickScan (OpticFilm 7600i).lnk
ShortcutTarget: QuickScan (OpticFilm 7600i).lnk -> C:\Program Files\Plustek\OpticFilm 7600i\QuickScan.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
URLSearchHook: FreeRIP Toolbar - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Program Files\FreeRIP Toolbar\IE\7.2\freeripToolbarIE.dll (Spigot, Inc.)
HKCU SearchScopes: DefaultScope {C3F34AFD-4CEC-40CC-B258-E4F5F77211BC} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
SearchScopes: HKCU - {C3F34AFD-4CEC-40CC-B258-E4F5F77211BC} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO: FreeRIP Toolbar - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Program Files\FreeRIP Toolbar\IE\7.2\freeripToolbarIE.dll (Spigot, Inc.)
BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\27.0.1453.116\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" No File
Toolbar: HKLM - FreeRIP Toolbar - {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - C:\Program Files\FreeRIP Toolbar\IE\7.2\freeripToolbarIE.dll (Spigot, Inc.)
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155318949446
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\27.0.1453.116\npchrome_frame.dll (Google Inc.)
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 208.67.220.220 208.67.222.222

FireFox:
========
FF ProfilePath: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\pyznrnn6.default
FF SearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Dave\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Ancestry.com Advanced Image Viewer - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\pyznrnn6.default\Extensions\support@ancestry.com
FF Extension: freerip - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\pyznrnn6.default\Extensions\freerip@mybrowserbar.com
FF Extension: No Name - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\pyznrnn6.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Adobe ESD Manager Plugin) - C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll (Adobe Systems Incorporated)
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (MSN\u00AE Toolbar) - C:\Program Files\MSN Toolbar\Platform\4.0.0417.0\npwinext.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (avast! Online Security) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.7_0
CHR Extension: (Savings-Slider) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.3_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0

========================== Services (Whitelisted) =================

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2011-02-09] ()
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [806776 2013-06-07] (Spigot, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 BOT4Service; C:\Program Files\Roxio\BackOnTrack\App\BService.exe [21488 2011-07-15] ()
S4 BOTService; C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [211440 2011-07-14] (Rovi Corporation)
R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
R2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] ()
R2 GoToMyPC; C:\Program Files\Citrix\GoToMyPC\g2svc.exe [1319768 2013-03-13] (Citrix Online, a division of Citrix Systems, Inc.)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe [279960 2009-05-04] (Eastman Kodak Company)
R2 KodakSvc; C:\Program Files\Kodak\AiO\center\KodakSvc.exe [32768 2009-04-17] (Eastman Kodak Company)
S3 RoxMediaDB13; C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1095664 2011-07-13] (Rovi Corporation)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [340976 2011-07-13] (Rovi Corporation)
R2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [113448 2009-11-23] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [18544 2011-01-10] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [765736 2013-05-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [368944 2013-05-09] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [174664 2013-05-09] ()
R3 EtronHub3; C:\Windows\System32\Drivers\EtronHub3.sys [32256 2011-01-26] (Etron Technology Inc)
R3 EtronXHCI; C:\Windows\System32\Drivers\EtronXHCI.sys [52224 2011-01-26] (Etron Technology Inc)
R3 gdrv; C:\Windows\gdrv.sys [17488 2013-06-12] (Windows ® 2000 DDK provider)
R3 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2013-06-12] ()
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-09-21] (Intel Corporation)
R2 monblanking; C:\Windows\System32\DRIVERS\monblanking.sys [28416 2013-03-13] (Citrix Systems, Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45744 2011-05-24] (Rovi Corporation)
R0 SysCow; C:\Windows\System32\drivers\syscow32v.sys [81904 2010-05-23] (Sonic Solutions)
R3 WacomVTHid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [13480 2009-07-09] (Wacom Technology)
U3 mbr; \??\C:\Users\Dave\AppData\Local\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-26 12:36 - 2013-06-26 12:36 - 00000000 ____D C:\FRST
2013-06-26 12:35 - 2013-06-26 12:35 - 01370251 ____A (Farbar) C:\Users\Dave\Downloads\FRST.exe
2013-06-25 16:30 - 2013-06-25 16:31 - 00000000 ____D C:\Users\Dave\Downloads\20130625
2013-06-25 16:30 - 2013-06-25 16:30 - 00000000 ____D C:\Users\Dave\Downloads\New folder
2013-06-25 16:29 - 2013-06-25 16:29 - 00016582 ____A C:\Users\Dave\Desktop\dds.txt
2013-06-25 16:29 - 2013-06-25 16:29 - 00007115 ____A C:\Users\Dave\Desktop\attach.txt
2013-06-25 16:27 - 2013-06-25 16:27 - 00688992 ____R (Swearware) C:\Users\Dave\Downloads\dds.com
2013-06-25 15:57 - 2013-06-25 15:57 - 02240864 ____A (Kaspersky Lab ZAO) C:\Users\Dave\Downloads\tdsskiller.exe
2013-06-14 19:00 - 2013-06-14 19:00 - 00000000 ____D C:\Program Files\FreeRIP Toolbar
2013-06-14 19:00 - 2013-06-14 19:00 - 00000000 ____D C:\Program Files\Application Updater
2013-06-12 03:00 - 2013-05-16 18:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 03:00 - 2013-05-16 17:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 03:00 - 2013-05-16 17:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 03:00 - 2013-05-16 17:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 03:00 - 2013-05-16 17:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 03:00 - 2013-05-16 17:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-12 03:00 - 2013-05-16 17:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-12 03:00 - 2013-05-16 17:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 03:00 - 2013-05-16 17:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 03:00 - 2013-05-16 17:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-12 03:00 - 2013-05-16 17:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-12 03:00 - 2013-05-16 17:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 03:00 - 2013-05-16 17:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 03:00 - 2013-05-16 17:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-12 03:00 - 2013-05-16 17:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 03:00 - 2013-05-16 17:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-11 23:01 - 2013-05-09 22:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-11 23:01 - 2013-04-25 23:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 23:00 - 2013-05-12 23:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-11 23:00 - 2013-05-12 23:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-11 23:00 - 2013-05-12 23:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-11 23:00 - 2013-05-12 22:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-11 23:00 - 2013-05-12 22:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-11 23:00 - 2013-05-08 00:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 23:00 - 2013-05-06 00:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-11 23:00 - 2013-05-06 00:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

==================== One Month Modified Files and Folders ========

2013-06-26 12:36 - 2013-06-26 12:36 - 00000000 ____D C:\FRST
2013-06-26 12:35 - 2013-06-26 12:35 - 01370251 ____A (Farbar) C:\Users\Dave\Downloads\FRST.exe
2013-06-26 12:07 - 2012-01-31 13:39 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-26 11:58 - 2012-04-12 06:35 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-26 08:56 - 2011-09-24 13:57 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-26 06:14 - 2011-09-22 20:35 - 01867962 ____A C:\Windows\WindowsUpdate.log
2013-06-25 21:07 - 2012-01-31 13:39 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-25 16:31 - 2013-06-25 16:30 - 00000000 ____D C:\Users\Dave\Downloads\20130625
2013-06-25 16:30 - 2013-06-25 16:30 - 00000000 ____D C:\Users\Dave\Downloads\New folder
2013-06-25 16:29 - 2013-06-25 16:29 - 00016582 ____A C:\Users\Dave\Desktop\dds.txt
2013-06-25 16:29 - 2013-06-25 16:29 - 00007115 ____A C:\Users\Dave\Desktop\attach.txt
2013-06-25 16:27 - 2013-06-25 16:27 - 00688992 ____R (Swearware) C:\Users\Dave\Downloads\dds.com
2013-06-25 15:57 - 2013-06-25 15:57 - 02240864 ____A (Kaspersky Lab ZAO) C:\Users\Dave\Downloads\tdsskiller.exe
2013-06-19 20:08 - 2012-01-31 13:39 - 00002129 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-15 18:41 - 2009-07-13 23:34 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-15 18:41 - 2009-07-13 23:34 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-14 19:00 - 2013-06-14 19:00 - 00000000 ____D C:\Program Files\FreeRIP Toolbar
2013-06-14 19:00 - 2013-06-14 19:00 - 00000000 ____D C:\Program Files\Application Updater
2013-06-14 19:00 - 2013-02-13 18:17 - 00000000 ____D C:\Program Files\Common Files\Spigot
2013-06-12 03:56 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2013-06-12 03:24 - 2010-11-20 16:01 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-12 03:20 - 2012-04-14 18:26 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-06-12 03:19 - 2012-06-02 07:41 - 00000000 ____D C:\Users\Dave\AppData\Roaming\WTablet
2013-06-12 03:19 - 2011-09-22 21:21 - 00024944 ____A C:\Windows\System32\Drivers\GVTDrv.sys
2013-06-12 03:19 - 2011-09-22 21:21 - 00017488 ____A (Windows ® 2000 DDK provider) C:\Windows\gdrv.sys
2013-06-12 03:19 - 2011-09-22 21:21 - 00000004 ____A C:\Windows\System32\GVTunner.ref
2013-06-12 03:19 - 2009-07-13 23:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-12 03:19 - 2009-07-13 23:39 - 00031333 ____A C:\Windows\setupact.log
2013-06-11 19:58 - 2012-04-12 06:35 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 19:58 - 2011-09-22 21:00 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-07 04:53 - 2009-07-13 21:04 - 00002577 ____A C:\Windows\System32\config.nt
2013-05-27 00:31 - 2011-09-24 13:54 - 00000000 ____D C:\Program Files\Conversions Plus

Files to move or delete:
====================
C:\Users\Dave\314_gotomypc.exe
C:\Users\Dave\gotomypc_314.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-23 00:21

==================== End Of Log ============================

 

Addition.txt

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-06-2013 02
Ran by Dave at 2013-06-26 12:37:03
Running from C:\Users\Dave\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

@BIOS (Version: 2.11)
010 Editor 3.2.2
Adobe AIR (Version: 3.7.0.1860)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Photoshop Elements 2.0 (Version: 2.0)
Adobe Photoshop Lightroom 3.6 (Version: 3.6.1)
Adobe Reader X (10.1.7) (Version: 10.1.7)
aiofw (Version: 3.40.0000.0000)
aioprnt (Version: 4.00.0000.0000)
aioscnnr (Version: 4.00.0000.0000)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.33)
avast! Free Antivirus (Version: 8.0.1489.0)
AVS Video Converter 4.2.1.323
Bamboo
Bing Bar (Version: 7.1.391.0)
Bonjour (Version: 2.0.4.0)
CanoScan Toolbox Ver4.9
CCleaner (Version: 3.10)
center (Version: 3.40.0000.0000)
CodeBase 6.5 Release 3 (Version: 6.5 r3)
CodeBase 6.5 Release 3 CodeControls
CodeReporter - CodeBase 6.5 Release 3
Conversions Plus 6.05
DirectX 9 Runtime (Version: 1.00.0000)
DivX Setup (Version: 2.5.0.15)
Documents To Go (Version: 7.006.940)
Doom 3 (Version: 1.00.0000)
Dungeon Siege 2
Dungeon Siege 2 Broken World (Version: 1.00.0000)
Easy Tune 6 B10.1216.1 (Version: 1.00.0000)
eFax Messenger 4.3 (Version: 4.3)
Etron USB3.0 Host Controller (Version: 0.95)
Face Filter (Version: 1.0.007)
FlexCell Grid Control Full Version (Version: 5.5.2)
FlipShare (Version: 5.12.3.0)
FreeRIP Toolbar v7.2 (Version: 7.2)
FreeRIP3 3.70 (Version: 3.70)
FTP Commander Pro
Google Chrome (Version: 27.0.1453.116)
Google Chrome Frame (Version: 27.0.1453.116)
Google Update Helper (Version: 1.3.21.145)
GoToMyPC (Version: 8.0.943)
ImgBurn (Version: 2.5.6.0)
InfraRecorder
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1118)
Intel® Processor Graphics (Version: 8.15.10.2279)
InterVideo WinDVD 4
KODAK AiO Home Center (Version: 3.40.0.0)
ksDIP (Version: 3.20.0000.0000)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mediashop RingPlus 3.0 (Version: 3.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6425.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Web Publishing Wizard 1.52
MiKTeX (Version: 2.4)
Mozilla Firefox 14.0.1 (x86 en-US) (HKCU Version: 14.0.1)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Nikon View 6
Nucleus Kernel for FAT and NTFS Demo ver 4.03
Nucleus Kernel for FAT and NTFS ver 4.03
OmniPage SE 2.0 (Version: 2.00.0004)
ON_OFF Charge B11.0110.1 (Version: 1.00.0001)
Opera 12.15 (Version: 12.15.1748)
OpticFilm 7600i (Version: 4.1.0)
Palm (Version: 4.1.0420)
Palm® Support Center (Version: 1.0)
PCmover Professional (Version: 6.00.620.0)
PGP Desktop (Version: 9.0.5.5050)
Plex (HKCU Version: 0.9.504)
Plex Media Server (Version: 0.9.707)
Portal
PreReq (Version: 3.20.0000.0000)
qBittorrent 2.7.0 (Version: 2.7.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6282)
Roxio BackOnTrack (Version: 4.1)
Roxio BackOnTrackPE (Version: 4.0)
Roxio Burn - Secure (Version: 1.6)
Roxio CinePlayer (Version: 5.8)
Roxio CinePlayer Decoder Pack (Version: 4.3.0)
Roxio Creator 2012 Pro (Version: 1.3.675)
Roxio Creator 2012 Pro (Version: 13.5)
Roxio Creator 2012 Pro (Version: 6.5.0)
Roxio Creator Content 2012 (Version: 13.5.609)
Roxio System Rollback (Version: 3.9.0)
Roxio System Rollback Recovery Disk (Version: 3.9.0)
Roxio Video Capture USB (Version: 1.22.0000)
SmartSound Common Data (Version: 1.1.0)
SmartSound Quicktracks 5 (Version: 5.1.7)
Steam (Version: 1.0.0.0)
System Requirements Lab
The Print Shop 21 (Version: 21.00.0000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Videora iPod Converter 0.91 (Version: 0.91)
WebFldrs XP (Version: 9.50.7523)
WebTablet IE Plugin (Version: 1.1.0.4)
WebTablet Netscape Plugin (Version: 1.1.0.3)
Windows Driver Package - Citrix Systems monblanking Citrix Driver (06/26/2012 6.3.0.48) (Version: 06/26/2012 6.3.0.48)
WinFF 1.0.4
WinZip (Version: 10.0 (6685))

==================== Restore Points =========================

15-05-2013 08:00:12 Windows Update
21-05-2013 08:48:51 Windows Update
28-05-2013 08:48:40 Windows Update
04-06-2013 08:48:46 Windows Update
11-06-2013 07:05:43 Windows Update
12-06-2013 08:00:12 Windows Update
20-06-2013 05:00:03 Scheduled Checkpoint

==================== Scheduled Tasks (whitelisted) =============

Task: {24EBC617-5BF3-4C54-8835-EAE8ECF1567D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {7BCD2E39-168F-4DD0-9ABA-0520EE20EF4E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {8A6DDA86-DBA7-4D91-AAF6-E4CB3A827ADB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-31] (Google Inc.)
Task: {A1528220-C1FF-429B-A0AE-D6537A3DB399} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {F8CC0EE3-7EE9-492A-AEEF-08AEC48D4C2C} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {FB94454B-9CAE-4196-90F1-4D511EED8D2F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-31] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe

==================== Faulty Device Manager Devices =============

Name: Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Description: Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros
Service: L1C
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (06/26/2013 03:15:21 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/26/2013 03:13:43 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/25/2013 07:36:24 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (06/25/2013 00:53:41 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (06/25/2013 00:31:15 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/25/2013 00:30:13 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/24/2013 07:41:23 PM) (Source: Desktop Window Manager) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8007000e)

Error: (06/24/2013 06:31:07 PM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP9+0438._smb._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (06/24/2013 06:31:07 PM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP9+0438._scanner._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (06/24/2013 06:31:07 PM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(KodakESP9+0438._pdl-datastream._tcp.local.) active for over two minutes. This places considerable burden on the network.


System errors:
=============
Error: (06/26/2013 04:56:02 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk2\DR6, has a bad block.

Error: (06/25/2013 04:29:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

Error: (06/23/2013 01:01:09 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

Error: (06/23/2013 01:00:38 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

Error: (06/16/2013 01:01:12 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

Error: (06/16/2013 01:00:41 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

Error: (06/12/2013 03:21:56 AM) (Source: DCOM) (User: )
Description: {DF221D96-D779-40E9-8AA9-4DA0A32BECFF}

Error: (06/12/2013 03:20:44 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

Error: (06/12/2013 03:20:14 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GoToMyPC service.

Error: (06/12/2013 03:17:01 AM) (Source: Service Control Manager) (User: )
Description: The Kodak AiO Network Discovery Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (06/26/2013 03:15:21 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Plustek\opticfilm 7600i\Setup\DPInst64.exe

Error: (06/26/2013 03:13:43 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings64.exe

Error: (06/25/2013 07:36:24 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (06/25/2013 00:53:41 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (06/25/2013 00:31:15 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Plustek\opticfilm 7600i\Setup\DPInst64.exe

Error: (06/25/2013 00:30:13 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings64.exe

Error: (06/24/2013 07:41:23 PM) (Source: Desktop Window Manager)(User: )
Description: 0x8007000e

Error: (06/24/2013 06:31:07 PM) (Source: Bonjour Service)(User: )
Description: Client application bug: DNSServiceResolve(KodakESP9+0438._smb._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (06/24/2013 06:31:07 PM) (Source: Bonjour Service)(User: )
Description: Client application bug: DNSServiceResolve(KodakESP9+0438._scanner._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (06/24/2013 06:31:07 PM) (Source: Bonjour Service)(User: )
Description: Client application bug: DNSServiceResolve(KodakESP9+0438._pdl-datastream._tcp.local.) active for over two minutes. This places considerable burden on the network.


==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 3503.43 MB
Available physical RAM: 1593.01 MB
Total Pagefile: 7005.15 MB
Available Pagefile: 5007.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:797.86 GB) NTFS
Drive e: (Image-Backup) (Fixed) (Total:931.51 GB) (Free:931.24 GB) NTFS
Drive f: (Image-Primary) (Fixed) (Total:931.51 GB) (Free:926.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 94B51C95)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 5791CECF)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 576B83C8)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Thanks.



#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:37 PM

Posted 26 June 2013 - 01:17 PM

Please run the following

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 DSchuler

DSchuler
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 26 June 2013 - 01:48 PM

That seems to have fixed the original problem.   I can reach google.com and search using both IE and Firefox.  Oddly, I can't using Opera.  I get the following message:

 

 

Invalid URL
The requested URL "/search?q=pc+fix+file&sourceid=opera&ie=utf-8&oe=utf-8&channel=suggest", is invalid.

Reference #9.cf7d98cf.1372272460.24df03d

 

I may need to check with Opera people about that.

 

Thanks.



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:37 PM

Posted 26 June 2013 - 02:25 PM

Try uninstalling Opera, then re-install it.


Do you have the log from ComboFix (C:\ComboFix.txt) as there may be some leftovers that we need to deal with

Edited by CatByte, 26 June 2013 - 02:25 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 DSchuler

DSchuler
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 26 June 2013 - 07:16 PM

Here's the ComboFix log:

 

 

ComboFix 13-06-26.01 - Dave 06/26/2013 13:28:55.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3503.2208 [GMT -5:00]
Running from: c:\users\Dave\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DSCF0001.JPG
C:\DSCF0002.JPG
C:\DSCF0003.JPG
C:\install.exe
C:\LOG113E.tmp
C:\LOG16D.tmp
C:\LOG16F1.tmp
C:\LOG408.tmp
C:\LOG57E.tmp
c:\program files\driver
c:\programdata\boost_interprocess\20130626124313.125599
c:\programdata\boost_interprocess\20130626124313.125599\9334581e-7251-4ef7-a8ec-5bfe8e89ff68
c:\programdata\boost_interprocess\20130626124313.125599\plex_frame_mutex
c:\users\Dave\314_gotomypc.exe
c:\users\Dave\AppData\Roaming\AdobeDLM.log
c:\windows\system32\gotomon.log
c:\windows\system32\regobj.dll
c:\windows\system32\setb0.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-05-26 to 2013-06-26 )))))))))))))))))))))))))))))))
.
.
2013-06-26 18:35 . 2013-06-26 18:36 -------- d-----w- c:\users\Dave\AppData\Local\temp
2013-06-26 18:35 . 2013-06-26 18:35 -------- d-----w- c:\windows\ServiceProfiles\NetworkService\AppData\Local\temp
2013-06-26 18:35 . 2013-06-26 18:35 -------- d-----w- c:\windows\ServiceProfiles\LocalService\AppData\Local\temp
2013-06-26 18:35 . 2013-06-26 18:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-26 17:49 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71387A16-359A-4BFE-ADCF-CE683510BAFC}\mpengine.dll
2013-06-26 17:36 . 2013-06-26 17:36 -------- d-----w- C:\FRST
2013-06-15 00:00 . 2013-06-15 00:00 -------- d-----w- c:\program files\Application Updater
2013-06-15 00:00 . 2013-06-15 00:00 -------- d-----w- c:\program files\FreeRIP Toolbar
2013-06-12 04:01 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 04:01 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 04:00 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 04:00 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 04:00 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 04:00 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 04:00 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 04:00 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 04:00 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 04:00 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-26 17:45 . 2011-09-23 01:57 369456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-26 17:45 . 2011-09-23 01:57 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-26 17:44 . 2011-09-23 02:21 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2013-06-26 17:44 . 2011-09-23 02:21 17488 ----a-w- c:\windows\gdrv.sys
2013-06-12 00:58 . 2012-04-12 11:35 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 00:58 . 2011-09-23 02:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-09 08:59 . 2013-03-22 14:58 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-03-22 14:58 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2012-03-19 12:29 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2011-09-23 01:57 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2011-09-23 01:57 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2011-09-23 01:57 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2011-09-23 01:56 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-09-23 01:56 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-02 07:06 . 2011-09-23 01:49 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-24 11:15 . 2013-04-24 11:15 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 04:45 . 2013-05-14 21:10 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-14 21:10 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 13:19 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-14 21:10 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18 . 2013-05-14 21:10 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14 . 2013-05-14 21:10 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 19:50 . 2012-10-15 11:33 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-28 16:16 . 2012-01-26 13:29 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . A45D184DF6A8803DA13A0B329517A64A . 149504 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_81a53e87bd5d36aa\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\System32\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\System32\dllcache\appmgmts.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\System32\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\System32\dllcache\msgsvc.dll
.
[-] 2005-01-28 18:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2005-01-28 18:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\System32\MsPMSNSv.dll
[-] 2005-01-28 18:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\System32\dllcache\mspmsnsv.dll
[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll
[-] 2004-08-04 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\System32\ntmssvc.dll
[-] 2004-08-04 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\System32\dllcache\ntmssvc.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\System32\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\System32\dllcache\srsvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartUp This"="c:\program files\Laplink\PCmover\LaunchSt.exe" [2010-06-16 251256]
"Plex Media Server"="c:\program files\Plex\Plex Media Server\Plex Media Server.exe" [2012-12-04 3795688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-14 143384]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-14 177176]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-14 178200]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-01-04 10021480]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Conime"="c:\windows\system32\conime.exe" [2004-08-04 27648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-04-07 1511424]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2011-07-13 293360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976]
"CPMonitor"="c:\program files\Roxio 2012\5.0\CPMonitor.exe" [2011-07-08 84464]
"Desktop Disc Tool"="c:\program files\Roxio 2012\Roxio Burn\RoxioBurnLauncher.exe" [2011-06-13 506352]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-06-07 1302336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickScan (OpticFilm 7600i).lnk - c:\program files\Plustek\OpticFilm 7600i\QuickScan.exe [2011-9-29 339968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
R0 GVTDrv;GVTDrv; [x]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R4 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [2011-07-14 211440]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 18544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\App\SaibSVC.exe [2011-02-09 457200]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2013-06-07 806776]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
S2 BOT4Service;BOT4Service;c:\program files\Roxio\BackOnTrack\App\BService.exe [2011-07-15 21488]
S2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-01-26 32256]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-01-26 52224]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 76871335
*Deregistered* - 76871335
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 01:07 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 00:58]
.
2013-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-31 18:39]
.
2013-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-31 18:39]
.
2011-09-12 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.254.254 208.67.220.220 208.67.222.222
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\pyznrnn6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=
FF - ExtSQL: !HIDDEN! 2011-09-24 14:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-76871335.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-26 13:37:39
ComboFix-quarantined-files.txt 2013-06-26 18:37
.
Pre-Run: 860,236,840,960 bytes free
Post-Run: 862,464,180,224 bytes free
.
- - End Of File - - 89973ED96F1D0989202560A03C3DAA30
A36C5E4F47E84449FF07ED3517B43A31

 

Clearing Opera's cache seems to have eliminated the residual problem I was having there.  Everything seems to be working fine at this point.  Do we have any "leftovers"?



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:37 PM

Posted 26 June 2013 - 09:04 PM

Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
NEXT
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 DSchuler

DSchuler
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 27 June 2013 - 09:19 AM

JRT log:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by Dave on Thu 06/27/2013 at 7:51:17.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] application updater
Successfully deleted: [Service] application updater



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchsettings



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\application updater
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\search settings
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef"



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\freerip"
Failed to delete: [Folder] "C:\ProgramData\application data\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Dave\appdata\locallow\freerip"
Successfully deleted: [Folder] "C:\Users\Dave\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Program Files\application updater"
Successfully deleted: [Folder] "C:\Program Files\freerip toolbar"
Successfully deleted: [Folder] "C:\Program Files\freerip3"
Successfully deleted: [Folder] "C:\Program Files\Common Files\spigot"



~~~ FireFox

Emptied folder: C:\Users\Dave\AppData\Roaming\mozilla\firefox\profiles\pyznrnn6.default\minidumps [13 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/27/2013 at 7:52:42.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

AdwCleaner log:

 

 

# AdwCleaner v2.303 - Logfile created 06/27/2013 at 07:55:49
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Dave - UPSTAIRS
# Boot Mode : Normal
# Running from : C:\Users\Dave\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\pyznrnn6.default\extensions\freerip@mybrowserbar.com
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP3

***** [Registry] *****

Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3157AA407841454BB0C9BE8D1982BC9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Search Settings

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\pyznrnn6.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.15.1748.0

File : C:\Users\Dave\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2086 octets] - [27/06/2013 07:55:49]

########## EOF - C:\AdwCleaner[S1].txt - [2146 octets] ##########

 

MBAM log:

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.27.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Dave :: UPSTAIRS [administrator]

6/27/2013 8:01:02 AM
mbam-log-2013-06-27 (08-01-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231553
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

ESET Scanner threats detected:

 

 

C:\Program Files\Laplink\PCmover\x32\cppwdsvc.exe a variant of Win32/PSWTool.PWDump.A application
C:\Users\Dave\AppData\Local\Downloaded Installations\{22FA2064-F3D1-4F3E-8664-BA980ABA3128}\PCmover Professional.msi multiple threats
C:\Users\Public\Downloads\SetupImgBurn_2.5.6.0.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Windows\Installer\11445c3.msi multiple threats
C:\Windows\Installer\daa7ebd.msi a variant of Win32/Toolbar.Widgi application



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:37 PM

Posted 27 June 2013 - 04:10 PM

Please do the following:
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Press the WinKey + R to open a run box, type Notepad > click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Program Files\Laplink\PCmover\x32\cppwdsvc.exe 
C:\Users\Dave\AppData\Local\Downloaded Installations\{22FA2064-F3D1-4F3E-8664-BA980ABA3128}\PCmover Professional.msi 
C:\Users\Public\Downloads\SetupImgBurn_2.5.6.0.exe 
C:\Windows\Installer\11445c3.msi 
C:\Windows\Installer\daa7ebd.msi 

ClearJavaCache::
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

CFScriptB-4.gif
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 DSchuler

DSchuler
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 28 June 2013 - 12:12 PM

It seems to be working fine.  Thank you



#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:37 PM

Posted 28 June 2013 - 12:41 PM

We just have some housekeeping to do now,

Please do the following:


You can delete the DDS, JRT, and FRST logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix
  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix_uninstall_image.jpg


NEXT
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.
If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    %5BB%5DPC Safety and Security--What Do I Need?.[/b]
  • Simple and easy ways to keep your computer safe and secure on the Internet
Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 DSchuler

DSchuler
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:37 AM

Posted 28 June 2013 - 01:40 PM

I've uninstalled ComboFix and adwcleaner, deleted logs, etc.  We seem to be in good shape now.  Thanks for all of your help.



#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:37 PM

Posted 28 June 2013 - 02:33 PM

you are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:37 PM

Posted 22 July 2013 - 08:14 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users