Jump to content


Photo
- - - - -

Removal of Trojan.Small, Trojan.Sirefef, Rootkit.0Access


  • This topic is locked This topic is locked
13 replies to this topic

#1 Emil_Svensson

Emil_Svensson

    New Member

  • Members
  • Pip
  • 1 posts

Posted 06 June 2012 - 08:51 AM

Hi,

I've seen this topic pop up a whole lot in the last few days, but I reckon that since everyone needs personalized help, I'd start yet another one of these.

I'm trying to help my sister get rid of some malware. She's running Vista Home Basic 32-bit with SP1. There's a fair bit of bloatware on it but it came preinstalled and I've removed what I can (but that was a long, long time ago and unrelated to this).

I was temped to fiddle with Combofix and/or TDDS Killer as recommended elsewhere and post the logs in order to speed up the process, but I've also read the advice not to run any of those programs before any of the experts on here have had their say. So I'll just post the Anti-Malware information.

I'll post both a screenshot of the scan results, and the log.

http://h11.abload.de...rojans5skx0.jpg

Malwarebytes Anti-Malware 1.61.0.1400
[url="http://www.malwarebytes.orgDatabase"]www.malwarebytes.org[/url]
[url="http://www.malwarebytes.orgDatabase"]Database[/url] version: v2012.06.06.02
Windows Vista Service Pack 1 x86 FAT32
Internet Explorer 8.0.6001.19019
Hanna :: HANNA-DATOR [administrator]
2012-06-06 14:45:21
mbam-log-2012-06-06 (14-53-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188499
Time elapsed: 7 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Windows\Installer\{87c5e1a2-c78b-5c48-7055-cb54cf2f0e42}\U\00000001.@ (Trojan.Small) -> No action taken.
C:\Windows\Installer\{87c5e1a2-c78b-5c48-7055-cb54cf2f0e42}\U\80000000.@ (Trojan.Sirefef) -> No action taken.
C:\Windows\Installer\{87c5e1a2-c78b-5c48-7055-cb54cf2f0e42}\U\800000cb.@ (Rootkit.0Access) -> No action taken.
(end)


#2 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 07 June 2012 - 02:53 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 zia16sun

zia16sun

    Regular Member

  • Honorary Members
  • PipPip
  • 74 posts
  • Gender:Female
  • Location:New Mexico

Posted 07 June 2012 - 12:44 PM

Hello Gringo. Per the instructions, the FRST log is pasted below. I'm working on a friend's computer and it looks to me like she's got about 5 Trojans at this point, which I can start eliminating as soon as this sirefef repeated rebooting issue is under control. Thanks in advance for your expertise!


Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 06-06-2012 04
Ran by SYSTEM at 07-06-2012 11:37:22
Running from E:\
Windows Vista ™ Home Basic Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [249856 2009-06-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-31] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-02-26] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-02-26] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-02-26] (Intel Corporation)
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-02-11] (Intel Corporation)
HKLM\...\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [657920 2009-11-02] (Dell Inc.)
HKLM\...\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [147328 2010-01-05] (Wave Systems Corp.)
HKLM\...\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-01-05] (Broadcom Corporation)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [981680 2012-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Crys\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [8704 2006-11-02] (Microsoft Corporation)
HKU\Crys\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-14] (Google Inc.)
HKU\Crys\...\Policies\system: [LogonHoursAction] 2
HKU\Crys\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Guest\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-14] (Google Inc.)
HKU\Michael\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-14] (Google Inc.)
HKU\Michael\...\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent [x]
HKU\Michael\...\Policies\system: [LogonHoursAction] 2
HKU\Michael\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 208.67.222.222
Lsa: [Authentication Packages] msv1_0
wvauth
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk
ShortcutTarget: Dell ControlPoint System Manager.lnk -> C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\TdmNotify.lnk
ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
Startup: C:\Users\Michael\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

================================ Services (Whitelisted) ==================

3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257696 2012-05-04] (Adobe Systems Incorporated)
2 alssvc; "C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe" [382232 2008-06-03] (Dell Inc.)
2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1803512 2009-05-15] (AuthenTec, Inc.)
2 buttonsvc32; "C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe" [278304 2009-11-20] (Dell Inc.)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [655624 2010-12-27] (Acresso Software Inc.)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [124240 2010-03-18] (Microsoft Corporation)
4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
2 Secunia PSI Agent; "C:\Program Files\Secunia\PSI\PSIA.exe" --start-service [993848 2011-04-18] (Secunia)
2 Secunia Update Agent; "C:\Program Files\Secunia\PSI\sua.exe" --start-service [399416 2011-04-18] (Secunia)
3 SecureStorageService; "C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe" [1032192 2009-11-18] (Wave Systems Corp.)
2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3063968 2012-04-09] (Skype Technologies S.A.)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-04-05] (Skype Technologies)
2 sprtlisten; C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe /identity QUICKASSIST [1213728 2008-01-08] (SupportSoft, Inc.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_d2df6701\STacSV.exe [221266 2009-07-31] (IDT, Inc.)
3 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [394608 2008-01-08] (SupportSoft, Inc.)
2 tcsd_win32.exe; "C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1273856 2008-11-12] ()
2 TdmService; "C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe" [1148264 2009-11-24] (Wave Systems Corp.)
2 WDDMService; "C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe" [110592 2009-11-13] (WDC)
2 WDSmartWareBackgroundService; "C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe" [20480 2009-06-16] (Memeo)
2 dcpsysmgrsvc; "c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe" [x]
2 EvtEng; c:\Program Files\Intel\WiFi\bin\EvtEng.exe [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
4 MSSQLServerADHelper100; "c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
2 RegSrvc; c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [x]
4 SQLAgent$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [x]
4 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

========================== Drivers (Whitelisted) =============

3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [217136 2009-11-24] (Alps Electric Co., Ltd.)
3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [112128 2009-02-26] (Intel® Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-06-07] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
1 MpKsl77c026b2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4DDCD221-1D60-492B-91EB-92D7C46B40B6}\MpKsl77c026b2.sys [29904 2012-06-05] (Microsoft Corporation)
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [74112 2012-03-20] (Microsoft Corporation)
0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
4 rimspci; C:\Windows\system32\drivers\rimspe86.sys [45056 2009-04-03] (REDC)
4 risdpcie; C:\Windows\system32\drivers\risdpe86.sys [48640 2009-04-03] (REDC)
4 rixdpcie; C:\Windows\system32\drivers\rixdpe86.sys [38400 2009-04-03] (REDC)
4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-30] (Microsoft Corporation)
2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [211328 2010-01-05] (Wave Systems Corp.)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NvtSp50; C:\Windows\System32\Drivers\NvtSp50.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-07 11:37 - 2012-06-07 11:37 - 00000000 ____D C:\FRST
2012-06-05 09:35 - 2012-06-07 09:29 - 3174215680 __ASH C:\hiberfil.sys
2012-06-05 09:10 - 2012-06-07 07:46 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-06-03 09:28 - 2012-06-03 09:28 - 00002154 ____A C:\Windows\epplauncher.mif
2012-06-03 09:27 - 2012-06-03 09:28 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-03 09:27 - 2010-04-05 12:00 - 00221568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-06-02 16:31 - 2012-06-05 09:19 - 00000000 ____D C:\Users\Crys\AppData\Local\LogMeIn Rescue Applet
2012-06-02 10:44 - 2012-06-02 10:44 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-05-26 09:20 - 2012-05-28 16:05 - 00010578 ____A C:\Users\Crys\Documents\Nutrition.xlsx
2012-05-26 09:16 - 2012-05-26 09:16 - 00000000 ____D C:\Users\Crys\Desktop\MMA
2012-05-11 17:21 - 2012-03-30 04:39 - 00914304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-11 17:21 - 2012-03-29 05:39 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-05-11 17:21 - 2012-03-20 15:28 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-11 17:21 - 2012-03-01 06:46 - 00219648 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-05-11 17:21 - 2012-03-01 06:46 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-05-11 17:21 - 2012-02-29 06:08 - 01172480 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-05-11 17:21 - 2012-02-29 05:44 - 00683008 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-05-11 17:21 - 2012-02-29 05:41 - 01069056 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-11 17:20 - 2012-04-03 00:16 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-05-11 17:20 - 2012-04-03 00:16 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-11 17:20 - 2012-04-02 05:36 - 02044928 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

============ 3 Months Modified Files and Folders ===============

2012-06-07 09:29 - 2012-06-05 09:35 - 3174215680 __ASH C:\hiberfil.sys
2012-06-07 09:29 - 2006-11-02 04:58 - 0032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-07 09:29 - 2006-11-02 04:58 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-07 09:29 - 2006-11-02 04:45 - 0003664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-07 09:29 - 2006-11-02 04:45 - 0003664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-07 09:22 - 2009-04-11 05:18 - 0279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-06-07 08:34 - 2010-08-14 12:20 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-07 07:46 - 2012-06-05 09:10 - 0040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-06-07 07:46 - 2012-03-29 07:24 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-07 07:46 - 2010-04-12 19:43 - 0000000 ____A C:\Users\Crys\AppData\Local\WavXMapDrive.bat
2012-06-07 07:45 - 2010-08-14 12:20 - 0000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-05 09:35 - 2012-05-05 13:11 - 0000000 ____D C:\Users\All Users\boost_interprocess
2012-06-05 09:33 - 2010-04-06 19:25 - 1944952 ____A C:\Windows\WindowsUpdate.log
2012-06-05 09:32 - 2010-09-20 14:50 - 0889192 ____A C:\Windows\ntbtlog.txt
2012-06-05 09:19 - 2012-06-02 16:31 - 0000000 ____D C:\Users\Crys\AppData\Local\LogMeIn Rescue Applet
2012-06-05 09:17 - 2008-01-20 19:02 - 0055636 ____A C:\Windows\PFRO.log
2012-06-03 09:28 - 2012-06-03 09:28 - 0002154 ____A C:\Windows\epplauncher.mif
2012-06-03 09:28 - 2012-06-03 09:27 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-06-03 09:28 - 2006-11-02 02:33 - 0866950 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-03 09:21 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\registration
2012-06-03 09:19 - 2010-04-12 20:10 - 0000000 ____D C:\Users\All Users\Symantec
2012-06-03 09:15 - 2012-01-19 05:25 - 0000000 __SHD C:\Users\Crys\AppData\Local\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}
2012-06-02 16:45 - 2010-12-31 14:22 - 0000000 ____D C:\Windows\symbols
2012-06-02 16:27 - 2010-08-14 12:17 - 0000000 ____D C:\Users\Crys\AppData\Roaming\Skype
2012-06-02 10:44 - 2012-06-02 10:44 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2012-05-28 16:05 - 2012-05-26 09:20 - 0010578 ____A C:\Users\Crys\Documents\Nutrition.xlsx
2012-05-26 09:16 - 2012-05-26 09:16 - 0000000 ____D C:\Users\Crys\Desktop\MMA
2012-05-23 04:54 - 2010-04-07 01:01 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-16 06:05 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\Microsoft.NET
2012-05-13 12:42 - 2006-11-02 04:44 - 2303584 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-12 12:33 - 2010-05-25 08:02 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-12 12:29 - 2006-11-02 02:24 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-05-12 12:03 - 2006-11-02 04:35 - 0000000 ____D C:\Windows\System32\XPSViewer
2012-05-07 05:16 - 2012-05-07 05:16 - 0000000 ____D C:\Users\Crys\AppData\Roaming\Foxit Software
2012-05-07 05:13 - 2010-04-12 20:15 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-05-07 05:12 - 2012-05-07 05:12 - 0000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-05 13:11 - 2012-05-05 13:10 - 0000000 ___RD C:\Program Files\Skype
2012-05-05 13:11 - 2010-08-14 12:14 - 0000000 ____D C:\Users\All Users\Skype
2012-05-05 13:10 - 2012-05-05 13:10 - 0001878 ____A C:\Users\Public\Desktop\Skype.lnk
2012-05-05 13:10 - 2012-05-05 13:10 - 0000000 ____D C:\Program Files\Common Files\Skype
2012-05-04 16:46 - 2012-03-29 07:24 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-05-04 16:46 - 2011-05-15 11:55 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-04-29 06:37 - 2006-11-02 04:49 - 0147796 ____A C:\Windows\setupact.log
2012-04-20 07:51 - 2012-04-20 07:39 - 0034901 ____A C:\Users\Crys\Desktop\lyrics.docx
2012-04-04 13:56 - 2010-04-12 20:15 - 0022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 00:16 - 2012-05-11 17:20 - 3602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-04-03 00:16 - 2012-05-11 17:20 - 3550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-02 05:36 - 2012-05-11 17:20 - 2044928 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 11:57 - 2012-03-30 11:57 - 0001666 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-30 11:57 - 2012-03-09 12:53 - 0000000 ____D C:\Program Files\iTunes
2012-03-30 11:56 - 2012-03-30 11:56 - 0000000 ____D C:\Program Files\iPod
2012-03-30 11:56 - 2010-06-01 13:54 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-03-30 04:39 - 2012-05-11 17:21 - 0914304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 09:21 - 2012-03-29 09:21 - 313700803 ____A C:\Windows\MEMORY.DMP
2012-03-29 09:21 - 2012-03-29 09:21 - 0144744 ____A C:\Windows\Minidump\Mini032912-01.dmp
2012-03-29 09:21 - 2012-03-29 09:21 - 0000000 ____D C:\Windows\Minidump
2012-03-29 05:39 - 2012-05-11 17:21 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-03-28 06:07 - 2011-04-13 15:53 - 0000861 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-03-20 18:44 - 2012-03-20 18:44 - 0171064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 18:44 - 2012-03-20 18:44 - 0074112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-20 15:28 - 2012-05-11 17:21 - 0053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-15 09:25 - 2012-01-22 06:32 - 0008518 ____A C:\Users\Crys\Documents\Car Loan.xlsx


C:\Windows\Installer\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}
C:\Windows\Installer\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\@
C:\Windows\Installer\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\L
C:\Windows\Installer\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\U
C:\Windows\Installer\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\U\00000001.@
C:\Windows\Installer\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\U\800000cb.@

C:\Users\Crys\AppData\Local\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}
C:\Users\Crys\AppData\Local\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\@
C:\Users\Crys\AppData\Local\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\L
C:\Users\Crys\AppData\Local\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-04-11 05:18] - [2012-06-07 09:22] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 3026.43 MB
Available physical RAM: 2715.28 MB
Total Pagefile: 2925.83 MB
Available Pagefile: 2792.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.32 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:102.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:3.74 GB) (Free:3.73 GB) FAT32
4 Drive x: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.69 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 3827 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 32 KB
Partition 2 Primary 15 GB 40 MB
Partition 3 Primary 218 GB 15 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 X RECOVERY NTFS Partition 15 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 218 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3827 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E FAT32 Removable 3827 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-03 09:49

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 07 June 2012 - 01:28 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

C:\Windows\Installer\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}
C:\Windows\Installer\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\@
C:\Windows\Installer\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\L
C:\Windows\Installer\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\U
C:\Windows\Installer\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\U\00000001.@
C:\Windows\Installer\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\U\800000cb.@
C:\Users\Crys\AppData\Local\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}
C:\Users\Crys\AppData\Local\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\@
C:\Users\Crys\AppData\Local\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\L
C:\Users\Crys\AppData\Local\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\U

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 zia16sun

zia16sun

    Regular Member

  • Honorary Members
  • PipPip
  • 74 posts
  • Gender:Female
  • Location:New Mexico

Posted 07 June 2012 - 01:40 PM

Thank you. The fix log is as follows:


Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 06-06-2012 04
Ran by SYSTEM at 2012-06-07 12:39:07 Run:1
Running from E:\

==============================================

C:\Windows\Installer\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50} moved successfully.
C:\Windows\Installer\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\@ not found.
C:\Windows\Installer\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\L not found.
C:\Windows\Installer\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\U not found.
C:\Windows\Installer\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\U\00000001.@ not found.
C:\Windows\Installer\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\U\800000cb.@ not found.
C:\Users\Crys\AppData\Local\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50} moved successfully.
C:\Users\Crys\AppData\Local\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\@ not found.
C:\Users\Crys\AppData\Local\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\L not found.
C:\Users\Crys\AppData\Local\{6c775b8e-da9e-3b7e-11d1-48d7a5960d50}\U not found.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 07 June 2012 - 02:30 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 zia16sun

zia16sun

    Regular Member

  • Honorary Members
  • PipPip
  • 74 posts
  • Gender:Female
  • Location:New Mexico

Posted 07 June 2012 - 03:15 PM

Unfortunately, the incessant restarting issue won't let me stay on the system long enough to prepare the computer for running Combofix. I still get the "Windows has encountered a critical problem and will restart automatically in one minute" message. This is the case despite my attempts to start in safe mode, to Disable Automatic Restart on System Failure or to boot with the Last Known Good Configuration.

If it helps, I can provide a boot log, which but it is excessively long and pasting it here gives the error of "post too long", so I would either have to attach or post in multiple messages. Please advise your preferences in this situation. Thanks!

#8 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 07 June 2012 - 04:34 PM

Greetings

I would like to have a new scan from FRST and send me the report


gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 10 June 2012 - 12:13 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#10 zia16sun

zia16sun

    Regular Member

  • Honorary Members
  • PipPip
  • 74 posts
  • Gender:Female
  • Location:New Mexico

Posted 11 June 2012 - 03:34 PM

Thank you, Gringo. When I checked back on Thursday after you responded, for some reason I was no longer allowed to respond to this thread (presumably because as a newbie to the forum when I originally sent my help request to you, I didn't realize that the searches that brought me to this thread took me to your response to Emil_Svensson, and I falsely assumed that the post I was reading from you was some sort of general assistance starting point. My apologies to Emil_Svensson for taking over this thread. On the same note, if you prefer that I start a new thread of my own to continue this process, I'm happy to do so. I was planning on doing so today since I couldn't respond to this thread on Friday and was traveling cross country all weekend).

Anyway, the FRST log from Thursday afternoon is as follows:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 06-06-2012 04
Ran by SYSTEM at 07-06-2012 15:50:49
Running from E:\
Windows Vista ™ Home Basic Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [249856 2009-06-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-31] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-02-26] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-02-26] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-02-26] (Intel Corporation)
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-02-11] (Intel Corporation)
HKLM\...\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [657920 2009-11-02] (Dell Inc.)
HKLM\...\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [147328 2010-01-05] (Wave Systems Corp.)
HKLM\...\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-01-05] (Broadcom Corporation)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [981680 2012-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Crys\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [8704 2006-11-02] (Microsoft Corporation)
HKU\Crys\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-14] (Google Inc.)
HKU\Crys\...\Policies\system: [LogonHoursAction] 2
HKU\Crys\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Guest\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-14] (Google Inc.)
HKU\Michael\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-14] (Google Inc.)
HKU\Michael\...\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent [x]
HKU\Michael\...\Policies\system: [LogonHoursAction] 2
HKU\Michael\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 208.67.222.222
Lsa: [Authentication Packages] msv1_0
wvauth
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk
ShortcutTarget: Dell ControlPoint System Manager.lnk -> C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\TdmNotify.lnk
ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
Startup: C:\Users\Michael\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

================================ Services (Whitelisted) ==================

3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257696 2012-05-04] (Adobe Systems Incorporated)
2 alssvc; "C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe" [382232 2008-06-03] (Dell Inc.)
2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1803512 2009-05-15] (AuthenTec, Inc.)
2 buttonsvc32; "C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe" [278304 2009-11-20] (Dell Inc.)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [655624 2010-12-27] (Acresso Software Inc.)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [124240 2010-03-18] (Microsoft Corporation)
4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
2 Secunia PSI Agent; "C:\Program Files\Secunia\PSI\PSIA.exe" --start-service [993848 2011-04-18] (Secunia)
2 Secunia Update Agent; "C:\Program Files\Secunia\PSI\sua.exe" --start-service [399416 2011-04-18] (Secunia)
3 SecureStorageService; "C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe" [1032192 2009-11-18] (Wave Systems Corp.)
2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3063968 2012-04-09] (Skype Technologies S.A.)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-04-05] (Skype Technologies)
2 sprtlisten; C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe /identity QUICKASSIST [1213728 2008-01-08] (SupportSoft, Inc.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_d2df6701\STacSV.exe [221266 2009-07-31] (IDT, Inc.)
3 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [394608 2008-01-08] (SupportSoft, Inc.)
2 tcsd_win32.exe; "C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [1273856 2008-11-12] ()
2 TdmService; "C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe" [1148264 2009-11-24] (Wave Systems Corp.)
2 WDDMService; "C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe" [110592 2009-11-13] (WDC)
2 WDSmartWareBackgroundService; "C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe" [20480 2009-06-16] (Memeo)
2 dcpsysmgrsvc; "c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe" [x]
2 EvtEng; c:\Program Files\Intel\WiFi\bin\EvtEng.exe [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
4 MSSQLServerADHelper100; "c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
2 RegSrvc; c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [x]
4 SQLAgent$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [x]
4 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

========================== Drivers (Whitelisted) =============

3 ApfiltrService; C:\Windows\System32\DRIVERS\Apfiltr.sys [217136 2009-11-24] (Alps Electric Co., Ltd.)
3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [112128 2009-02-26] (Intel® Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-06-07] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
1 MpKsl77c026b2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4DDCD221-1D60-492B-91EB-92D7C46B40B6}\MpKsl77c026b2.sys [29904 2012-06-05] (Microsoft Corporation)
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [74112 2012-03-20] (Microsoft Corporation)
0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
4 rimspci; C:\Windows\system32\drivers\rimspe86.sys [45056 2009-04-03] (REDC)
4 risdpcie; C:\Windows\system32\drivers\risdpe86.sys [48640 2009-04-03] (REDC)
4 rixdpcie; C:\Windows\system32\drivers\rixdpe86.sys [38400 2009-04-03] (REDC)
4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-30] (Microsoft Corporation)
2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [211328 2010-01-05] (Wave Systems Corp.)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NvtSp50; C:\Windows\System32\Drivers\NvtSp50.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-07 11:37 - 2012-06-07 11:38 - 00000000 ____D C:\FRST
2012-06-07 11:35 - 2012-06-07 11:35 - 00000000 __SHD C:\Config.Msi
2012-06-05 09:35 - 2012-06-07 13:38 - 3174215680 __ASH C:\hiberfil.sys
2012-06-05 09:10 - 2012-06-07 07:46 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-06-03 09:28 - 2012-06-03 09:28 - 00002154 ____A C:\Windows\epplauncher.mif
2012-06-03 09:27 - 2012-06-03 09:28 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-03 09:27 - 2010-04-05 12:00 - 00221568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-06-02 16:31 - 2012-06-05 09:19 - 00000000 ____D C:\Users\Crys\AppData\Local\LogMeIn Rescue Applet
2012-06-02 10:44 - 2012-06-02 10:44 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-05-26 09:20 - 2012-05-28 16:05 - 00010578 ____A C:\Users\Crys\Documents\Nutrition.xlsx
2012-05-26 09:16 - 2012-05-26 09:16 - 00000000 ____D C:\Users\Crys\Desktop\MMA
2012-05-11 17:21 - 2012-03-30 04:39 - 00914304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-11 17:21 - 2012-03-29 05:39 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-05-11 17:21 - 2012-03-20 15:28 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-11 17:21 - 2012-03-01 06:46 - 00219648 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-05-11 17:21 - 2012-03-01 06:46 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-05-11 17:21 - 2012-02-29 06:08 - 01172480 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-05-11 17:21 - 2012-02-29 05:44 - 00683008 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-05-11 17:21 - 2012-02-29 05:41 - 01069056 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-11 17:20 - 2012-04-03 00:16 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-05-11 17:20 - 2012-04-03 00:16 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-11 17:20 - 2012-04-02 05:36 - 02044928 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

============ 3 Months Modified Files and Folders ===============

2012-06-07 13:39 - 2006-11-02 04:58 - 0032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-07 13:39 - 2006-11-02 04:58 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-07 13:38 - 2012-06-05 09:35 - 3174215680 __ASH C:\hiberfil.sys
2012-06-07 13:38 - 2006-11-02 04:45 - 0003664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-07 13:38 - 2006-11-02 04:45 - 0003664 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-07 11:52 - 2009-04-11 05:18 - 0279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-06-07 11:51 - 2010-09-20 14:50 - 0902938 ____A C:\Windows\ntbtlog.txt
2012-06-07 11:51 - 2010-08-14 12:20 - 0000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-07 11:51 - 2010-04-12 19:43 - 0000000 ____A C:\Users\Crys\AppData\Local\WavXMapDrive.bat
2012-06-07 11:43 - 2012-05-05 13:11 - 0000000 ____D C:\Users\All Users\boost_interprocess
2012-06-07 11:38 - 2012-06-07 11:37 - 0000000 ____D C:\FRST
2012-06-07 11:35 - 2012-06-07 11:35 - 0000000 __SHD C:\Config.Msi
2012-06-07 11:34 - 2010-08-14 12:20 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-07 07:46 - 2012-06-05 09:10 - 0040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-06-07 07:46 - 2012-03-29 07:24 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-05 09:33 - 2010-04-06 19:25 - 1944952 ____A C:\Windows\WindowsUpdate.log
2012-06-05 09:19 - 2012-06-02 16:31 - 0000000 ____D C:\Users\Crys\AppData\Local\LogMeIn Rescue Applet
2012-06-05 09:17 - 2008-01-20 19:02 - 0055636 ____A C:\Windows\PFRO.log
2012-06-03 09:28 - 2012-06-03 09:28 - 0002154 ____A C:\Windows\epplauncher.mif
2012-06-03 09:28 - 2012-06-03 09:27 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-06-03 09:28 - 2006-11-02 02:33 - 0866950 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-03 09:21 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\registration
2012-06-03 09:19 - 2010-04-12 20:10 - 0000000 ____D C:\Users\All Users\Symantec
2012-06-02 16:54 - 2010-12-31 14:22 - 0000000 ____D C:\Windows\symbols
2012-06-02 16:27 - 2010-08-14 12:17 - 0000000 ____D C:\Users\Crys\AppData\Roaming\Skype
2012-06-02 10:44 - 2012-06-02 10:44 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2012-05-28 16:05 - 2012-05-26 09:20 - 0010578 ____A C:\Users\Crys\Documents\Nutrition.xlsx
2012-05-26 09:16 - 2012-05-26 09:16 - 0000000 ____D C:\Users\Crys\Desktop\MMA
2012-05-23 04:54 - 2010-04-07 01:01 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-16 06:05 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\Microsoft.NET
2012-05-13 12:42 - 2006-11-02 04:44 - 2303584 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-12 12:33 - 2010-05-25 08:02 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-12 12:29 - 2006-11-02 02:24 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-05-12 12:03 - 2006-11-02 04:35 - 0000000 ____D C:\Windows\System32\XPSViewer
2012-05-07 05:16 - 2012-05-07 05:16 - 0000000 ____D C:\Users\Crys\AppData\Roaming\Foxit Software
2012-05-07 05:13 - 2010-04-12 20:15 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-05-07 05:12 - 2012-05-07 05:12 - 0000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-05 13:11 - 2012-05-05 13:10 - 0000000 ___RD C:\Program Files\Skype
2012-05-05 13:11 - 2010-08-14 12:14 - 0000000 ____D C:\Users\All Users\Skype
2012-05-05 13:10 - 2012-05-05 13:10 - 0001878 ____A C:\Users\Public\Desktop\Skype.lnk
2012-05-05 13:10 - 2012-05-05 13:10 - 0000000 ____D C:\Program Files\Common Files\Skype
2012-05-04 16:46 - 2012-03-29 07:24 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-05-04 16:46 - 2011-05-15 11:55 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-04-29 06:37 - 2006-11-02 04:49 - 0147796 ____A C:\Windows\setupact.log
2012-04-20 07:51 - 2012-04-20 07:39 - 0034901 ____A C:\Users\Crys\Desktop\lyrics.docx
2012-04-04 13:56 - 2010-04-12 20:15 - 0022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 00:16 - 2012-05-11 17:20 - 3602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-04-03 00:16 - 2012-05-11 17:20 - 3550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-02 05:36 - 2012-05-11 17:20 - 2044928 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 11:57 - 2012-03-30 11:57 - 0001666 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-30 11:57 - 2012-03-09 12:53 - 0000000 ____D C:\Program Files\iTunes
2012-03-30 11:56 - 2012-03-30 11:56 - 0000000 ____D C:\Program Files\iPod
2012-03-30 11:56 - 2010-06-01 13:54 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-03-30 04:39 - 2012-05-11 17:21 - 0914304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 09:21 - 2012-03-29 09:21 - 313700803 ____A C:\Windows\MEMORY.DMP
2012-03-29 09:21 - 2012-03-29 09:21 - 0144744 ____A C:\Windows\Minidump\Mini032912-01.dmp
2012-03-29 09:21 - 2012-03-29 09:21 - 0000000 ____D C:\Windows\Minidump
2012-03-29 05:39 - 2012-05-11 17:21 - 0031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-03-28 06:07 - 2011-04-13 15:53 - 0000861 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-03-20 18:44 - 2012-03-20 18:44 - 0171064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 18:44 - 2012-03-20 18:44 - 0074112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-20 15:28 - 2012-05-11 17:21 - 0053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-15 09:25 - 2012-01-22 06:32 - 0008518 ____A C:\Users\Crys\Documents\Car Loan.xlsx


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-04-11 05:18] - [2012-06-07 11:52] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 3026.43 MB
Available physical RAM: 2715.68 MB
Total Pagefile: 2925.83 MB
Available Pagefile: 2793.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.93 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:102.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: () (Removable) (Total:3.74 GB) (Free:3.73 GB) FAT32
4 Drive x: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.69 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 Online 3827 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 32 KB
Partition 2 Primary 15 GB 40 MB
Partition 3 Primary 218 GB 15 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 X RECOVERY NTFS Partition 15 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 218 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3827 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E FAT32 Removable 3827 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-03 09:49

======================= End Of Log ==========================

#11 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 11 June 2012 - 06:42 PM

Lets do this so as to not get things to confused

I want you to start a new thread but when you do give the link here or send me a pm

put this last report into it


gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#12 zia16sun

zia16sun

    Regular Member

  • Honorary Members
  • PipPip
  • 74 posts
  • Gender:Female
  • Location:New Mexico

Posted 12 June 2012 - 09:21 AM

For continuation, please see: http://forums.malwar...howtopic=111044. Thank you.

#13 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,601 posts
  • Gender:Male

Posted 12 June 2012 - 01:57 PM

got it
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#14 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 15 June 2012 - 06:17 AM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users