Jump to content

nye2311

Members
 View Profile  See their activity

  • Posts

    17

  • Joined

  • Last visited

Reputation

0 Neutral
  1. nye2311
    SystemLook 30.07.11 by jpshortstuff Log created at 12:52 on 23/10/2013 by wner Administrator - Elevation successful ========== Filefind ========== Searching for "rpcss.dll" C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll --a---- 512000 bytes [14:56 21/06/2011] [13:27 20/11/2010] 5C627D1B1138676C0A7AB2C2C190D123 C:\Windows\System32\rpcss.dll --a---- 512512 bytes [03:52 22/05/2013] [13:27 20/11/2010] 38A24296B68458444A997606CF1E6CAE C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll --a---- 509440 bytes [00:00 14/07/2009] [01:41 14/07/2009] 7266972E86890E2B30C0C322E906B027 C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll --a---- 512000 bytes [03:52 22/05/2013] [13:27 20/11/2010] 5C627D1B1138676C0A7AB2C2C190D123 -= EOF =-
  2. nye2311
    Says that windows is unable to find the file
  3. nye2311
    Here is the combofix log ComboFix 13-10-21.01 - wner 10/22/2013 19:18:26.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1170 [GMT -4:00] Running from: c:\users\wner\Desktop\ComboFix.exe AV: Trend Micro Titanium Maximum Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902} SP: Trend Micro Titanium Maximum Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\END c:\program files (x86)\LyricSing\133.dll c:\users\wner\Desktop\Setup.exe c:\users\wner\Documents\~WRL0568.tmp c:\users\wner\Documents\~WRL4029.tmp c:\windows\COUPon~1.ocx . . ((((((((((((((((((((((((( Files Created from 2013-09-22 to 2013-10-22 ))))))))))))))))))))))))))))))) . . 2013-10-22 23:41 . 2013-10-22 23:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-10-18 17:30 . 2013-10-18 17:30 -------- d-----w- c:\program files (x86)\SaveValet 2013-10-18 17:30 . 2013-10-22 23:39 -------- d-----w- c:\program files (x86)\LyricSing 2013-10-18 17:30 . 2013-10-18 17:30 -------- d-----w- c:\program files (x86)\Optimizer Pro 2013-10-18 17:29 . 2013-10-18 17:29 -------- d-----w- c:\programdata\Conduit 2013-10-18 17:29 . 2013-10-18 19:55 -------- d-----w- c:\users\wner\AppData\Local\Conduit 2013-10-18 17:29 . 2013-10-18 17:29 -------- d-----w- c:\program files (x86)\KeyBar_1.12 2013-10-18 17:28 . 2013-10-18 17:28 -------- d-----w- c:\users\wner\AppData\Local\GreatArcadeHits 2013-10-18 17:28 . 2013-10-18 17:28 -------- d-----w- c:\program files (x86)\SearchProtect 2013-10-18 17:27 . 2013-10-18 17:28 -------- d-----w- c:\users\wner\AppData\Roaming\SearchProtect 2013-10-18 17:27 . 2013-10-18 17:29 -------- d-----w- c:\program files (x86)\Conduit 2013-10-18 17:25 . 2013-10-18 17:26 -------- d-----w- c:\programdata\ZalmanInstaller_52331 2013-10-18 17:24 . 2013-10-22 19:27 -------- d-----w- c:\program files (x86)\Browsersafeguard 2013-10-17 18:52 . 2013-10-17 19:07 -------- d-----w- C:\AdwCleaner 2013-10-17 04:18 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2013-10-17 03:54 . 2013-10-17 04:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-10-17 01:38 . 2013-10-18 17:27 -------- d-----w- c:\users\wner\AppData\Local\CRE 2013-10-16 16:04 . 2013-10-16 16:04 -------- d-----w- C:\TDSSKiller_Quarantine 2013-10-16 00:13 . 2013-10-16 00:13 -------- d-----w- c:\users\wner\AppData\Roaming\Lavasoft 2013-10-15 23:52 . 2013-10-15 23:52 -------- d-----w- c:\program files\Lavasoft 2013-10-15 23:52 . 2013-10-15 23:52 -------- d-----w- c:\users\wner\AppData\Local\adawarebp 2013-10-15 23:52 . 2013-10-15 23:52 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2013-10-15 23:52 . 2013-10-15 23:52 -------- d-----w- c:\program files (x86)\Lavasoft 2013-10-15 23:40 . 2013-10-15 23:40 -------- d-----w- c:\program files\Common Files\Lavasoft 2013-10-15 23:16 . 2013-10-15 23:16 -------- d-----w- c:\programdata\Lavasoft . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-11 16:24 . 2012-05-28 02:10 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-10-11 16:24 . 2011-06-06 02:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-10 05:22 . 2013-09-12 12:11 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-08-10 05:22 . 2013-09-12 12:11 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-08-10 05:22 . 2013-09-12 12:11 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-08-10 05:21 . 2013-09-12 12:11 19246592 ----a-w- c:\windows\system32\mshtml.dll 2013-08-10 05:21 . 2013-09-12 12:11 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-08-10 05:21 . 2013-09-12 12:11 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-08-10 05:20 . 2013-09-12 12:11 855552 ----a-w- c:\windows\system32\jscript.dll 2013-08-10 05:20 . 2013-09-12 12:11 3959296 ----a-w- c:\windows\system32\jscript9.dll 2013-08-10 05:20 . 2013-09-12 12:11 526336 ----a-w- c:\windows\system32\ieui.dll 2013-08-10 05:20 . 2013-09-12 12:11 67072 ----a-w- c:\windows\system32\iesetup.dll 2013-08-10 05:20 . 2013-09-12 12:11 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-08-10 05:20 . 2013-09-12 12:11 2647040 ----a-w- c:\windows\system32\iertutil.dll 2013-08-10 05:20 . 2013-09-12 12:11 136704 ----a-w- c:\windows\system32\iesysprep.dll 2013-08-10 05:20 . 2013-09-12 12:11 15404544 ----a-w- c:\windows\system32\ieframe.dll 2013-08-10 03:59 . 2013-09-12 12:11 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-08-10 03:58 . 2013-09-12 12:11 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-08-10 03:58 . 2013-09-12 12:11 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-08-10 03:58 . 2013-09-12 12:11 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-08-10 03:17 . 2013-09-12 12:11 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-08-10 03:07 . 2013-09-12 12:11 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-08-10 02:27 . 2013-09-12 12:11 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-08-10 02:17 . 2013-09-12 12:11 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-08-08 01:20 . 2013-09-11 23:41 3155456 ----a-w- c:\windows\system32\win32k.sys 2013-08-05 02:25 . 2013-09-11 23:41 155584 ----a-w- c:\windows\system32\drivers\ataport.sys 2013-08-02 02:23 . 2013-09-11 23:41 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-02 02:15 . 2013-09-11 23:41 1732032 ----a-w- c:\windows\system32\ntdll.dll 2013-08-02 02:15 . 2013-09-11 23:41 362496 ----a-w- c:\windows\system32\wow64win.dll 2013-08-02 02:15 . 2013-09-11 23:41 243712 ----a-w- c:\windows\system32\wow64.dll 2013-08-02 02:15 . 2013-09-11 23:41 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2013-08-02 02:14 . 2013-09-11 23:41 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-08-02 02:14 . 2013-09-11 23:41 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2013-08-02 02:13 . 2013-09-11 23:41 424448 ----a-w- c:\windows\system32\KernelBase.dll 2013-08-02 02:13 . 2013-09-11 23:41 1161216 ----a-w- c:\windows\system32\kernel32.dll 2013-08-02 02:12 . 2013-09-11 23:41 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-08-02 02:12 . 2013-09-11 23:41 6656 ----a-w- c:\windows\system32\apisetschema.dll 2013-08-02 02:12 . 2013-09-11 23:41 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-08-02 02:12 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-08-02 01:59 . 2013-09-11 23:41 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-08-02 01:59 . 2013-09-11 23:41 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-08-02 01:51 . 2013-09-11 23:41 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll 2013-08-02 01:50 . 2013-09-11 23:41 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2013-08-02 01:50 . 2013-09-11 23:41 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-08-02 01:48 . 2013-09-11 23:41 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-08-02 01:48 . 2013-09-11 23:41 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2013-08-02 01:48 . 2013-09-11 23:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-08-02 01:09 . 2013-09-11 23:41 338432 ----a-w- c:\windows\system32\conhost.exe 2013-08-02 00:59 . 2013-09-11 23:41 112640 ----a-w- c:\windows\system32\smss.exe 2013-08-02 00:45 . 2013-09-11 23:41 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-08-02 00:45 . 2013-09-11 23:41 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-11-20 . 38A24296B68458444A997606CF1E6CAE . 512512 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0134af61-7a0c-4649-aeca-90d776060cb3}"= "c:\program files (x86)\KeyBar_1.12\prxtbKeyB.dll" [2013-10-03 226592] . [HKEY_CLASSES_ROOT\clsid\{0134af61-7a0c-4649-aeca-90d776060cb3}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0134af61-7a0c-4649-aeca-90d776060cb3}] 2013-10-03 14:40 226592 ----a-w- c:\program files (x86)\KeyBar_1.12\prxtbKeyB.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{35fd2bab-ab2b-494f-b5bf-8755ec043784}] 2011-12-12 20:42 689552 ----a-w- c:\progra~2\RADIOP~2\bar\1.bin\4ebar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4adc9c1b-9c50-4c2d-a471-5c06d8de7e80}] 2011-12-12 20:42 62864 ----a-w- c:\program files (x86)\RadioPI_4e\bar\1.bin\4eSrcAs.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D0C21091-FF8E-432C-9006-0540E81BA9D7}] 2013-08-14 07:17 321488 ----a-w- c:\users\wner\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F0F12903-DE76-4DF7-BCDC-0A0689151189}] 2013-01-14 20:46 318976 ----a-w- c:\program files (x86)\SaveValet\ie\SaveValetIE_32.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{92926b63-5116-4c6f-a33e-378767b8d15f}"= "c:\program files (x86)\RadioPI_4e\bar\1.bin\4ebar.dll" [2011-12-12 689552] "{0134af61-7a0c-4649-aeca-90d776060cb3}"= "c:\program files (x86)\KeyBar_1.12\prxtbKeyB.dll" [2013-10-03 226592] . [HKEY_CLASSES_ROOT\clsid\{92926b63-5116-4c6f-a33e-378767b8d15f}] . [HKEY_CLASSES_ROOT\clsid\{0134af61-7a0c-4649-aeca-90d776060cb3}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-11-11 59240] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-12 39408] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496] "BackgroundContainer"="c:\users\wner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2013-10-14 319264] "BrowserSafeguard"="c:\program files (x86)\Browsersafeguard\Browsersafeguard.exe" [2013-10-01 565248] "ConduitFloatingPlugin_gipmblamjgodbimgeafaiegdpfbaeihe"="c:\program files (x86)\Conduit\CT3291325\plugins\TBVerifier.dll" [1623-04-06 287008] "SearchProtect"="c:\users\wner\AppData\Roaming\SearchProtect\bin\cltmng.exe" [2013-09-22 3470624] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-05 2446648] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-07-13 498160] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096] "Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-05-23 371896] "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368] "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984] "PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992] "PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192] "PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752] "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2011-05-19 2629632] "Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-09-27 559696] "SearchProtectAll"="c:\program files (x86)\SearchProtect\bin\cltmng.exe" [2013-09-22 3470624] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-5 1132472] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll . R2 70e6ca8c;Optimizer Pro Crash Monitor;c:\progra~2\optimi~1\OptProCrash.exe;c:\progra~2\optimi~1\OptProCrash.exe [x] R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x] S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x] S1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\Drivers\NEOFLTR_650_14951.SYS;c:\windows\SYSNATIVE\Drivers\NEOFLTR_650_14951.SYS [x] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x] S2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe [x] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4530.0\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4530.0\AdAwareService.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x] S2 RadioPI_4eService;RadioPIService;c:\progra~2\RADIOP~2\bar\1.bin\4ebarsvc.exe;c:\progra~2\RADIOP~2\bar\1.bin\4ebarsvc.exe [x] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x] S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x] S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x] S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2013-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 16:24] . 2013-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 18:31] . 2013-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 18:31] . 2013-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3839042453-1268691679-135452235-1000Core.job - c:\users\wner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-27 11:19] . 2013-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3839042453-1268691679-135452235-1000UA.job - c:\users\wner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-27 11:19] . 2013-10-22 c:\windows\Tasks\GreatArcadeHits.job - c:\users\wner\AppData\Local\GreatArcadeHits\GAHUpdate.exe [2013-08-07 07:17] . 2013-10-22 c:\windows\Tasks\LyricsSing Update.job - c:\program files (x86)\LyricSing\lSing.exe [2013-09-11 12:54] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-14 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-14 390168] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-14 408600] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-03 8312352] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152] "AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4530.0\AdAwareTray.exe" [2013-10-14 2520408] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <-loopback> uInternet Settings,ProxyServer = http=127.0.0.1:49353;https=127.0.0.1:49353 IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000 Trusted Zone: ceco.com\exelonjobs TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS REMOVED - - - - . BHO-{237666b4-bc14-4c39-bce3-4c6d5bef60c2} - c:\program files (x86)\LyricSing\133.dll BHO-{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - c:\progra~2\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll Toolbar-Locked - (no file) Toolbar-{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - c:\progra~2\IMESHA~1\MediaBar\ToolBar\iMeshMediaBarDx.dll Toolbar-10 - (no file) Wow6432Node-HKCU-Run-StartNow Search Protect - c:\program files (x86)\StartNow Toolbar\search_protect.exe Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe SafeBoot-93621757.sys HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) Toolbar-10 - (no file) WebBrowser-{0134AF61-7A0C-4649-AECA-90D776060CB3} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe AddRemove-IECT3267244 - c:\programdata\\Conduit\IE\CT3267244\UninstallerUI.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-10-22 19:51:39 ComboFix-quarantined-files.txt 2013-10-22 23:51 . Pre-Run: 360,414,650,368 bytes free Post-Run: 362,565,570,560 bytes free . - - End Of File - - C9E57F4DEB5D86C91982179CDB1753E8
  4. nye2311
    Will try that noe
  5. nye2311
    Yes and ads still play
  6. nye2311
    done
  7. nye2311
    I have no clue what it is or when/how it got there!
  8. nye2311
    I downloaded the aswMBR and ran the scan... it ran for a while and then almost seemed to just pause.... it didn't give me a notification that the scan was completed... if that is what was supposed to happen and the scan did complete even though it didn't say it was done here is the copy of the log.... aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2013-10-20 20:30:29 ----------------------------- 20:30:29.632 OS Version: Windows x64 6.1.7601 Service Pack 1 20:30:29.632 Number of processors: 4 586 0x2502 20:30:29.632 ComputerName: WNER-PC UserName: wner 20:30:34.404 Initialize success 20:31:04.371 AVAST engine defs: 13102000 20:31:17.198 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 20:31:17.208 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3 20:31:17.328 Disk 0 MBR read successfully 20:31:17.328 Disk 0 MBR scan 20:31:17.338 Disk 0 Windows VISTA default MBR code 20:31:17.368 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048 20:31:17.398 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464784 MB offset 3074048 20:31:17.428 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10655 MB offset 954951680 20:31:17.618 Disk 0 scanning C:\windows\system32\drivers 20:31:36.994 Service scanning 20:32:13.898 Modules scanning 20:32:13.898 Disk 0 trace - called modules: 20:32:13.978 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys 20:32:13.978 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c1f060] 20:32:13.988 3 CLASSPNP.SYS[fffff88000dae43f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8004c1e060] 20:32:16.629 AVAST engine scan C:\windows 20:32:35.270 AVAST engine scan C:\windows\system32 20:37:41.502 AVAST engine scan C:\windows\system32\drivers 20:38:00.954 AVAST engine scan C:\Users\wner 20:55:19.144 File: C:\Users\wner\Desktop\iExplore.exe **INFECTED** Win32:Dropper-gen [Drp] 21:13:30.827 Disk 0 MBR has been saved successfully to "C:\Users\wner\Desktop\MBR.dat" 21:13:30.837 The log file has been saved successfully to "C:\Users\wner\Desktop\aswMBR.txt"
  9. nye2311
    I am unable to complete the combofix scan due to the notification that continues to pop up and then restart the computer
  10. nye2311
    The notification that pops up says "Windows must now restart because plug and play services terminated." and then the computer restarts shortly there after.
  11. nye2311
    RogueKiller V8.7.4 _x64_ [Oct 16 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : wner [Admin rights] Mode : Scan -- Date : 10/17/2013 21:57:55 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : BackgroundContainer ("C:\windows\SysWOW64\Rundll32.exe" "C:\Users\wner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][x][x]) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3839042453-1268691679-135452235-1000\[...]\Run : BackgroundContainer ("C:\windows\SysWOW64\Rundll32.exe" "C:\Users\wner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][x][x]) -> FOUND [HJ TASKMAN] HKLM\[...]\Wow6432Node\[...]\Winlogon : TaskMan () -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [V2][sUSP PATH] BackgroundContainer Startup Task : "C:\windows\SysWOW64\Rundll32.exe" - "C:\Users\wner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][x][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Hitachi HTS545050B9A300 +++++ --- User --- [MBR] b5507210a52889c2c7446b54eadae934 [bSP] 243743416e46f951508ec056ff5df4eb : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464784 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954951680 | Size: 10655 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_10172013_215755.txt >> RKreport[0]_S_10172013_144509.txt;RKreport[0]_S_10172013_213842.txt
  12. nye2311
    Unable to finish MB scan bc the pop up message comes up and then shuts down the computer
  13. nye2311
    Here is the report from ADWCleaner... # AdwCleaner v3.008 - Report created 17/10/2013 at 15:07:07 # Updated 17/10/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : wner - WNER-PC # Running from : C:\Users\wner\Desktop\PrintCD.exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : BackupStack ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\blekko toolbars Folder Deleted : C:\ProgramData\Conduit Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\Program Files (x86)\Ask.com Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\iMesh Applications Folder Deleted : C:\Program Files (x86)\MyPC Backup Folder Deleted : C:\Program Files (x86)\Systweak Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner Folder Deleted : C:\Program Files (x86)\Wajam Folder Deleted : C:\Users\wner\AppData\Local\Conduit Folder Deleted : C:\Users\wner\AppData\Local\iMesh Folder Deleted : C:\Users\wner\AppData\Local\PackageAware Folder Deleted : C:\Users\wner\AppData\Local\StartNow Folder Deleted : C:\Users\wner\AppData\Local\Temp\Wajam Folder Deleted : C:\Users\wner\AppData\LocalLow\adawaretb Folder Deleted : C:\Users\wner\AppData\LocalLow\Conduit Folder Deleted : C:\Users\wner\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\wner\AppData\LocalLow\Systweak Folder Deleted : C:\Users\wner\AppData\Roaming\Systweak Folder Deleted : C:\Users\wner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup Folder Deleted : C:\Users\wner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhoigiahaahldpgnbbimfecackdgccna File Deleted : C:\END File Deleted : C:\windows\System32\roboot64.exe File Deleted : C:\Users\wner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk File Deleted : C:\Users\wner\Desktop\MyPC Backup.lnk ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Google\Chrome\Extensions\dhoigiahaahldpgnbbimfecackdgccna Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhoigiahaahldpgnbbimfecackdgccna Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3267244 Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_dhoigiahaahldpgnbbimfecackdgccna] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [RadioPI Search Scope Monitor] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [RadioPI_4e Browser Plugin Loader] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{424E2F9C-EB5B-4B51-87E5-5831781BC515} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DCC8CB0E-9FE0-426E-84C4-A28F56C51606} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{424E2F9C-EB5B-4B51-87E5-5831781BC515} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{424E2F9C-EB5B-4B51-87E5-5831781BC515} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DCC8CB0E-9FE0-426E-84C4-A28F56C51606} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{424E2F9C-EB5B-4B51-87E5-5831781BC515} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DCC8CB0E-9FE0-426E-84C4-A28F56C51606} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0B102968-45CA-42E3-8C2D-904796FECA63} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1FF2F3DE-61B7-4DAA-95F9-2235D8912D21} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{424E2F9C-EB5B-4B51-87E5-5831781BC515}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{424E2F9C-EB5B-4B51-87E5-5831781BC515}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{424E2F9C-EB5B-4B51-87E5-5831781BC515}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{424E2F9C-EB5B-4B51-87E5-5831781BC515}] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\Imesh Key Deleted : HKCU\Software\Wajam Key Deleted : HKCU\Software\Zugo Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\iMeshMediabarTb Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\smartbar Key Deleted : HKCU\Software\AppDataLow\Software\systweak Key Deleted : HKLM\Software\adawaretb Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\iMeshMediabarTb Key Deleted : HKLM\Software\systweak Key Deleted : HKLM\Software\Toolbar Cleaner Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iMesh MediaBar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16686 -\\ Google Chrome v [ File : C:\Users\wner\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted : homepage Deleted : icon_url Deleted : search_url Deleted : keyword Deleted : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [9138 octets] - [17/10/2013 14:52:43] AdwCleaner[s0].txt - [8195 octets] - [17/10/2013 15:07:07] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8255 octets] ########## Will do MB now...
  14. nye2311
    Here is the report from the Rogue Killer RogueKiller V8.7.4 _x64_ [Oct 16 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : wner [Admin rights] Mode : Scan -- Date : 10/17/2013 14:45:09 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH][DLL] rundll32.exe -- C:\Users\wner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll [7] -> rundll32.exe KILLED [TermProc] ¤¤¤ Registry Entries : 6 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : BackgroundContainer ("C:\windows\SysWOW64\Rundll32.exe" "C:\Users\wner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x]) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3839042453-1268691679-135452235-1000\[...]\Run : BackgroundContainer ("C:\windows\SysWOW64\Rundll32.exe" "C:\Users\wner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x]) -> FOUND [HJ TASKMAN] HKLM\[...]\Wow6432Node\[...]\Winlogon : TaskMan () -> FOUND [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [V2][sUSP PATH] BackgroundContainer Startup Task : "C:\windows\SysWOW64\Rundll32.exe" - "C:\Users\wner\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [7][7][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Hitachi HTS545050B9A300 +++++ --- User --- [MBR] b5507210a52889c2c7446b54eadae934 [bSP] 243743416e46f951508ec056ff5df4eb : Windows Vista MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464784 Mo 2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954951680 | Size: 10655 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_10172013_144509.txt >>
  15. nye2311
    I was able to remove the start now toolbar but I am unable to remove systweak toolbar.... It gives Me an error message that says cannot find....
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.