Jump to content

Stubborn malware persists after Malwarebytes removed it


Recommended Posts

Hi,

I stupidly clicked on a prompt to update my flashplayer after a link was sent to my in a Skype chat. I seem to have some kind of malware installed on my system. Trend Micro keeps notifying me that it has blocked access to an unauthorised URL. I have run Malwarebytes full scan in safe mode and it finds and, presumably, removes some threats but the problem persists.

I also get an error "Ordinal 1108 could not be located in dynamic link library WSOCK32.dll" if I try to do nslookup from a command window.

The contents of DDS.txt are posted below and Attach.txt is attached to the post. Thanks in advance for any assistance you can give me ...

DDS.txt

-----------------------------------------------------------------------------------------------------------------------------------------------

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by cboyan at 3:55:56 on 2012-05-25

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.6135.3291 [GMT 10:00]

.

AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Tablet\Pen\Pen_TouchService.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\inetsrv\inetinfo.exe

C:\Windows\LTSvc\LTSVC.exe

C:\Windows\system32\mqsvc.exe

c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe

c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\mqtgsvc.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\WUDFHost.exe

C:\Windows\LTsvc\LTSvcMon.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe

C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe

C:\Windows\system32\taskhost.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\Explorer.EXE

C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files\Tablet\Pen\Pen_Tablet.exe

C:\Windows\LTSvc\LTTray.exe

C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNtMon.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\splwow64.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1045\TmIEPlg32.dll

BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll

mRun: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

mRun: [tvncontrol] "C:\Windows\LTsvc\tvnserver.exe" -controlservice -slave

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETWOR~1.LNK - C:\Windows\LTSvc\LTTray.exe

uPolicies-explorer: NoWindowsUpdate = 0

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: SoftwareSASGeneration = 1 (0x1)

IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: DhcpNameServer = 61.9.211.1 61.9.211.33

TCP: Interfaces\{E80238AC-93C5-4C13-BC8B-B98999697328} : DhcpNameServer = 61.9.211.1 61.9.211.33

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1045\TmIEPlg32.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1045\TmIEPlg32.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO-X64: RoboForm BHO - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll

TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File

mRun-x64: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

mRun-x64: [tvncontrol] "C:\Windows\LTsvc\tvnserver.exe" -controlservice -slave

Hosts: 202.191.49.70 clone.cvcheck.biz

Hosts: 202.191.49.70 migrate.cvcheck.biz

Hosts: 192.168.1.2 cvsbs

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\cboyan\AppData\Roaming\Mozilla\Firefox\Profiles\bws4egot.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3201318&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=2&q=

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll

.

============= SERVICES / DRIVERS ===============

.

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-5-23 913752]

R2 LTService;Netlink Monitoring Service;C:\Windows\LTSvc\LTSVC.exe [2012-4-26 12542976]

R2 LTSvcMon;Netlink Monitoring Service CheckUp Util;C:\Windows\LTSvc\LTSvcMon.exe [2012-4-26 96768]

R2 svcGenericHost;Trend Micro Client/Server Security Agent;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2012-4-30 50704]

R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-5-21 6583160]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-5-8 2666880]

R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-7-12 342288]

R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmpreflt.sys [2011-7-12 42768]

R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-5-21 528760]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-3-15 918032]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe --> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 glideusb;GlidePoint USB Touchpad Filter;C:\Windows\system32\DRIVERS\glideusb.sys --> C:\Windows\system32\DRIVERS\glideusb.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 129976]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WMSVC;Web Management Service;C:\Windows\system32\inetsrv\wmsvc.exe --> C:\Windows\system32\inetsrv\wmsvc.exe [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]

S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-4-24 428384]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-05-23 23:42:57 -------- d-----w- C:\Users\cboyan\AppData\Roaming\Malwarebytes

2012-05-23 23:42:28 -------- d-----w- C:\ProgramData\Malwarebytes

2012-05-23 23:42:26 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-05-23 23:42:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-05-23 22:36:46 249856 ------w- C:\Windows\Setup1.exe

2012-05-23 22:36:44 73216 ----a-w- C:\Windows\ST6UNST.EXE

2012-05-23 15:05:59 -------- d-----w- C:\ProgramData\AVAST Software

2012-05-23 15:05:59 -------- d-----w- C:\Program Files\AVAST Software

2012-05-23 14:52:04 -------- d-----w- C:\Windows\pss

2012-05-23 05:21:41 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-23 05:21:41 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-05-23 05:21:41 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-05-23 05:21:41 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-05-23 05:21:41 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-23 05:21:23 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-23 05:21:23 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-23 05:21:23 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-23 05:21:23 3146240 ----a-w- C:\Windows\System32\win32k.sys

2012-05-23 05:12:49 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-05-23 05:12:40 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-05-23 05:07:04 1544704 ----a-w- C:\Windows\System32\DWrite.dll

2012-05-23 05:07:04 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-05-23 05:06:26 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2012-05-23 05:06:15 902656 ----a-w- C:\Windows\System32\d2d1.dll

2012-05-23 05:06:15 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-05-23 05:06:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2012-05-23 05:04:26 24408 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe

2012-05-23 04:57:57 -------- d-----w- C:\ProgramData\IObit

2012-05-23 04:57:46 -------- d-----w- C:\Users\cboyan\AppData\Roaming\IObit

2012-05-23 04:57:42 -------- d-----w- C:\Program Files (x86)\IObit

2012-05-23 04:35:37 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-05-22 16:16:32 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{798E5394-519C-4EE3-B5D0-25CE05F5B854}\mpengine.dll

2012-05-21 22:37:11 -------- d-----r- C:\Users\cboyan\AppData\Roaming\Brother

2012-05-21 05:35:49 -------- d-----w- C:\Users\cboyan\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1

2012-05-21 05:34:10 -------- d-----w- C:\Users\cboyan\AppData\Roaming\Wacom

2012-05-21 05:34:03 -------- d-----w- C:\ProgramData\Wacom

2012-05-21 05:33:47 -------- d-----w- C:\Program Files (x86)\Bamboo Dock

2012-05-21 05:32:07 1326456 ----a-w- C:\Windows\System32\Pen_Touch_Tablet.dll

2012-05-21 05:32:07 1107832 ----a-w- C:\Windows\SysWow64\Pen_Touch_Tablet.dll

2012-05-21 05:32:07 -------- d-----w- C:\Users\cboyan\AppData\Roaming\WTablet

2012-05-21 05:32:01 -------- d-----w- C:\Program Files (x86)\TabletPlugins

2012-05-21 05:31:55 12848 ----a-w- C:\Windows\System32\drivers\wacommousefilter.sys

2012-05-21 05:31:50 16168 ----a-w- C:\Windows\System32\drivers\wacomvhid.sys

2012-05-21 05:31:49 1152888 ----a-w- C:\Windows\SysWow64\WacomMT.dll

2012-05-21 05:31:48 1665400 ----a-w- C:\Windows\System32\Pen_Tablet.dll

2012-05-21 05:31:48 1401208 ----a-w- C:\Windows\System32\Wintab32.dll

2012-05-21 05:31:48 1392504 ----a-w- C:\Windows\System32\WacomMT.dll

2012-05-21 05:31:48 1369464 ----a-w- C:\Windows\SysWow64\Pen_Tablet.dll

2012-05-21 05:31:48 1156472 ----a-w- C:\Windows\SysWow64\Wintab32.dll

2012-05-21 05:31:46 -------- d-----w- C:\Program Files\Tablet

2012-05-19 07:49:46 -------- d-----w- C:\Users\cboyan\AppData\Roaming\NCH Software

2012-05-18 05:47:08 -------- d-----w- C:\Program Files (x86)\TortoiseHg

2012-05-18 05:46:50 -------- d-----w- C:\Program Files\TortoiseHg

2012-05-18 05:23:23 -------- d-----w- C:\Windows\System32\appmgmt

2012-05-18 05:19:51 -------- d-----w- C:\Program Files (x86)\Kiln Client

2012-05-18 05:19:49 -------- d-----w- C:\Users\cboyan\AppData\Local\KilnExtensions

2012-05-16 18:52:10 60304 ----a-w- C:\Users\cboyan\g2mdlhlpx.exe

2012-05-10 19:24:33 -------- d-----w- C:\Users\cboyan\AppData\Roaming\TortoiseHg

2012-05-10 06:08:37 -------- d-----w- C:\Program Files (x86)\SQL Accessories

2012-05-10 06:06:55 -------- d-----w- C:\Users\cboyan\AppData\Roaming\TulaSoft

2012-05-10 04:10:58 -------- d-----w- C:\Windows\SysWow64\QuickTime

2012-05-10 04:10:39 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared

2012-05-09 20:48:30 -------- d-----w- C:\Users\cboyan\.swt

2012-05-09 20:45:24 -------- d-----w- C:\Program Files (x86)\thinkorswim

2012-05-09 20:01:01 -------- d-----w- C:\Program Files (x86)\Oracle

2012-05-09 20:00:23 772552 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-05-09 03:03:28 -------- d-----w- C:\Users\cboyan\AppData\Local\{E289215B-1F86-4400-BE44-DC5784E35EF6}

2012-05-09 03:02:40 -------- d-----w- C:\Users\cboyan\AppData\Local\{D33BAB55-974A-4B4B-B277-BC5F03DAD539}

2012-05-08 12:13:54 -------- d-----w- C:\Program Files (x86)\Git

2012-05-08 11:12:22 -------- d-----w- C:\Users\cboyan\AppData\Local\{48C39E50-5A33-4F67-B5E2-1403442B3927}

2012-05-08 11:12:09 -------- d-----w- C:\Users\cboyan\AppData\Roaming\Windows Live Writer

2012-05-08 11:12:09 -------- d-----w- C:\Users\cboyan\AppData\Local\Windows Live Writer

2012-05-08 06:54:11 -------- d-----w- C:\Users\cboyan\AppData\Local\Apps

2012-05-08 06:54:10 -------- d-----w- C:\Users\cboyan\AppData\Local\Deployment

2012-05-08 00:45:36 -------- d-----w- C:\Program Files (x86)\TeamViewer

2012-05-08 00:44:17 -------- d-----w- C:\Users\cboyan\AppData\Roaming\TeamViewer

2012-05-07 05:45:38 -------- d-----w- C:\Program Files (x86)\Singorama

2012-05-07 01:33:53 -------- d-----w- C:\Program Files (x86)\WinDirStat

2012-05-07 00:24:27 -------- d-----w- C:\Users\cboyan\AppData\Roaming\XMind

2012-05-07 00:24:15 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-05-07 00:23:40 -------- d-----w- C:\Program Files (x86)\XMind

2012-05-04 21:18:02 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-05-04 19:49:30 -------- d-----r- C:\Users\cboyan\Virtual Machines

2012-05-04 18:57:07 -------- d-----w- C:\Program Files\Carbonite

2012-05-04 18:56:41 -------- d-----w- C:\ProgramData\Carbonite

2012-05-04 18:56:41 -------- d-----w- C:\Program Files (x86)\Carbonite

2012-05-02 21:42:23 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-05-02 21:42:23 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-05-02 21:42:23 1047552 ----a-w- C:\Windows\SysWow64\mfc71u.dll

2012-05-02 21:42:23 -------- d-----w- C:\Program Files (x86)\WinMerge

2012-05-01 22:15:45 -------- d-----w- C:\Users\cboyan\AppData\Local\ActiveState

2012-05-01 22:15:05 -------- d-----w- C:\Program Files (x86)\ActiveState Komodo Edit 7

2012-05-01 04:08:06 -------- d-----r- C:\Users\cboyan\Dropbox

2012-05-01 04:05:33 -------- d-----w- C:\Users\cboyan\AppData\Roaming\Dropbox

2012-04-30 21:35:28 -------- d-----w- C:\Windows\en

2012-04-30 21:11:50 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys

2012-04-30 21:08:45 -------- d-----w- C:\Program Files (x86)\Microsoft

2012-04-30 21:08:40 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\69ce11441cd271505\bingbarsetup.exe

2012-04-30 21:08:01 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\53a1ee581cd271504\MeshBetaRemover.exe

2012-04-30 21:07:53 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2012-04-30 21:07:53 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2012-04-30 21:07:52 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2012-04-30 21:07:52 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2012-04-30 21:07:37 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\44b1b5091cd271503\DSETUP.dll

2012-04-30 21:07:37 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\44b1b5091cd271503\DXSETUP.exe

2012-04-30 21:07:37 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\44b1b5091cd271503\dsetup32.dll

2012-04-30 21:07:14 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

2012-04-30 21:07:14 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

2012-04-30 21:07:02 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2f8c30841cd271502\DSETUP.dll

2012-04-30 21:07:02 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2f8c30841cd271502\DXSETUP.exe

2012-04-30 21:07:02 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2f8c30841cd271502\dsetup32.dll

2012-04-30 21:05:14 -------- d-----w- C:\Users\cboyan\AppData\Local\Windows Live

2012-04-30 21:05:13 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2012-04-30 20:51:55 -------- d-----w- C:\Program Files (x86)\Toolheap

2012-04-30 06:25:32 -------- d-----w- C:\Windows\System32\log

2012-04-30 06:24:52 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-04-28 04:57:22 -------- d-----w- C:\Users\cboyan\.thumbnails

2012-04-28 04:56:24 -------- d-----w- C:\Users\cboyan\.gimp-2.6

2012-04-28 04:56:12 -------- d-----w- C:\Program Files (x86)\GIMP-2.0

2012-04-27 20:22:37 -------- d-----w- C:\Users\cboyan\.astah

2012-04-27 19:47:07 -------- d-----w- C:\Program Files\astah-community

2012-04-27 02:58:39 -------- d-----w- C:\Program Files (x86)\Common Files\L&H

2012-04-27 02:58:35 -------- d-----w- C:\Program Files (x86)\Microsoft ActiveSync

2012-04-26 20:28:47 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-04-26 20:28:46 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-26 20:28:46 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-04-26 20:24:57 -------- d-----w- C:\Temp

2012-04-26 03:09:09 -------- d-----w- C:\ce63aace5aa4df012bfdc6d67e91dd

2012-04-26 02:25:37 -------- d-----w- C:\Windows\System32\%drive%

2012-04-26 02:25:32 -------- d-----w- C:\ProgramData\LabTech

2012-04-26 02:25:24 -------- d-----w- C:\Windows\LTSvc

2012-04-24 21:46:28 -------- d-----w- C:\Users\cboyan\AppData\Roaming\PrimoPDF

2012-04-24 21:45:43 95008 ----a-w- C:\Windows\System32\Primomonnt.dll

2012-04-24 21:45:42 -------- d-----w- C:\Program Files (x86)\Nitro PDF

.

==================== Find3M ====================

.

2012-05-23 05:35:52 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-23 05:35:52 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-04-14 21:24:06 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-04-14 21:24:06 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-04-03 19:16:02 1562 ----a-w- C:\Users\cboyan\advanced_ip_scanner_MAC.bin

2012-03-08 08:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2012-03-08 08:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR

2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 3:56:14.04 ===============

Attach.txt

Link to post
Share on other sites

Hello csb1965 and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt

how the PC is running now?

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • TDSSKiller logfile
  • C:\ComboFix.txt
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

Thank you SO much ... I ran TDSKiller and it reported no threats. I have attached the log file here just in case ...

I then ran combofix and rebooted the machine (again) after it completed. I had to repair my network adapter and then disable/enable it to get internet connectivity again. I have re-enabled the Trend Micro real time scanning and I am no longer receiving reports of unauthorised URLs. I can also successfully invoke nslookup.

I can't see any other symptoms so it appears that the steps you have given me have done the job. I have posted the log from ComboFix below in case there is anything else that I should clean up but don't notice as a user. Thanks again for such fantastic support. This has been killing me for a few days and you've fixed in it minutes!

ComboFix Log

-------------------------------------------------------------------------------------------------

ComboFix 12-05-24.03 - cboyan 25/05/2012 5:38.1.8 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.6135.3794 [GMT 10:00]

Running from: c:\users\cboyan\Downloads\Software\AntiMalware\combofix\ComboFix.exe

AV: Trend Micro Client/Server Security Agent Antivirus *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

FW: Trend Micro Personal Firewall *Disabled* {50C2E989-60CF-0845-AFD3-290B7D301E79}

SP: Trend Micro Client/Server Security Agent Anti-spyware *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\cboyan\AppData\Local\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}

c:\users\cboyan\AppData\Local\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\@

c:\users\cboyan\AppData\Local\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\n

c:\users\cboyan\g2mdlhlpx.exe

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}

c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\@

c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\L\00000004.@

c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\L\1afb2d56

c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\L\201d3dde

c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\n

c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\U\00000004.@

c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\U\00000008.@

c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\U\000000cb.@

c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\U\80000000.@

c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\U\80000032.@

c:\windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\U\80000064.@

.

----- File Replicators -----

.

c:\program files (x86)\Git\libexec\git-core\git-add.exe

c:\program files (x86)\Git\libexec\git-core\git-annotate.exe

c:\program files (x86)\Git\libexec\git-core\git-apply.exe

c:\program files (x86)\Git\libexec\git-core\git-archive.exe

c:\program files (x86)\Git\libexec\git-core\git-bisect--helper.exe

c:\program files (x86)\Git\libexec\git-core\git-blame.exe

c:\program files (x86)\Git\libexec\git-core\git-branch.exe

c:\program files (x86)\Git\libexec\git-core\git-bundle.exe

c:\program files (x86)\Git\libexec\git-core\git-cat-file.exe

c:\program files (x86)\Git\libexec\git-core\git-check-attr.exe

c:\program files (x86)\Git\libexec\git-core\git-check-ref-format.exe

c:\program files (x86)\Git\libexec\git-core\git-checkout-index.exe

c:\program files (x86)\Git\libexec\git-core\git-checkout.exe

c:\program files (x86)\Git\libexec\git-core\git-cherry-pick.exe

c:\program files (x86)\Git\libexec\git-core\git-cherry.exe

c:\program files (x86)\Git\libexec\git-core\git-clean.exe

c:\program files (x86)\Git\libexec\git-core\git-clone.exe

c:\program files (x86)\Git\libexec\git-core\git-commit-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-commit.exe

c:\program files (x86)\Git\libexec\git-core\git-config.exe

c:\program files (x86)\Git\libexec\git-core\git-count-objects.exe

c:\program files (x86)\Git\libexec\git-core\git-describe.exe

c:\program files (x86)\Git\libexec\git-core\git-diff-files.exe

c:\program files (x86)\Git\libexec\git-core\git-diff-index.exe

c:\program files (x86)\Git\libexec\git-core\git-diff-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-diff.exe

c:\program files (x86)\Git\libexec\git-core\git-fast-export.exe

c:\program files (x86)\Git\libexec\git-core\git-fetch-pack.exe

c:\program files (x86)\Git\libexec\git-core\git-fetch.exe

c:\program files (x86)\Git\libexec\git-core\git-fmt-merge-msg.exe

c:\program files (x86)\Git\libexec\git-core\git-for-each-ref.exe

c:\program files (x86)\Git\libexec\git-core\git-format-patch.exe

c:\program files (x86)\Git\libexec\git-core\git-fsck-objects.exe

c:\program files (x86)\Git\libexec\git-core\git-fsck.exe

c:\program files (x86)\Git\libexec\git-core\git-gc.exe

c:\program files (x86)\Git\libexec\git-core\git-get-tar-commit-id.exe

c:\program files (x86)\Git\libexec\git-core\git-grep.exe

c:\program files (x86)\Git\libexec\git-core\git-hash-object.exe

c:\program files (x86)\Git\libexec\git-core\git-help.exe

c:\program files (x86)\Git\libexec\git-core\git-index-pack.exe

c:\program files (x86)\Git\libexec\git-core\git-init-db.exe

c:\program files (x86)\Git\libexec\git-core\git-init.exe

c:\program files (x86)\Git\libexec\git-core\git-log.exe

c:\program files (x86)\Git\libexec\git-core\git-ls-files.exe

c:\program files (x86)\Git\libexec\git-core\git-ls-remote.exe

c:\program files (x86)\Git\libexec\git-core\git-ls-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-mailinfo.exe

c:\program files (x86)\Git\libexec\git-core\git-mailsplit.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-base.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-file.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-index.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-ours.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-recursive.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-subtree.exe

c:\program files (x86)\Git\libexec\git-core\git-merge-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-merge.exe

c:\program files (x86)\Git\libexec\git-core\git-mktag.exe

c:\program files (x86)\Git\libexec\git-core\git-mktree.exe

c:\program files (x86)\Git\libexec\git-core\git-mv.exe

c:\program files (x86)\Git\libexec\git-core\git-name-rev.exe

c:\program files (x86)\Git\libexec\git-core\git-notes.exe

c:\program files (x86)\Git\libexec\git-core\git-pack-objects.exe

c:\program files (x86)\Git\libexec\git-core\git-pack-redundant.exe

c:\program files (x86)\Git\libexec\git-core\git-pack-refs.exe

c:\program files (x86)\Git\libexec\git-core\git-patch-id.exe

c:\program files (x86)\Git\libexec\git-core\git-peek-remote.exe

c:\program files (x86)\Git\libexec\git-core\git-prune-packed.exe

c:\program files (x86)\Git\libexec\git-core\git-prune.exe

c:\program files (x86)\Git\libexec\git-core\git-push.exe

c:\program files (x86)\Git\libexec\git-core\git-read-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-receive-pack.exe

c:\program files (x86)\Git\libexec\git-core\git-reflog.exe

c:\program files (x86)\Git\libexec\git-core\git-remote-ext.exe

c:\program files (x86)\Git\libexec\git-core\git-remote-fd.exe

c:\program files (x86)\Git\libexec\git-core\git-remote.exe

c:\program files (x86)\Git\libexec\git-core\git-replace.exe

c:\program files (x86)\Git\libexec\git-core\git-repo-config.exe

c:\program files (x86)\Git\libexec\git-core\git-rerere.exe

c:\program files (x86)\Git\libexec\git-core\git-reset.exe

c:\program files (x86)\Git\libexec\git-core\git-rev-list.exe

c:\program files (x86)\Git\libexec\git-core\git-rev-parse.exe

c:\program files (x86)\Git\libexec\git-core\git-revert.exe

c:\program files (x86)\Git\libexec\git-core\git-rm.exe

c:\program files (x86)\Git\libexec\git-core\git-send-pack.exe

c:\program files (x86)\Git\libexec\git-core\git-shortlog.exe

c:\program files (x86)\Git\libexec\git-core\git-show-branch.exe

c:\program files (x86)\Git\libexec\git-core\git-show-ref.exe

c:\program files (x86)\Git\libexec\git-core\git-show.exe

c:\program files (x86)\Git\libexec\git-core\git-stage.exe

c:\program files (x86)\Git\libexec\git-core\git-status.exe

c:\program files (x86)\Git\libexec\git-core\git-stripspace.exe

c:\program files (x86)\Git\libexec\git-core\git-symbolic-ref.exe

c:\program files (x86)\Git\libexec\git-core\git-tag.exe

c:\program files (x86)\Git\libexec\git-core\git-tar-tree.exe

c:\program files (x86)\Git\libexec\git-core\git-unpack-file.exe

c:\program files (x86)\Git\libexec\git-core\git-unpack-objects.exe

c:\program files (x86)\Git\libexec\git-core\git-update-index.exe

c:\program files (x86)\Git\libexec\git-core\git-update-ref.exe

c:\program files (x86)\Git\libexec\git-core\git-update-server-info.exe

c:\program files (x86)\Git\libexec\git-core\git-upload-archive.exe

c:\program files (x86)\Git\libexec\git-core\git-var.exe

c:\program files (x86)\Git\libexec\git-core\git-verify-pack.exe

c:\program files (x86)\Git\libexec\git-core\git-verify-tag.exe

c:\program files (x86)\Git\libexec\git-core\git-whatchanged.exe

c:\program files (x86)\Git\libexec\git-core\git-write-tree.exe

c:\program files (x86)\Git\libexec\git-core\git.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 )))))))))))))))))))))))))))))))

.

.

2012-05-23 23:42 . 2012-05-23 23:42 -------- d-----w- c:\users\cboyan\AppData\Roaming\Malwarebytes

2012-05-23 23:42 . 2012-05-23 23:42 -------- d-----w- c:\programdata\Malwarebytes

2012-05-23 23:42 . 2012-05-23 23:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-23 23:42 . 2012-04-04 05:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-23 22:36 . 2012-05-23 22:36 249856 ------w- c:\windows\Setup1.exe

2012-05-23 22:36 . 2012-05-23 22:36 73216 ----a-w- c:\windows\ST6UNST.EXE

2012-05-23 15:06 . 2012-03-07 00:15 258520 ----a-w- c:\windows\system32\aswBoot.exe

2012-05-23 15:05 . 2012-05-23 23:24 -------- d-----w- c:\programdata\AVAST Software

2012-05-23 15:05 . 2012-05-23 15:05 -------- d-----w- c:\program files\AVAST Software

2012-05-23 05:21 . 2012-05-23 05:21 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-23 05:21 . 2012-05-23 05:21 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-23 05:21 . 2012-05-23 05:21 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-23 05:21 . 2012-05-23 05:21 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-23 05:21 . 2012-05-23 05:21 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-23 05:21 . 2012-05-23 05:21 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-23 05:21 . 2012-05-23 05:21 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-23 05:21 . 2012-05-23 05:21 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-23 05:21 . 2012-05-23 05:21 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-23 05:12 . 2012-05-23 05:12 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-23 05:12 . 2012-05-23 05:12 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-23 05:07 . 2012-05-23 05:07 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-23 05:07 . 2012-05-23 05:07 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-23 05:06 . 2012-05-23 05:06 -------- d-----w- c:\program files (x86)\MSXML 4.0

2012-05-23 05:06 . 2012-05-23 05:06 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-05-23 05:06 . 2012-05-23 05:06 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-05-23 05:06 . 2012-05-23 05:06 1139200 ----a-w- c:\windows\system32\FntCache.dll

2012-05-23 05:04 . 2012-02-23 04:24 24408 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

2012-05-23 04:57 . 2012-05-23 04:57 -------- d-----w- c:\programdata\IObit

2012-05-23 04:57 . 2012-05-24 02:11 -------- d-----w- c:\users\cboyan\AppData\Roaming\IObit

2012-05-23 04:57 . 2012-05-23 04:57 -------- d-----w- c:\program files (x86)\IObit

2012-05-23 04:35 . 2012-05-23 04:35 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-05-22 16:16 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{798E5394-519C-4EE3-B5D0-25CE05F5B854}\mpengine.dll

2012-05-21 22:37 . 2012-05-21 22:37 -------- d-----r- c:\users\cboyan\AppData\Roaming\Brother

2012-05-21 05:35 . 2012-05-21 05:35 -------- d-----w- c:\users\cboyan\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1

2012-05-21 05:34 . 2012-05-21 05:34 -------- d-----w- c:\users\cboyan\AppData\Roaming\Wacom

2012-05-21 05:34 . 2012-05-21 05:35 -------- d-----w- c:\programdata\Wacom

2012-05-21 05:34 . 2012-05-23 05:31 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2012-05-21 05:33 . 2012-05-21 05:34 -------- d-----w- c:\program files (x86)\Bamboo Dock

2012-05-19 07:50 . 2012-05-19 07:50 -------- d-----w- c:\programdata\NCH Software

2012-05-19 07:49 . 2012-05-19 07:49 -------- d-----w- c:\users\cboyan\AppData\Roaming\NCH Software

2012-05-19 07:31 . 2012-05-19 07:45 -------- d-----w- c:\users\cboyan\AppData\Roaming\FileZilla

2012-05-18 05:47 . 2012-05-18 05:47 -------- d-----w- c:\program files (x86)\TortoiseHg

2012-05-18 05:46 . 2012-05-18 05:47 -------- d-----w- c:\program files\TortoiseHg

2012-05-18 05:23 . 2012-05-23 13:16 -------- d-----w- c:\windows\system32\appmgmt

2012-05-18 05:19 . 2012-05-18 05:47 -------- d-----w- c:\program files (x86)\Kiln Client

2012-05-18 05:19 . 2012-05-18 05:47 -------- d-----w- c:\users\cboyan\AppData\Local\KilnExtensions

2012-05-10 20:41 . 2012-05-19 21:49 -------- d-----w- c:\program files (x86)\PuTTY

2012-05-10 19:24 . 2012-05-23 14:17 -------- d-----w- c:\users\cboyan\AppData\Roaming\TortoiseHg

2012-05-10 06:08 . 2012-05-10 06:08 -------- d-----w- c:\program files (x86)\SQL Accessories

2012-05-10 06:06 . 2012-05-10 06:27 -------- d-----w- c:\users\cboyan\AppData\Roaming\TulaSoft

2012-05-10 04:10 . 2012-05-10 04:10 -------- d-----w- c:\windows\SysWow64\QuickTime

2012-05-10 04:10 . 2012-05-10 04:10 -------- d-----w- c:\program files (x86)\QuickTime

2012-05-10 04:10 . 2012-05-10 04:10 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared

2012-05-09 20:48 . 2012-05-09 20:48 -------- d-----w- c:\users\cboyan\.swt

2012-05-09 20:45 . 2012-05-24 07:05 -------- d-----w- c:\program files (x86)\thinkorswim

2012-05-09 20:01 . 2012-05-09 20:01 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-05-09 20:01 . 2012-05-09 20:01 -------- d-----w- c:\program files (x86)\Oracle

2012-05-09 20:00 . 2012-05-09 20:00 772552 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-05-08 12:13 . 2012-05-08 12:14 -------- d-----w- c:\program files (x86)\Git

2012-05-08 11:12 . 2012-05-08 11:12 -------- d-----w- c:\users\cboyan\AppData\Local\Windows Live Writer

2012-05-08 11:12 . 2012-05-08 11:12 -------- d-----w- c:\users\cboyan\AppData\Roaming\Windows Live Writer

2012-05-08 06:54 . 2012-05-08 06:54 -------- d-----w- c:\users\cboyan\AppData\Local\Apps

2012-05-08 06:54 . 2012-05-08 07:49 -------- d-----w- c:\users\cboyan\AppData\Local\Deployment

2012-05-08 00:45 . 2012-05-08 00:45 -------- d-----w- c:\program files (x86)\TeamViewer

2012-05-08 00:44 . 2012-05-08 00:52 -------- d-----w- c:\users\cboyan\AppData\Roaming\TeamViewer

2012-05-07 05:45 . 2012-05-07 05:46 -------- d-----w- c:\program files (x86)\Singorama

2012-05-07 01:33 . 2012-05-07 01:33 -------- d-----w- c:\program files (x86)\WinDirStat

2012-05-07 00:24 . 2012-05-07 00:25 -------- d-----w- c:\users\cboyan\AppData\Roaming\XMind

2012-05-07 00:24 . 2012-04-04 08:47 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-05-07 00:24 . 2012-05-09 20:00 -------- d-----w- c:\program files (x86)\Java

2012-05-07 00:23 . 2012-05-07 00:25 -------- d-----w- c:\program files (x86)\XMind

2012-05-04 21:18 . 2012-05-04 22:18 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-05-04 19:49 . 2012-05-04 19:49 -------- d-----r- c:\users\cboyan\Virtual Machines

2012-05-04 18:57 . 2012-05-04 18:57 -------- d-----w- c:\program files\Carbonite

2012-05-04 18:56 . 2012-05-04 18:56 -------- d-----w- c:\programdata\Carbonite

2012-05-04 18:56 . 2012-05-04 18:56 -------- d-----w- c:\program files (x86)\Carbonite

2012-05-02 21:42 . 2012-05-02 21:42 -------- d-----w- c:\program files (x86)\WinMerge

2012-05-02 21:42 . 2008-12-21 13:22 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-05-02 21:42 . 2008-12-21 13:22 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-05-02 21:42 . 2008-12-21 13:22 1047552 ----a-w- c:\windows\SysWow64\mfc71u.dll

2012-05-01 22:15 . 2012-05-01 22:15 -------- d-----w- c:\users\cboyan\AppData\Local\ActiveState

2012-05-01 22:15 . 2012-05-01 22:15 -------- d-----w- c:\program files (x86)\ActiveState Komodo Edit 7

2012-05-01 04:08 . 2012-05-23 14:18 -------- d-----r- c:\users\cboyan\Dropbox

2012-05-01 04:05 . 2012-05-23 14:18 -------- d-----w- c:\users\cboyan\AppData\Roaming\Dropbox

2012-05-01 00:27 . 2012-05-01 00:27 -------- d-----w- c:\program files\7-Zip

2012-04-30 21:35 . 2012-04-30 21:35 -------- d-----w- c:\windows\en

2012-04-30 21:11 . 2012-04-30 21:11 -------- dc----w- c:\windows\system32\DRVSTORE

2012-04-30 21:11 . 2012-03-08 08:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2012-04-30 21:11 . 2012-04-30 21:37 -------- d-----w- c:\program files (x86)\Windows Live

2012-04-30 21:09 . 2012-04-30 21:11 -------- d-----w- c:\program files\Windows Live

2012-04-30 21:08 . 2012-05-23 14:45 -------- d-----w- c:\program files (x86)\Microsoft

2012-04-30 21:07 . 2009-09-04 07:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll

2012-04-30 21:07 . 2009-09-04 07:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll

2012-04-30 21:07 . 2009-09-04 07:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2012-04-30 21:07 . 2009-09-04 07:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll

2012-04-30 21:07 . 2006-11-29 03:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll

2012-04-30 21:07 . 2006-11-29 03:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll

2012-04-30 21:05 . 2012-05-09 03:06 -------- d-----w- c:\users\cboyan\AppData\Local\Windows Live

2012-04-30 21:05 . 2012-04-30 21:05 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

2012-04-30 20:51 . 2012-04-30 20:51 -------- d-----w- c:\program files (x86)\Toolheap

2012-04-30 06:25 . 2012-04-30 06:25 -------- d-----w- c:\windows\system32\log

2012-04-30 06:24 . 2012-05-16 22:26 -------- d-----w- c:\program files (x86)\Trend Micro

2012-04-28 04:57 . 2012-04-28 04:57 -------- d-----w- c:\users\cboyan\.thumbnails

2012-04-28 04:57 . 2012-05-23 00:42 -------- d-----w- c:\users\cboyan\AppData\Roaming\gtk-2.0

2012-04-28 04:56 . 2012-05-23 00:43 -------- d-----w- c:\users\cboyan\.gimp-2.6

2012-04-28 04:56 . 2012-04-28 04:56 -------- d-----w- c:\program files (x86)\GIMP-2.0

2012-04-27 20:22 . 2012-04-27 20:22 -------- d-----w- c:\users\cboyan\.astah

2012-04-27 19:47 . 2012-04-27 19:47 -------- d-----w- c:\program files\astah-community

2012-04-27 02:58 . 2012-04-27 02:58 -------- d-----w- c:\program files (x86)\Common Files\L&H

2012-04-27 02:58 . 2012-04-27 02:58 -------- d-----w- c:\program files (x86)\Microsoft ActiveSync

2012-04-26 20:28 . 2012-04-26 20:28 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-04-26 20:28 . 2012-04-26 20:28 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-26 20:28 . 2012-04-26 20:28 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-04-26 20:24 . 2012-04-30 06:30 -------- d-----w- C:\Temp

2012-04-26 03:09 . 2012-04-26 03:09 -------- d-----w- C:\ce63aace5aa4df012bfdc6d67e91dd

2012-04-26 02:25 . 2012-04-26 02:26 -------- d-----w- c:\windows\system32\%drive%

2012-04-26 02:25 . 2012-04-26 02:25 -------- d-----w- c:\programdata\LabTech

2012-04-26 02:25 . 2012-05-24 19:44 -------- d-----w- c:\windows\LTSvc

2012-04-24 21:46 . 2012-05-24 17:03 -------- d-----w- c:\users\cboyan\AppData\Roaming\PrimoPDF

2012-04-24 21:45 . 2011-02-28 22:37 95008 ----a-w- c:\windows\system32\Primomonnt.dll

2012-04-24 21:45 . 2012-04-24 21:45 -------- d-----w- c:\program files (x86)\Nitro PDF

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-24 19:44 . 2012-04-17 07:40 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin

2012-05-23 05:35 . 2012-04-14 05:47 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-23 05:35 . 2012-04-14 05:47 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-30 21:10 . 2011-03-28 08:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-04-16 17:10 . 2012-04-14 07:41 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2012-04-14 21:24 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-04-14 21:24 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-04-14 05:48 . 2012-04-14 05:48 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-04-14 05:48 . 2012-04-14 05:48 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-04-14 05:48 . 2012-04-14 05:48 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-04-14 05:48 . 2012-04-14 05:48 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-04-14 05:48 . 2012-04-14 05:48 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-04-14 05:48 . 2012-04-14 05:48 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-04-14 05:48 . 2012-04-14 05:48 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-04-14 05:48 . 2012-04-14 05:48 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-04-14 05:48 . 2012-04-14 05:48 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-04-14 05:48 . 2012-04-14 05:48 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-04-14 05:48 . 2012-04-14 05:48 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-04-14 05:48 . 2012-04-14 05:48 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-04-14 05:48 . 2012-04-14 05:48 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-04-14 05:48 . 2012-04-14 05:48 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-04-14 05:48 . 2012-04-14 05:48 222208 ----a-w- c:\windows\system32\msls31.dll

2012-04-14 05:48 . 2012-04-14 05:48 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-04-14 05:48 . 2012-04-14 05:48 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-04-14 05:48 . 2012-04-14 05:48 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-04-14 05:48 . 2012-04-14 05:48 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-04-14 05:48 . 2012-04-14 05:48 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-04-14 05:48 . 2012-04-14 05:48 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-04-14 05:48 . 2012-04-14 05:48 12288 ----a-w- c:\windows\system32\mshta.exe

2012-04-14 05:48 . 2012-04-14 05:48 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-04-14 05:48 . 2012-04-14 05:48 114176 ----a-w- c:\windows\system32\admparse.dll

2012-04-14 05:48 . 2012-04-14 05:48 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-04-14 05:48 . 2012-04-14 05:48 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-04-14 05:48 . 2012-04-14 05:48 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-04-14 05:48 . 2012-04-14 05:48 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-04-14 05:48 . 2012-04-14 05:48 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-04-14 05:48 . 2012-04-14 05:48 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-04-14 05:48 . 2012-04-14 05:48 448512 ----a-w- c:\windows\system32\html.iec

2012-04-14 05:48 . 2012-04-14 05:48 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-04-14 05:48 . 2012-04-14 05:48 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-04-14 05:48 . 2012-04-14 05:48 160256 ----a-w- c:\windows\system32\wextract.exe

2012-04-03 19:16 . 2012-04-03 08:03 1562 ----a-w- c:\users\cboyan\advanced_ip_scanner_MAC.bin

2012-03-08 08:50 . 2012-03-08 08:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

2012-03-08 08:37 . 2012-03-08 08:37 302448 ----a-w- c:\windows\WLXPGSS.SCR

2012-03-01 06:46 . 2012-04-14 19:54 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:38 . 2012-04-14 19:54 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 06:33 . 2012-04-14 19:54 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 06:28 . 2012-04-14 19:54 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-01 05:37 . 2012-04-14 19:54 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-03-01 05:33 . 2012-04-14 19:54 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:29 . 2012-04-14 19:54 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-02-28 06:56 . 2012-04-14 21:05 2311168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 06:49 . 2012-04-14 21:05 1390080 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 06:48 . 2012-04-14 21:05 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 06:42 . 2012-04-14 21:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-28 01:18 . 2012-04-14 21:05 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-02-28 01:11 . 2012-04-14 21:05 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-02-28 01:11 . 2012-04-14 21:05 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2012-02-28 01:03 . 2012-04-14 21:05 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 08:50 66312 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 08:50 66312 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 08:50 66312 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 08:50 66312 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 08:50 66312 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 08:50 66312 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 08:50 66312 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 08:50 66312 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 08:50 66312 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2012-03-16 11:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2012-03-16 11:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2012-03-16 11:06 1008784 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\cboyan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\cboyan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\cboyan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe" [2012-01-09 1712656]

"tvncontrol"="c:\windows\LTsvc\tvnserver.exe" [2012-05-24 819200]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Network Monitoring Tray.lnk - c:\windows\LTSvc\LTTray.exe [2012-4-26 1282888]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux6"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 glideusb;GlidePoint USB Touchpad Filter;c:\windows\system32\DRIVERS\glideusb.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]

R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-04-23 428384]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]

S2 LTService;Netlink Monitoring Service;c:\windows\LTSvc\LTSVC.exe [2012-04-26 12542976]

S2 LTSvcMon;Netlink Monitoring Service CheckUp Util;c:\windows\LTsvc\LTSvcMon.exe [2012-04-26 96768]

S2 svcGenericHost;Trend Micro Client/Server Security Agent;c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [2012-04-30 50704]

S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]

S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [2011-07-12 342288]

S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [2011-07-12 42768]

S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-17 450848]

S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [2012-03-15 918032]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 08:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 08:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 08:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 08:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 08:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 08:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 08:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 08:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2010-04-23 08:50 76040 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2012-03-16 10:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2012-03-16 10:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2012-03-16 10:58 1279120 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\cboyan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\cboyan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\cboyan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\cboyan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

TCP: DhcpNameServer = 61.9.211.1 61.9.211.33

FF - ProfilePath - c:\users\cboyan\AppData\Roaming\Mozilla\Firefox\Profiles\bws4egot.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3201318&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3201318&SearchSource=2&q=

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-810749614-2223256550-641000648-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-810749614-2223256550-641000648-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe

.

**************************************************************************

.

Completion time: 2012-05-25 05:49:42 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-24 19:49

.

Pre-Run: 618,253,783,040 bytes free

Post-Run: 618,235,539,456 bytes free

.

- - End Of File - - B47F320AA62F48DF12CD10C6EAE76C69

TDSSKiller.2.7.37.0_25.05.2012_05.28.38_log.txt

Link to post
Share on other sites

I have also just finished running Security Check. Here is the log file from that program:

Security Check log

------------------------------------------------------------------------------

Results of screen317's Security Check version 0.99.38

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Trend Micro Client/Server Security Agent Antivirus

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes Anti-Malware version 1.61.0.1400

JavaFX 2.1.0

Java 6 Update 20

Java 7 Update 4

Adobe Reader X (10.1.3)

Mozilla Firefox (12.0)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Trend Micro OfficeScan Client pccntmon.exe

cboyan Downloads Software AntiMalware\securitycheck\SecurityCheck.exe

Trend Micro Client Server Security Agent ntrtscan.exe

Trend Micro Client Server Security Agent HostedAgent svcGenericHost.exe

Trend Micro Client Server Security Agent tmlisten.exe

Trend Micro Client Server Security Agent HostedAgent HostedAgent.exe

Trend Micro BM TMBMSRV.exe

Trend Micro Client Server Security Agent TmProxy.exe

``````````End of Log````````````

Link to post
Share on other sites

That is good news! and no problem. :)

Let me know if you encounter any further difficulty with your internet connection- that's a pretty common consequence of the type of malware we just cleaned.

With that said, your logs are looking good. Before we move on to the next step, let's run an online scan to verify that there's no traces left that we may have missed:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Please post that log in your next reply, and let me know how things go :).

Link to post
Share on other sites

Okay .. the scan ran for nearly a whole day but the results are done. I forgot to uncheck the Remove found threats box .. however, it looks like I can restore any of these that I need/want to.

C:\Qoobox\Quarantine\C\Users\cboyan\AppData\Local\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\n.vir Win64/Sirefef.W trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan deleted - quarantined

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan deleted - quarantined

C:\Qoobox\Quarantine\C\Windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\n.vir Win64/Sirefef.W trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\U\00000008.@.vir Win64/Agent.BA trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Windows\Installer\{adac30f1-7b66-a21a-2c9f-9d124cc486fd}\U\80000000.@.vir Win64/Sirefef.AE trojan cleaned by deleting - quarantined

C:\Users\cboyan\Downloads\winamp5623_full_emusic-7plus_all.exe Win32/OpenCandy application deleted - quarantined

C:\Users\cboyan\Downloads\Software\FLVPlayers\cnet_FLVPlayerSetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

C:\Users\cboyan\Downloads\Software\FLVPlayers\flvplayer-setup.exe Win32/DownloadAdmin.A.Gen application deleted - quarantined

C:\Users\cboyan\Downloads\Software\MessengerDetect\FacebookChecker.exe a variant of Win32/AIMMonitorSniffer.A application deleted - quarantined

C:\Users\cboyan\Downloads\Software\PCMaintenance\AdvancedSystemCareV5\asc-setup.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined

C:\Users\cboyan\Downloads\Software\PCMaintenance\AdvanceSystemCareV4\asc-setup.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined

C:\Users\cboyan\Downloads\Software\PCMaintenance\SmartDefrag\sd2-setup220.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined

C:\Users\cboyan\Downloads\Software\PDFGeneration\PrimoPDF\InternationalPrimoPDF.exe Win32/OpenCandy application deleted - quarantined

C:\Users\cboyan\Downloads\Software\VideoCache\OrbitDownloaderSetup.exe Win32/OpenCandy application deleted - quarantined

C:\Users\cboyan\Downloads\Software\Winamp\winamp5621_full_emusic-7plus_en-us.exe Win32/OpenCandy application deleted - quarantined

Looks like there were still some trojans hiding around (??). What about the OpenCandy and Toolbar.Widgi application warnings. Are these okay to restore?

Thanks again for your help. System seems to be working fine which is a massive relief!!

Link to post
Share on other sites

Looks like there were still some trojans hiding around (??). What about the OpenCandy and Toolbar.Widgi application warnings. Are these okay to restore?

Personally, I'd leave them all deleted, though the really only dangerous ones are marked as "Win64/Sirefef.W" or something similar. The rest are just adware/potentially unwanted software.

Glad to hear things are running smoothly! I'd say at this point, you're clean ;).

Unless there are any further issues, I will now provide you with some suggestions for security software.

First, let's remove ComboFix:

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

Thanks for your help.

I have Trend Micro installed and running as part of our office's network protection. I'm not sure if that gives me a lot of confidence considering this virus installed while Trend was running though!

I believe that Avast can run as a "secondary" protection layer ... would you recommend that I install it as well?

I already use Firefox but I will look into the anti spyware programs you suggested as well.

Thanks again!

Link to post
Share on other sites

Thanks for your help.

My pleasure :).

I have Trend Micro installed and running as part of our office's network protection. I'm not sure if that gives me a lot of confidence considering this virus installed while Trend was running though!

I believe that Avast can run as a "secondary" protection layer ... would you recommend that I install it as well?

I would not suggest that- running 2 antivirus programs at the same time is dangerous, because it may cause them to conflict, leaving you actually less-protected in the end. Malwarebytes should be compatable with either of these, so you should be fine with either Trend Micro + Malwarebytes, or Avast + Malwarebytes, but not a combination of the two.

Let me know if you have any further questions ;).

Link to post
Share on other sites

Glad to hear things are well! If you have any other questions or concerns, don't hesitate to ask. ;)

Otherwise, I will have this thread closed. You can still reach me by private message here on the site if you need anything. :)

Kind regards,

-DFB

Link to post
Share on other sites

  • 2 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.