Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows not updating properly - possible malware infection ? [Solved]


  • This topic is locked This topic is locked

#16
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Good! :)

 

Next step...

 

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!


Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).


Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.


  • 0

Advertisements


#17
jt4211

jt4211

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

ComboFix Log:

 

ComboFix 15-02-13.02 - TeamTkac 02/13/2015  18:32:13.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3948.1773 [GMT -5:00]
Running from: c:\users\TeamTkac\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\TeamTkac\AppData\Local\[email protected]!-b572bfe9-d10c-4102-a15d-2f993e324978.tmp
c:\users\TeamTkac\AppData\Local\[email protected]!-d0f3bbcb-e38b-42ec-9ca0-c174c37ea365.tmp
c:\users\TeamTkac\AppData\Local\[email protected]!-31a1d4ec-7c4e-42f0-95b1-4c34295e032d.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2015-01-13 to 2015-02-13  )))))))))))))))))))))))))))))))
.
.
2015-02-13 23:38 . 2015-02-13 23:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-02-13 13:49 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7AA1D721-A23E-4C00-A3FD-1FFD8AE9A49F}\mpengine.dll
2015-02-10 20:59 . 2015-02-12 23:24 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-10 20:59 . 2015-02-10 20:59 -------- d-----w- c:\programdata\RogueKiller
2015-02-10 19:41 . 2015-02-11 23:29 -------- d-----w- C:\FRST
2015-02-10 19:06 . 2015-02-10 19:10 -------- d-----w- C:\AdwCleaner
2015-02-10 18:46 . 2015-02-10 18:46 -------- d-----w- C:\_OTL
2015-02-10 13:39 . 2015-02-10 08:42 -------- d-----w- C:\Jumpshot
2015-02-10 13:38 . 2015-02-10 08:42 -------- d-----w- c:\windows\jumpshot.com
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-13 23:19 . 2014-04-10 20:50 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-12 22:49 . 2014-11-09 02:11 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-02-04 23:14 . 2014-04-06 21:24 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-04 23:14 . 2014-04-06 21:24 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-27 14:24 . 2011-11-26 23:30 113365784 ----a-w- c:\windows\system32\MRT.exe
2015-01-04 21:39 . 2015-01-04 21:39 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
2014-12-23 05:41 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-22 06:57 . 2014-12-28 12:18 118048 ----a-w- c:\windows\system32\BootDefrag.exe
2014-12-13 05:09 . 2014-12-21 22:23 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-21 22:23 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-12 20:29 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-12 20:29 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-12 20:29 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-12 20:29 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-12 20:29 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-12 20:29 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-12 20:29 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-12 20:29 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-12 20:29 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-24 03:47 . 2014-12-28 12:18 17600 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2014-11-22 03:13 . 2014-12-12 20:29 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-12 20:29 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-12 20:29 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-12 20:29 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-12 20:29 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-12 20:29 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-12 20:29 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-12 20:29 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-12 20:29 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-12 20:29 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-12 20:29 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-12 20:29 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-12 20:29 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-12 20:29 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-12 20:29 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-12 20:29 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-12 20:29 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-12 20:29 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-12 20:29 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-12 20:29 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-12 20:29 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-12 20:29 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-12 20:29 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-12 20:29 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-12 20:29 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-12 20:29 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-12 20:29 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-12 20:29 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-12 20:29 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-12 20:29 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-12 20:29 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-12 20:29 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-12 20:29 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-12 20:29 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-12 20:29 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-12 20:29 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-12 20:29 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-12 20:29 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-12 20:29 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-21 23:58 . 2011-11-26 23:02 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-21 23:55 . 2014-04-06 21:16 116728 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-11-21 23:55 . 2013-03-08 00:48 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-21 23:55 . 2011-11-26 23:02 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-21 23:55 . 2014-11-21 23:55 364512 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-21 23:55 . 2014-04-29 12:59 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-21 23:55 . 2013-03-08 00:48 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-21 23:55 . 2011-11-26 23:02 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-21 23:55 . 2012-03-31 23:16 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-21 23:55 . 2014-11-21 23:55 43152 ----a-w- c:\windows\avastSS.scr
2014-11-21 11:14 . 2014-04-10 20:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 11:14 . 2014-04-10 20:50 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 11:14 . 2014-04-10 20:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-19 01:47 . 2014-11-19 01:47 1691816 ----a-w- c:\windows\system32\FM20.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-10 03:21 220632 ----a-w- c:\users\TeamTkac\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-10 03:21 220632 ----a-w- c:\users\TeamTkac\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-10 03:21 220632 ----a-w- c:\users\TeamTkac\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 22:19 1729744 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 22:19 1729744 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 22:19 1729744 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2015-01-05 688984]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2015-01-19 37152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"YMailAdvisor"="c:\program files (x86)\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-23 5227112]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2015-01-05 688984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 mmpDrv;MiniAide Magic Partition Driver;c:\windows\system32\Drivers\mmpDrv.sys;c:\windows\SYSNATIVE\Drivers\mmpDrv.sys [x]
R3 mmpguidrv;MiniAide Magic Partition Gui Driver;c:\windows\system32\Drivers\MmpGuiDrv.sys;c:\windows\SYSNATIVE\Drivers\MmpGuiDrv.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 BootDefragDriver;BootDefragDriver;c:\windows\System32\drivers\BootDefragDriver.sys;c:\windows\SYSNATIVE\drivers\BootDefragDriver.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 Unchecky;Unchecky;c:\program files (x86)\Unchecky\bin\unchecky_svc.exe;c:\program files (x86)\Unchecky\bin\unchecky_svc.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-06 23:14]
.
2015-02-13 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files (x86)\Glary Utilities 5\Initialize.exe [2015-01-19 07:25]
.
2015-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 00:11]
.
2015-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 00:11]
.
2015-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-563202287-1717114301-743867805-1000Core.job
- c:\users\TeamTkac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 00:59]
.
2015-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-563202287-1717114301-743867805-1000UA.job
- c:\users\TeamTkac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-26 00:59]
.
2015-02-13 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2012-10-07 19:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-10 03:21 244688 ----a-w- c:\users\TeamTkac\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-10 03:21 244688 ----a-w- c:\users\TeamTkac\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-10 03:21 244688 ----a-w- c:\users\TeamTkac\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-11-12 22:17 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-11-12 22:17 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-11-12 22:17 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-21 23:55 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
mDefault_Page_URL = hxxp://www.google.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.4.0/GarminAxControl_32.CAB
.
.
------- File Associations -------
.
.scr=CryptoPreventSCR
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-02-13  18:41:32
ComboFix-quarantined-files.txt  2015-02-13 23:41
.
Pre-Run: 424,489,254,912 bytes free
Post-Run: 423,954,186,240 bytes free
.
- - End Of File - - B4BD9ABE2BD545F271EE88009188C342


  • 0

#18
jt4211

jt4211

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

At this point, the browser is the only thing that seems wonky........freezes/locks up when adding tabs, slow/sometimes unsuccessful website loading - wonder if this is Win7/Explorer pgm issues unrelated to virus/malware ??


  • 0

#19
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Many thanks for the Donation!!! Much appreciated :cheers:

 

wonder if this is Win7/Explorer pgm issues unrelated to virus/malware ??

Sometimes when a machine has a nasty Root Kit such as yours did, removal causes issues with the remaining code.

 

I have a few more tricks up my sleeve ;)   Let's try some hard disk maintenance and see how the disk is doing.

 

Let's also do a Security Check and see what needs to be updated.

 

Hard-Drive Maintenance/Repair:

  • Click Start(Windows 7 Orb) >> Run..(or the Windows key and R together) to bring up the Run box.
  • Cut and paste in cleanmgr into the Run box and press OK >> OK
  • Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
  • You can choose to check other boxes if you wish but they are not required.
  • Click on OK then Delete Files.

Next:-

  • Click on Start(Windows 7 Orb).
  • Click on All Programs >> Accessories
  • Right click on Command Prompt and select Run as Administrator.
  • Click on Continue at the UAC prompt.
  • At the Command Prompt C:\Windows\System32> type in the following exactly:
  • CD C:\
  • Then depress the Enter/Return key, then type in the following exactly:
  • DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Defragmentation run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:

Quote

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.

Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Windows7CHKDSK.jpg

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

 

 

51c9d14017fa0-SecurityCheck.PNG Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

  • Right-click on 51c9d14017fa0-SecurityCheck.PNG icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow onscreen instructions inside the black box. This scan won't take long.
  • Soon a notepad document called checkup.txt will open automaticaly.

Please include the content of that document.


  • 0

#20
jt4211

jt4211

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Results below - zero issues with cleanup and dskchk. Also looks as if there are 35 Windows updates pending.  I assume I should apply those, however, whatever log is created after these updates is where the Avast CSR informed me that prior updates hadn't been installed correctly.... I glanced at the logs in control panel - system and security - Administrative tools - event viewer that goes back to 2011....not sure what is important or not.

 

EDIT:  Also attached screenshot of Malwarebytes web exclusion setting - should this be empty ??

 

 

Results of screen317's Security Check version 0.99.96 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled! 
avast! Antivirus  
Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
Java 64-bit 8 Update 31 
Adobe Reader XI 
Google Chrome (40.0.2214.111)
Google Chrome (40.0.2214.94)
Google Chrome (plugins...)
````````Process Check: objlist.exe by Laurent```````` 
Malwarebytes Anti-Malware mbamservice.exe 
Malwarebytes Anti-Malware mbam.exe 
Malwarebytes Anti-Malware mbamscheduler.exe  
AVAST Software Avast AvastSvc.exe 
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast ng ngservice.exe
AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

 

 

Attached Thumbnails

  • WebExclusions.jpg

Edited by jt4211, 15 February 2015 - 06:21 AM.

  • 0

#21
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Results below - zero issues with cleanup and dskchk.

 

Excellent :thumbsup:

 

 

Also looks as if there are 35 Windows updates pending.  I assume I should apply those, however, whatever log is created after these updates is where the Avast CSR informed me that prior updates hadn't been installed correctly....

 

Well, without actually going through a Forensics reconstruction, I'm going to guess with reasonable assurance, that they Root Kit did some modifications of those (and many other) files. Not at all unusual. That said, absolutely keep updates and Service Packs up to date. :thumbsup:

 

Next, I'll step off the Soap Box in a second. I would offer that the overwhelming number of exploits arrive at the Home Computer via: Browser Exploits, Java Vulnerabilities, Flash Vulnerabilities and Operating System Vulnerabilities. Keep all update :)   Your version of Java is NOT update, so I put the update instructions next. Your Adobe IS up to date, but I put in the update instructions so that you'd have them.

 

Keeping Java Updated
WARNING: Java is one of the most exploited program at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would

recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to disable Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you keep it updated. In your case you have the most current version so if you decide to keep it there is nothing to do presently. Please keep it current however.
 

Unless you have disabled the default behavior, Java will check for updates once a month and then prompt you that there is an update. You should allow this program to update.
 
 
Keep Adobe Reader Updated
Check to see what the latest major version of Adobe Reader is here. The full version is something like 11.0.06 for example but the major version is just the first
number before the period so 11 in this case or XI.
Verify what version you have by doing the following.
1. Open Adobe Reader
2. Click Help on the menu at the top
3. Select About Adobe Reader

If your major version matches the major version from Adobe then perform the following steps.
 

1. Open Adobe Reader
2. Click Help on the menu at the top
3. Click Check for Updates
4. Allow any Updates to be downloaded and installed
5. If asked to reboot, please do.
6. Repeat these steps until you are told that no updates are available.

If your major version is lower than the major version from Adobe then perform the following steps.

1. Uninstall Adobe Reader. Click here for instructions on
how to uninstall a program.
2. Install the newest version from this website.
Note: Make sure to uncheck the Optional Offer (i.e. Google Chrome, Google Toolbar) unless you really want it.

NOTE: You should disable JavaScript in the program as this is a highly exploitable method for the bad guys to get in your machine. Follow these
instructions to disable it in Adobe Reader.

1. Open Adobe Reader
2. Select Edit from the menu and select Preferences
3. Click on JavaScript in the left column and uncheck Enable Acrobat JavaScript.
4. Click OK and close the program.

NOTE: Many installers, including Adobe Reader, offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While
most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

 

 

I glanced at the logs in control panel - system and security - Administrative tools - event viewer that goes back to 2011....not sure what is important or not.

 

Well, it's always a good idea to keep on top of your log files. This particular one is actually calling out specific IP addresses that should NOT be blocked by MBAM. I didn't leg out all of those addresses, but they don't look good to me. Can't remember if you had P2P on this computer, but these IP's I'd expect to part of P2P. Feel free to remove the addresses.

 

Let's talk about computer speed. The machine itself is likely fast "enough". Well, enough for cruising the Internet, etc. However, throttling can occur at a number of points. Your ISP could be slowing you down (trust me, they'd never admit it), your Router could be slowing you down, MBAM in monitoring mode could be, and any other program that assess your Browsing before letting you get to where ever your going. You have to figure out where the line of "just enough protection" and :just enough speed" intersect. For my two cents, I have many machines. I run nothing but A/V on all of them. I have MSE on a few, Defender on a few, and Avast (free version) on the rest. That's it. Then, I just practice cautious computing. i.e. know which websites I'm visiting, careful on e-mail attachments, update everything.  So, to figure out your browser and speed issues, one at a time, I'd suspend or remove protection programs and see how that goes. I'd try a different Browser and see what happens there. Keep it going. Last resort I'd backup my computer and Refresh the Operating System which should get it running a lot faster.

 

Ok, a couple more things to do.

 

Malwarebytes

I'd like you to run Malwarebytes.  You already have it on your computer

Right click on Malwarebytes' icon and choose Run as administrator

  • If an update is found, it will download and install the latest updates automatically:
    MBAM2_zps52e3211b.png

     

     

  • Now select the Settings tab, and check the box next to Scan for rootkits:
    xMBAM3_zps83324155.png.pagespeed.ic.QrFW

     

     

  • Go back to the Dashboard tab, and click the Scan Now button:
    xMBAM4_zpse3cd4a79.png.pagespeed.ic.sQWM

     

     

  • The scan may take some time to finish,so please be patient.
    xMBAM5_zps36d7537b.png.pagespeed.ic.JWYe

     

     

  • When the scan is complete, it will show you the results.  (This one is clean):
    xMBAM65_zpsb0aa143c.png.pagespeed.ic.lCj

     

     

  • Make sure that everything is checked, and click Quarantine All (or similar).

     

     

  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.  (See Extra Note below)  If the log doesn't open, select View detailed log in the Scan tab:
    xMBAM7_zps782405f0.png.pagespeed.ic.uQEx

     

     

  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
    xMBAM9_zps1f87702b.png.pagespeed.ic.ywPZ

     

     

  • Choose the latest Scan Log, and click on the View button:
    xMBAM10_zps5a48f689.png.pagespeed.ic.Uun

     

     

  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt).  Save the report to your Desktop.
    xMBAM8_zpsad402941.png.pagespeed.ic.J4sI

     

     

  • Copy & Paste the entire contents of the report log in your next reply.

 

Step 4
ESET Online Scanner

 

Please run a free online scan with ESET ~> *click here*

Note: You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here.

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

 

  • Click the    <~ ESET Online Scanner box
  • A new window will open:
  • Tick the box next to YES, I accept the Terms of Use
     then click on: Start ~> 
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


  • 0

#22
jt4211

jt4211

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Happy Sunday - Latest and greatest below......I did delete the Web Exclusions in Malwarebytes (scary they got there in the 1st place).  Also, as far as I know, I deleted Java from this computer per recommendations the last time I was here.  Before we're done, I would like to apply those Windows updates and confirm that all went as expected - THANKS!

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/15/2015
Scan Time: 8:36:26 AM
Logfile: MWbytelog.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.15.02
Rootkit Database: v2015.02.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: TeamTkac

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 552382
Time Elapsed: 1 hr, 40 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
Trojan.Chrome.INJ, C:\Users\TeamTkac\AppData\LocalLow\fclyuqa.dll, Quarantined, [739fa77377135bdb7bac54a032cf7c84],
Trojan.Chrome.INJ, C:\Users\TeamTkac\AppData\LocalLow\ssufwmj.dll, Quarantined, [0d05de3c0189db5b6b3095765fa3ba46],

Physical Sectors: 0
(No malicious items detected)

(end)

 

ESET.log

 

C:\Users\All Users\InstallMate\{1FC97845-8974-4CD4-AE3F-C156C42A5AB3}\Custom.dll Win32/InstalleRex.M potentially unwanted application
C:\ProgramData\InstallMate\{1FC97845-8974-4CD4-AE3F-C156C42A5AB3}\Custom.dll Win32/InstalleRex.M potentially unwanted application deleted - quarantined
C:\Users\TeamTkac\Desktop\Galaxy S4 Root\BHP090808_I545_ALL_IN_ONE_TOOL_7_8\BHP090808_I545_ALL_IN_ONE_TOOL\I545ALL-IN-ONE-TOOL\pwn Android/Exploit.Lotoor.EP trojan cleaned by deleting - quarantined
C:\Users\TeamTkac\Desktop\S4 All-In_one\I545ALL-IN-ONE-TOOL\pwn Android/Exploit.Lotoor.EP trojan cleaned by deleting - quarantined


Edited by jt4211, 15 February 2015 - 10:49 AM.

  • 0

#23
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Happy Sunday - Latest and greatest below......I did delete the Web Exclusions in Malwarebytes (scary they got there in the 1st place). 

The exclusions are fine. These are places that you and your computer decided that you should not visit.

 

If, in the future you find you cannot get to a website, look here first and perhaps it accidentally was added to the list.

 

Also, as far as I know, I deleted Java from this computer per recommendations the last time I was here. 

Yes, you sure did and it's still gone. Just wanted you to have the update information in case you decide to add it at a later date.

 

Before we're done, I would like to apply those Windows updates and confirm that all went as expected - THANKS!

I'll be happy to coach you through those. In fact, now would be a good idea, so go ahead and post the results :thumbsup:


  • 0

#24
jt4211

jt4211

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

All the updates stated  "installed successfully" - any additional windows log I should look at ???

 

As this issue winds down, I'm really concerned about my current anti-virus and malware program setup.  Given that I do quite a bit of browsing and downloading of files/pgms, I believe I need to come up with a more robust plan of attack to keep this from happening over and over.........

 

From additional readings, it seems there is no one antivirus/malware that offers 100% effectiveness. Should I be routinely running some of the scans you utilized here?? I'm open to your suggestions.  Thanks!


Edited by jt4211, 17 February 2015 - 08:11 PM.

  • 0

#25
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

All the updates stated  "installed successfully" - any additional windows log I should look at ???

 

No, this sounds good! With the OS updates, if they fail, you'll know. They will alert you at every possibility ;)

 

 

As this issue winds down, I'm really concerned about my current anti-virus and malware program setup.  Given that I do quite a bit of browsing and downloading of files/pgms, I believe I need to come up with a more robust plan of attack to keep this from happening over and over.........

 

I am soooo glad you asked that question. I have a prevention speech that I post at the end, but I want to give you sort of a condensed pre-chat.

 

When the average home user thinks computer protection, they think antivirus (A/V). Certainly A/V is necessary, but, it only protects against the Virus family of exploits. Unfortunately, the world contains much, much more in the way of exploits these days. If I had to tell you the top vulnerabilities for home users they go like this (no particular order): Java Exploits, Adobe Exploits, OS Exploits, user introduced exploits. Mitigants go like this, keep Java patched or don't use it. Keep Adobe Patched or don't use it. Keep your OS patched or switch to a less exploited one if that's feasible for you (Ubuntu, Linux, Mac, etc.). Now, the single easiest and most used exploit channel is the user. The user clicks on an infected email attachment. The user visits an infected webpage. The user downloads and runs an infected file. On and on. My strong suggestion is, for the safety of the data you value most (your family pictures, your personal information, your financial life, etc.) "The Gold", never put that machine/data in harms way. If, as you hinted, you need to visit questionable websites, download files of uncertain nature, I would recommend doing that on a second machine. One NOT attached in anyway to The Gold.  

 

Yes, there are some products that will "help" with both your Gold machine and your "throw away" machine. Avast is a wonderful A/V. I also like Microsoft Security Essentials and Defender (depending on OS, it's either one or the other). Avast has some other products that help as well. However, to download files, surf nefarious webistes, etc. you will have to disable the protection and you can imagine what happens next.

 

 

From additional readings, it seems there is no one antivirus/malware that offers 100% effectiveness. Should I be routinely running some of the scans you utilized here?? I'm open to your suggestions.  Thanks!

 

Yes! MBAM and ESET are great products to keep around to scan on an "on demand" basis. In my Prevention Speech I will have other suggestions.

 

So, before we close up, I need to remove my tools from your machine. And, ask if you have anymore questions?

 

51a5ce45263de-delfix.png Clean with DelFix
 
Please download DelFix by Xplode and save it to your desktop.
 
  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.
 
Include it for my review.

  • 0

Advertisements


#26
jt4211

jt4211

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

CH -

 

Below is final clean-up log.  I really appreciate the time you spent guiding me through this latest infestation.  I've taken your "throw-away" computer idea to heart and will be making that happen shortly - makes total sense!  In your closing comments, please include your scanning recommendation above and beyond what I already have going (Avast/Malwarebytes/Defender).  Obviously, these weren't enough!  Thanks again and best wishes - JT

 

# DelFix v10.8 - Logfile created 18/02/2015 at 18:59:44
# Updated 29/07/2014 by Xplode
# Username : TeamTkac - TEAMTKAC-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\TeamTkac\Desktop\FRST-OlderVersion
Deleted : C:\ComboFix.txt
Deleted : C:\Users\TeamTkac\Desktop\AdwCleaner.exe
Deleted : C:\Users\TeamTkac\Desktop\aswMBR.exe
Deleted : C:\Users\TeamTkac\Desktop\ComboFix.exe
Deleted : C:\Users\TeamTkac\Desktop\FRST64.exe
Deleted : C:\Users\TeamTkac\Desktop\JRT.exe
Deleted : C:\Users\TeamTkac\Desktop\OTL.exe
Deleted : C:\Users\TeamTkac\Desktop\RogueKillerX64.exe
Deleted : C:\Users\TeamTkac\Desktop\SecurityCheck.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #444 [End of disinfection | 12/31/2014 19:44:11]
Deleted : RP #445 [Windows Update | 01/03/2015 01:27:57]
Deleted : RP #446 [Device Driver Package Install: TAP-Win32 Provider V9 Network adapters | 01/04/2015 21:40:40]
Deleted : RP #447 [Windows Update | 01/06/2015 16:34:48]
Deleted : RP #448 [Windows Update | 01/13/2015 12:11:22]
Deleted : RP #449 [Windows Update | 01/17/2015 14:25:40]
Deleted : RP #450 [Removed Google Drive | 01/18/2015 23:23:56]
Deleted : RP #451 [Windows Update | 01/21/2015 23:48:30]
Deleted : RP #452 [Garmin Express | 01/27/2015 13:49:35]
Deleted : RP #453 [Garmin Express | 01/27/2015 13:52:32]
Deleted : RP #454 [Windows Update | 01/27/2015 14:24:03]
Deleted : RP #455 [Removed Java 7 Update 71 | 01/29/2015 23:09:32]
Deleted : RP #456 [Windows Update | 01/30/2015 22:16:37]
Deleted : RP #457 [Windows Update | 02/01/2015 11:13:08]
Deleted : RP #458 [OTL Restore Point - 2/10/2015 1:47:08 PM | 02/10/2015 18:47:08]
Deleted : RP #459 [Windows Update | 02/13/2015 13:47:26]
Deleted : RP #460 [Removed Private Internet Access Support Files | 02/16/2015 03:13:50]
Deleted : RP #461 [Windows Update | 02/17/2015 16:07:25]
Deleted : RP #462 [Windows Update | 02/18/2015 00:29:49]
Deleted : RP #463 [Windows Update | 02/18/2015 01:32:09]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


  • 0

#27
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

The pleasure was mine!! I've kept the topic open for a few days in case you needed anything. I will close now :)

 

:wave:


  • 0

#28
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP