Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't get rid of malware, spyware animation [Solved]


  • This topic is locked This topic is locked

#31
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
Hello, ok,your google chrome is a development build which means it is open to attack so we need to fix that. Most of what eset found are in combofix quarantine,but we will deal with the others shortly.

Step 1

We need to uninstall some programs.

Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.

Select the following programs from the list below, one at a time and click Uninstall.
  • Google Chrome
Once uninstalled,redownload and install from http://www.google.co...index.html#eula
  • 0

Advertisements


#32
psychson

psychson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

OK.

Chrome was uninstalled and installed again.

Now what's next ?

Thanks.


  • 0

#33
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Firstly I do apologise, I thought I had posted my reply and have been waiting for yours. My mistake.

 

As FRST still isn't working properly, lets try to see if this tool can get it moving.

Please download Download RogueKiller by Tigzy to your desktop.

  • Quit all programs
  • Right click roguekiller.pngroguekiller.exe and select Run as Administrator.
  • Wait until Prescan has finished ...
  • Click on Scan. Once finished, click on Report

If the program is blocked, do not hesitate to try several times. If it really does not work(it could happen), rename it to winlogon.com


Please post the contents of the RKreport.txt in your next Reply.


  • 0

#34
psychson

psychson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Hi again,

I was wondering if you had given up on me, luckily not yet  :)

I downloaded and ran RogueKiller and the report is bellow.

Thanks

-----------------

RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Suzie [Administrator]
Mode : Scan -- Date : 12/01/2014  05:12:05
 
¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] Nike+ Connect daemon.exe -- C:\Users\Suzie\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe[-] -> Killed [TermProc]
 
¤¤¤ Registry : 16 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} -> Found
[Suspicious.Path] HKEY_USERS\S-1-5-21-3823719251-145347726-1436220222-1000\Software\Microsoft\Windows\CurrentVersion\Run | Nike+ Connect : "C:\Users\Suzie\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe"  -> Found
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-3823719251-145347726-1436220222-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.uol.com.br/  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> Found
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3823719251-145347726-1436220222-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AC490675-FD03-45B5-B4CC-25DF0BFE305F} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AC490675-FD03-45B5-B4CC-25DF0BFE305F} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{AC490675-FD03-45B5-B4CC-25DF0BFE305F} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Found
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3823719251-145347726-1436220222-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 7 ¤¤¤
[Suspicious.Path] \\{01772589-0850-4154-BD84-C564A5A7C835} -- C:\Users\Suzie\Desktop\FRST.exe -> Found
[Suspicious.Path] \\{14F9E1CB-1DC7-40B0-B8B0-D11746BFB08C} -- C:\Users\Suzie\Desktop\FRST.exe -> Found
[Suspicious.Path] \\{1CDB3F2C-F7E9-441A-B042-97C933F2936E} -- C:\Users\Suzie\Desktop\FRST.exe -> Found
[Suspicious.Path] \\{442743F5-A015-430A-9892-FB870522CC99} -- C:\Users\Suzie\Desktop\FRST.exe -> Found
[Suspicious.Path] \\{7D2410DE-1925-4030-ACE9-0393D7EC915B} -- C:\Users\Suzie\Desktop\FRST.exe -> Found
[Suspicious.Path] \\{BBB2ABB8-F466-4A18-A7CE-79418FBBF480} -- C:\Users\Suzie\Desktop\FRST.exe -> Found
[Suspicious.Path] \\{E151CCBB-88AA-40DC-9A39-0F4B96C34712} -- C:\Users\Suzie\Desktop\FRST.exe -> Found
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 40 (Driver: Loaded) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[43] : Unknown @ 0x8626c634
[SSDT:Addr(Hook.SSDT)] NtCreateKey[70] : Unknown @ 0x861f03ac
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[74] : Unknown @ 0x862326c4
[SSDT:Addr(Hook.SSDT)] NtCreateProcess[79] : Unknown @ 0x8626162c
[SSDT:Addr(Hook.SSDT)] NtCreateProcessEx[80] : Unknown @ 0x8626062c
[SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[86] : Unknown @ 0x8623268c
[SSDT:Addr(Hook.SSDT)] NtCreateThread[87] : Unknown @ 0x862676bc
[SSDT:Addr(Hook.SSDT)] NtCreateThreadEx[88] : Unknown @ 0x86267684
[SSDT:Addr(Hook.SSDT)] NtCreateUserProcess[93] : Unknown @ 0x86246634
[SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[96] : Unknown @ 0x8626c6dc
[SSDT:Addr(Hook.SSDT)] NtDeleteKey[103] : Unknown @ 0x862646bc
[SSDT:Addr(Hook.SSDT)] NtDeleteValueKey[106] : Unknown @ 0x862656bc
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[111] : Unknown @ 0x86232654
[SSDT:Addr(Hook.SSDT)] NtGetContextThread[135] : Unknown @ 0x8623177c
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[155] : Unknown @ 0x8626764c
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[168] : Unknown @ 0x86266684
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[190] : Unknown @ 0x8622d634
[SSDT:Addr(Hook.SSDT)] NtOpenSection[194] : Unknown @ 0x862666bc
[SSDT:Addr(Hook.SSDT)] NtOpenThread[198] : Unknown @ 0x86263634
[SSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[215] : Unknown @ 0x8626c66c
[SSDT:Addr(Hook.SSDT)] NtRenameKey[290] : Unknown @ 0x86264684
[SSDT:Addr(Hook.SSDT)] NtRestoreKey[302] : Unknown @ 0x8626464c
[SSDT:Addr(Hook.SSDT)] NtResumeThread[304] : Unknown @ 0x8623170c
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[316] : Unknown @ 0x86231744
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[350] : Unknown @ 0x862317b4
[SSDT:Addr(Hook.SSDT)] NtSetValueKey[358] : Unknown @ 0x86224e2c
[SSDT:Addr(Hook.SSDT)] NtSystemDebugControl[368] : Unknown @ 0x8626c6a4
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[370] : Unknown @ 0x86268644
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[371] : Unknown @ 0x8623075c
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[399] : Unknown @ 0x8626664c
[ShwSSDT:Addr(Hook.Shadow)] NtUserCreateWindowEx[361] : Unknown @ 0x8741cae4
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookAW[584] : Unknown @ 0x869a38d4
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[585] : Unknown @ 0x879970b4
[IAT:Inl] (explorer.exe) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff9a1779fa)
[IAT:Inl] (explorer.exe @ SkyDriveShell.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff9a1779fa)
[IAT:Inl] (explorer.exe @ gameux.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff9a1779fa)
[IAT:Inl] (explorer.exe @ wpdshserviceobj.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff9a1779fa)
[IAT:Inl] (explorer.exe @ ieframe.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff9a1779fa)
[IAT:Inl] (explorer.exe @ appwiz.cpl) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff9a1779fa)
[IAT:Inl] (explorer.exe @ zipfldr.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x10001102 (jmp 0xffffffff9a1779fa)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3320418AS ATA Device +++++
--- User ---
[MBR] 2814c990aad985df5f8fbedc07148ac6
[BSP] cd792270ffb5467780e85e9d19688940 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 305243 MB
User = LL1 ... OK
User = LL2 ... OK

  • 0

#35
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Hi :D

Roguekiller picked up on a couple of items, one warrants a question, do you use your phone as a modem? If so this would explain one of the entries.

Upload file to Virustotal to analyse

  • Please go to the Virustotal website.
  • Click Choose File then on the File Upload window locate the file C:\Users\Suzie\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe and click Open
  • If you see a pop-up with "File already analyzed" click Reanalyse and wait for the scan to finish
  • Copy the link you have on the address bar of the browser window, it should be something like this: https://www.virustotal.com/en/file/... and paste into your next reply.

Items I need to see in your next post:


  • Virustotal result
  • Answer to my question

  • 0

#36
psychson

psychson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Hi,

 

Answering your question: I do not use my phone as a modem. However my internet provider is the same for my home phone and cable tv, all in one(Phone+internet+tv).

And before I run the analyses you asked, I can tell you that Nike+, NikeConnect belongs to my Nike running bracelet that syncs to Nike website and shouldn't be any problem with it.

I don't see how to copy the results, only as image and the forum does not allow me. The analyses gave me all green check marks.


  • 0

#37
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
Hi, yes I am aware of nike being legitimate bit there are 2 files with the same name in different locations so I just want to ensure that the second one isn't malware that has copied the filename. Just copy the web address link at the top in the address bar and paste that here thanks :)
  • 0

#38
psychson

psychson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Ok, I didn't think the copied URL would work.

Here it is:

 

https://www.virustot...sis/1417461174/


  • 0

#39
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
Hi and thanks for that.

As Nike is clean, let's see if your DNS has been altered.

Avira DNS Repair
Please download the Avira DNS Repair Tool from here and save it to your Desktop.

Right click AviraDNSRepairEN.exe aviradns.pngon your Desktop and choose Run As Administrator to run the program, then accept the agreement.
No log is created so please report what the program says.
  • 0

#40
psychson

psychson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Ok, it's done.

it says:  The DNS settings of your system have not been manipulated by the DNSChanger.

 

Thanks.


  • 0

Advertisements


#41
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts
Hello again, let's get the hammer out and see if we can remove this pain once and for all.

51a5bf3d99e8a-ComboFixlogo16.png Fix with ComboFix

Please download Combofix from here and save the file to your Desktop. << Important!
  • Note: Please read through these instructions before running ComboFix.
  • Press the WindowsKey.png + R on your keyboard at the same time.
  • A Run window should appear in the lower left corner. Type in notepad.exe and press Enter.
  • In the shown window paste in the following script:
    Registry::
    [-HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}]
    [-HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}]
    
  • Go to File menu and select Save as.
  • Make sure that the Save as type option is set to Text files (*.txt) and the place to save will be your desktop.
  • Name the file CFScript and select Save.
  • Your CFScript.txt file should appear on your desktop.

    Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
    • Now drag your CFScript file and drop it onto the 51a5bf3d99e8a-ComboFixlogo16.png icon.
    • This will start ComboFix. Let it run uninterrupted!
    • A reboot may be needed during this run. Allow it.
    • When finished, it shall produce a log for you at C:\ComboFix.txt and display it.
    Please include that log in your next reply.

    icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
    icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
    icon_idea.gif Do not forget to turn on your previously switched-off protection software!

    Items I need to see in your next post:
    • Combofix Log
    • How is your computer running now?

  • 0

#42
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#43
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
User returned.
  • 0

#44
psychson

psychson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Thanks for reopening my post.

As instructed, I did the fix requested, run ComboFix.

However you may ask me to redo a couple of tools. Why ?

After I ran combofix I updated my windows from the boring Windows 7 starter to WIndows 7 Ultimate.

Anyway, below is the summary.

------------------

ComboFix 14-11-03.01 - Suzie 10/12/2014   6:05.3.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.55.1046.18.1981.761 [GMT -2:00]
Executando de: c:\users\Suzie\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Suzie\Desktop\CFScript.txt
AV: Trend Micro Maximum Security *Disabled/Updated* {F2F88E6A-3C7A-545F-268A-5D0BDD38EE06}
SP: Trend Micro Maximum Security *Disabled/Updated* {49996F8E-1A40-5BD1-1C3A-6679A6BFA4BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Criado um novo ponto de restauração
.
ADS - drivers: deleted 208 bytes in 1 streams.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-11-10 to 2014-12-10  ))))))))))))))))))))))))))))
.
.
2014-12-10 08:14 . 2014-12-10 08:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-12-10 08:14 . 2014-12-10 08:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-10 08:14 . 2014-12-10 08:14 -------- d-----w- c:\users\Convidado\AppData\Local\temp
2014-12-10 08:14 . 2014-12-10 08:14 -------- d-----w- c:\users\Administrador\AppData\Local\temp
2014-12-09 04:36 . 2014-12-09 04:36 -------- d-----w- c:\program files\Common Files\Adobe
2014-12-01 06:59 . 2014-12-01 06:59 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-12-01 06:59 . 2014-12-01 06:59 -------- d-----w- c:\programdata\RogueKiller
2014-11-24 19:45 . 2014-11-24 19:46 -------- d-----w- c:\program files\Google
2014-11-24 19:33 . 2014-11-24 19:33 -------- d-sh--w- c:\users\Suzie\AppData\Local\EmieBrowserModeList
2014-11-23 06:35 . 2014-11-23 06:35 -------- d-----w- c:\program files\ESET
2014-11-20 17:53 . 2014-11-22 02:54 -------- d-----w- C:\FRST
2014-11-19 01:21 . 2014-11-11 02:44 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-19 01:21 . 2014-11-11 02:44 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-18 19:47 . 2014-11-18 19:47 -------- d-----w- c:\windows\ERUNT
2014-11-18 07:11 . 2014-11-18 07:11 -------- d-----w- C:\_OTL
2014-11-12 03:54 . 2014-10-18 01:33 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-12 03:54 . 2014-08-12 01:36 701440 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-11 08:10 . 2014-11-11 09:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2014-11-11 06:01 . 2014-11-11 06:01 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-10 06:43 . 2013-04-13 22:53 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-10 06:43 . 2013-04-13 22:53 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-09 04:43 . 2014-11-09 04:24 214576 ----a-w- c:\windows\RegBootClean.exe
2014-11-09 04:10 . 2014-11-09 04:10 59 ----a-w- c:\windows\system32\SupportTool.exe.bat
2014-11-06 14:35 . 2014-07-08 03:49 19216 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\TeamViewer_PrintProcessor.dll
2014-11-03 06:39 . 2014-11-09 04:28 61728 ----a-w- c:\windows\system32\drivers\kbfilter.sys
2014-11-03 06:39 . 2014-11-09 04:28 61728 ----a-w- C:\kbfilter.sys
2014-11-03 06:39 . 2014-11-09 04:28 98 ----a-w- C:\install.bat
2014-11-03 06:39 . 2014-11-09 04:28 81 ----a-w- C:\uninstall.bat
2014-10-28 08:35 . 2013-04-13 22:24 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-20 05:37 . 2014-11-08 01:55 8901368 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A765CBE-817C-47DD-84A6-D572BDDE517D}\mpengine.dll
2014-10-18 16:45 . 2014-10-18 16:45 29160 ----a-w- c:\windows\system32\drivers\PROCEXP152.SYS
2014-10-16 02:51 . 2014-10-16 02:51 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-10-07 09:06 . 2013-10-15 00:31 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-10-02 16:23 . 2014-10-02 16:23 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2014-10-02 16:23 . 2014-10-02 16:23 69632 ----a-w- c:\windows\system32\QuickTime.qts
2014-09-25 01:40 . 2014-10-01 05:52 519680 ----a-w- c:\windows\system32\qdvd.dll
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

  • 0

#45
ruggie_uk

ruggie_uk

    Trusted Helper

  • Malware Removal
  • 2,083 posts

Ok, how are things going right now?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP