Jump to content

moneypak infection, please help


Recommended Posts

See if you can do this, don't worry about the search part for services.exe:

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

OK i was succesfully able to run it HEre are the logs

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2012

Ran by SYSTEM at 10-12-2012 18:48:53

Running from F:\

Windows 7 Ultimate (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)

HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2763776 2009-10-27] (VIA)

HKLM-x32\...\Run: [six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b [5301888 2010-02-03] (

ASUSTeK Computer Inc.)

HKLM-x32\...\Run: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe" -b [5665280 2009-11-19] (ASUSTeK Computer Inc.)

HKLM-x32\...\Run: [Ai Nap] "C:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe" [2079872 2010-02-03] (ASUSTeK Computer Inc.)

HKLM-x32\...\Run: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe" [872576 2010-02-03] (ASUSTeK Computer Inc.)

HKLM-x32\...\Run: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [887936 2009-12-28] ()

HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-07-11] (Nullsoft, Inc.)

HKLM-x32\...\Run: [startNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" [x]

HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-11-19] (LogMeIn Inc.)

HKU\skamfull\...\Run: [Google Update] "C:\Users\skamfull\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-12] (Google Inc.)

HKU\skamfull\...\Run: [Akamai NetSession Interface] "C:\Users\skamfull\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)

HKU\skamfull\...\Policies\system: [DisableTaskMgr] 1

HKLM\...\Winlogon: [shell] explorer.exe, C:\Users\skamfull\AppData\Roaming\juivMvky [x ] ()

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

Tcpip\..\Interfaces\{1698F823-99B0-432B-B4DB-7FB32E3582FC}: [NameServer]8.8.8.8

Startup: C:\Users\All Users\Start Menu\Programs\Startup\LOLRecorder.lnk

ShortcutTarget: LOLRecorder.lnk -> C:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay)

Startup: C:\Users\skamfull\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> (No File)

Startup: C:\Users\skamfull\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

Startup: C:\Users\skamfull\Start Menu\Programs\Startup\Trillian.lnk

ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)

==================== Services (Whitelisted) ===================

2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.)

3 BrlAPI; C:\cygwin\bin\cygrunsrv.exe [68096 2008-03-18] ()

2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [626208 2009-08-10] ()

2 libusbd; C:\Windows\SysWow64\libusbd-nt.exe [18944 2005-03-09] (http://libusb-win32.sourceforge.net)

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)

3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)

2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()

2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [265952 2012-06-22] ()

2 postgresql-x64-9.1; C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N "postgresql-x64-9.1" -D "C:/Program Files/PostgreSQL/9.1/data" -w [x]

==================== Drivers (Whitelisted) =====================

1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2009-08-03] ()

3 libusb0; C:\Windows\SysWow64\Drivers\libusb0.sys [33792 2005-03-09] ()

0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)

3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()

3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-12-10 05:03 - 2012-12-10 08:59 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0

2012-12-09 20:12 - 2012-12-09 20:12 - 00000000 ____D C:\FRST

2012-12-09 19:51 - 2012-12-10 17:19 - 00112640 ____A C:\Users\skamfull\AppData\Roaming\juivMvky.exe

2012-12-09 19:49 - 2012-12-10 17:19 - 00112640 ____A C:\Users\skamfull\AppData\Local\juivMvky.exe

2012-12-09 19:49 - 2012-12-10 16:34 - 00112640 ____A C:\Users\All Users\juivMvky.exe

2012-12-06 18:08 - 2012-12-06 18:09 - 28202750 ____A C:\Users\skamfull\Desktop\The Most Astounding Fact - Animated(720p_H.264-AAC).mp4

2012-12-05 19:30 - 2012-12-05 19:42 - 317391242 ____A C:\Users\skamfull\Desktop\Chicago.Fire.S01E08.HDTV.x264-LOL.mp4

2012-12-05 13:50 - 2012-12-05 16:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-12-04 20:52 - 2012-12-04 23:00 - 302149686 ____A C:\Users\skamfull\Desktop\leverage.s05e12.hdtv.x264-2hd.mp4

2012-12-04 18:56 - 2012-12-04 19:06 - 148792837 ____A C:\Users\skamfull\Desktop\Go.On.S01E11.HDTV.x264-LOL.mp4

2012-12-04 16:34 - 2012-12-04 17:21 - 688998247 ____A C:\Users\skamfull\Desktop\WishMeAway2011DVDRipx264AACPLAYNOW.mp4

2012-11-28 12:18 - 2012-11-28 12:18 - 00114976 ____A C:\Users\skamfull\AppData\Local\GDIPFONTCACHEV1.DAT

2012-11-28 12:17 - 2012-11-28 12:17 - 00437384 ____A C:\Windows\System32\FNTCACHE.DAT

2012-11-27 22:43 - 2012-12-10 18:44 - 01125288 ____A C:\Windows\setupact.log

2012-11-27 22:43 - 2012-11-27 22:43 - 00000000 ____A C:\Windows\setuperr.log

2012-11-27 16:44 - 2012-11-27 18:28 - 00000026 ____A C:\Users\skamfull\Desktop\router.txt

2012-11-27 16:20 - 2012-11-27 16:20 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2012-11-24 10:14 - 2012-11-24 10:14 - 00000000 ____D C:\Users\skamfull\AppData\Roaming\StartNow Toolbar

2012-11-21 19:25 - 2012-11-21 19:25 - 00000000 ____D C:\Users\skamfull\Desktop\Chew7 v1.1

2012-11-21 17:48 - 2012-11-21 17:48 - 05392710 ____A C:\Users\skamfull\Documents\USB3_Intel_Win7_64_Z103214.zip

2012-11-21 17:45 - 2012-11-21 17:45 - 05810461 ____A C:\Users\skamfull\Desktop\LAN_Realtek_Win7_64_Z7488232011.zip

2012-11-18 18:47 - 2012-11-18 18:47 - 00203386 ____A C:\Users\skamfull\Desktop\THE HOBBIT2.xps

2012-11-18 01:44 - 2012-10-02 11:50 - 02557800 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll

2012-11-15 22:31 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-11-15 22:31 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-11-15 22:31 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-11-15 22:31 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-11-15 22:31 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-11-15 22:31 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-11-15 22:31 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-11-15 22:31 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-11-15 22:31 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-11-15 22:31 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-11-15 22:31 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-11-15 22:31 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-11-15 22:31 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-11-15 22:31 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-11-15 22:31 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-11-15 22:31 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-11-15 22:31 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-11-15 22:31 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-11-15 22:31 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-11-15 22:31 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-11-15 22:31 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-11-15 22:31 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-11-15 22:31 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-11-15 22:31 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-11-15 22:31 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-11-15 22:31 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-11-15 22:31 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-11-15 22:31 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-11-15 22:31 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-11-15 22:31 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-11-15 22:31 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-11-15 22:31 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-11-15 17:31 - 2012-11-15 17:32 - 08265705 ____A C:\Users\skamfull\Desktop\HEYYEYAAEYAAAEYAEYAA(360p_H.264-AAC).mp4

2012-11-15 17:31 - 2012-11-15 17:32 - 05008182 ____A C:\Users\skamfull\Desktop\HEYYEYAAEYAAAEYAEYAA(240p_H.263-MP3).flv

2012-11-15 12:42 - 2012-10-18 10:18 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-11-15 12:42 - 2012-09-25 14:39 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll

2012-11-15 12:42 - 2012-09-25 13:55 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll

2012-11-14 20:45 - 2012-11-14 21:04 - 310355808 ____A C:\Users\skamfull\Desktop\Chicago.Fire.S01E06.HDTV.x264-LOL.mp4

2012-11-12 18:32 - 2012-11-12 18:33 - 84510349 ____A C:\Users\skamfull\Desktop\Space Stallions(720p_H.264-AAC).mp4

2012-11-10 20:36 - 2012-11-10 20:36 - 00001964 ____A C:\Users\Public\Desktop\Opera 12.11 1661.lnk

2012-11-10 02:13 - 2012-11-10 02:13 - 13529576 ____A (Microsoft Corporation) C:\Users\skamfull\Downloads\mseinstall.exe

2012-11-10 00:43 - 2012-11-24 16:59 - 00000000 ____D C:\Users\skamfull\AppData\Roaming\Spotify

2012-11-10 00:43 - 2012-11-24 15:04 - 00000000 ____D C:\Users\skamfull\AppData\Local\Spotify

2012-11-10 00:43 - 2012-11-10 00:43 - 00001823 ____A C:\Users\skamfull\Desktop\Spotify.lnk

2012-11-10 00:42 - 2012-11-10 00:43 - 00088640 ____A (Spotify Ltd) C:\Users\skamfull\Downloads\SpotifySetup.exe

==================== One Month Modified Files and Folders =======

2012-12-10 18:44 - 2012-11-27 22:43 - 01125288 ____A C:\Windows\setupact.log

2012-12-10 18:44 - 2011-09-13 17:32 - 00000000 ____D C:\Users\All Users\NVIDIA

2012-12-10 18:44 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-12-10 17:19 - 2012-12-09 19:51 - 00112640 ____A C:\Users\skamfull\AppData\Roaming\juivMvky.exe

2012-12-10 17:19 - 2012-12-09 19:49 - 00112640 ____A C:\Users\skamfull\AppData\Local\juivMvky.exe

2012-12-10 16:34 - 2012-12-09 19:49 - 00112640 ____A C:\Users\All Users\juivMvky.exe

2012-12-10 08:59 - 2012-12-10 05:03 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0

2012-12-09 20:12 - 2012-12-09 20:12 - 00000000 ____D C:\FRST

2012-12-09 19:52 - 2011-09-10 03:16 - 00000000 ____D C:\users\skamfull

2012-12-09 19:44 - 2011-10-12 11:14 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2018965626-3746427808-1709343158-1000UA.job

2012-12-09 19:38 - 2011-09-27 16:41 - 00000000 ____D C:\Users\skamfull\AppData\Roaming\vlc

2012-12-09 18:40 - 2011-09-10 03:23 - 01984231 ____A C:\Windows\WindowsUpdate.log

2012-12-09 13:00 - 2009-07-13 20:45 - 00017440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-12-09 13:00 - 2009-07-13 20:45 - 00017440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-12-09 10:04 - 2011-10-31 18:12 - 00000000 ____D C:\Users\skamfull\AppData\Roaming\Dropbox

2012-12-09 10:03 - 2011-09-10 00:23 - 00000000 ____D C:\Users\skamfull\AppData\Local\LogMeIn Hamachi

2012-12-09 10:03 - 2011-09-10 00:16 - 00000000 ____D C:\Program Files (x86)\Trillian

2012-12-07 17:58 - 2011-09-10 04:33 - 00000000 ____D C:\Program Files (x86)\Steam

2012-12-06 18:09 - 2012-12-06 18:08 - 28202750 ____A C:\Users\skamfull\Desktop\The Most Astounding Fact - Animated(720p_H.264-AAC).mp4

2012-12-06 13:10 - 2012-04-27 18:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2012-12-05 19:42 - 2012-12-05 19:30 - 317391242 ____A C:\Users\skamfull\Desktop\Chicago.Fire.S01E08.HDTV.x264-LOL.mp4

2012-12-05 16:28 - 2012-12-05 13:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2012-12-04 23:00 - 2012-12-04 20:52 - 302149686 ____A C:\Users\skamfull\Desktop\leverage.s05e12.hdtv.x264-2hd.mp4

2012-12-04 19:06 - 2012-12-04 18:56 - 148792837 ____A C:\Users\skamfull\Desktop\Go.On.S01E11.HDTV.x264-LOL.mp4

2012-12-04 17:21 - 2012-12-04 16:34 - 688998247 ____A C:\Users\skamfull\Desktop\WishMeAway2011DVDRipx264AACPLAYNOW.mp4

2012-12-04 16:22 - 2011-09-14 20:36 - 00000000 ____D C:\users\postgres

2012-12-03 19:00 - 2009-07-13 21:13 - 00871102 ____A C:\Windows\System32\PerfStringBackup.INI

2012-12-02 20:03 - 2011-09-10 02:11 - 00000000 ____D C:\Program Files (x86)\Opera

2012-12-02 10:54 - 2012-08-26 18:37 - 00000000 ____D C:\Users\skamfull\Desktop\Entertainment

2012-11-30 21:41 - 2012-09-05 19:23 - 00001905 ____A C:\Users\Public\Desktop\LOL Recorder.lnk

2012-11-30 21:41 - 2011-09-14 15:50 - 00000000 ____D C:\Program Files (x86)\LOLReplay

2012-11-29 20:38 - 2011-09-14 16:57 - 00000000 ____D C:\Users\skamfull\AppData\Roaming\Media Player Classic

2012-11-28 12:18 - 2012-11-28 12:18 - 00114976 ____A C:\Users\skamfull\AppData\Local\GDIPFONTCACHEV1.DAT

2012-11-28 12:17 - 2012-11-28 12:17 - 00437384 ____A C:\Windows\System32\FNTCACHE.DAT

2012-11-27 22:43 - 2012-11-27 22:43 - 00000000 ____A C:\Windows\setuperr.log

2012-11-27 18:28 - 2012-11-27 16:44 - 00000026 ____A C:\Users\skamfull\Desktop\router.txt

2012-11-27 16:20 - 2012-11-27 16:20 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2012-11-24 16:59 - 2012-11-10 00:43 - 00000000 ____D C:\Users\skamfull\AppData\Roaming\Spotify

2012-11-24 15:04 - 2012-11-10 00:43 - 00000000 ____D C:\Users\skamfull\AppData\Local\Spotify

2012-11-24 10:54 - 2011-09-19 14:14 - 00000000 ____D C:\Users\All Users\Adobe

2012-11-24 10:14 - 2012-11-24 10:14 - 00000000 ____D C:\Users\skamfull\AppData\Roaming\StartNow Toolbar

2012-11-24 10:14 - 2012-04-03 16:18 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-11-24 10:14 - 2011-11-10 12:28 - 00000000 ____D C:\Program Files (x86)\StartNow Toolbar

2012-11-24 10:14 - 2011-09-10 05:17 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-11-23 11:37 - 2011-10-12 11:14 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2018965626-3746427808-1709343158-1000Core.job

2012-11-21 19:25 - 2012-11-21 19:25 - 00000000 ____D C:\Users\skamfull\Desktop\Chew7 v1.1

2012-11-21 17:48 - 2012-11-21 17:48 - 05392710 ____A C:\Users\skamfull\Documents\USB3_Intel_Win7_64_Z103214.zip

2012-11-21 17:45 - 2012-11-21 17:45 - 05810461 ____A C:\Users\skamfull\Desktop\LAN_Realtek_Win7_64_Z7488232011.zip

2012-11-18 18:47 - 2012-11-18 18:47 - 00203386 ____A C:\Users\skamfull\Desktop\THE HOBBIT2.xps

2012-11-18 01:44 - 2011-09-10 01:56 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2012-11-18 01:43 - 2011-09-10 03:14 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2012-11-17 22:20 - 2011-09-10 07:13 - 00000000 ____D C:\Users\skamfull\AppData\Roaming\Skype

2012-11-16 16:47 - 2011-10-09 15:54 - 00000000 ____D C:\Program Files (x86)\JDownloader

2012-11-15 22:40 - 2011-11-10 12:45 - 00000000 ____D C:\Users\All Users\Microsoft Help

2012-11-15 22:28 - 2011-09-10 04:19 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-11-15 22:27 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini

2012-11-15 17:32 - 2012-11-15 17:31 - 08265705 ____A C:\Users\skamfull\Desktop\HEYYEYAAEYAAAEYAEYAA(360p_H.264-AAC).mp4

2012-11-15 17:32 - 2012-11-15 17:31 - 05008182 ____A C:\Users\skamfull\Desktop\HEYYEYAAEYAAAEYAEYAA(240p_H.263-MP3).flv

2012-11-14 21:04 - 2012-11-14 20:45 - 310355808 ____A C:\Users\skamfull\Desktop\Chicago.Fire.S01E06.HDTV.x264-LOL.mp4

2012-11-12 21:26 - 2011-09-12 12:03 - 00000000 ____D C:\Users\skamfull\AppData\Roaming\Winamp

2012-11-12 18:33 - 2012-11-12 18:32 - 84510349 ____A C:\Users\skamfull\Desktop\Space Stallions(720p_H.264-AAC).mp4

2012-11-10 20:36 - 2012-11-10 20:36 - 00001964 ____A C:\Users\Public\Desktop\Opera 12.11 1661.lnk

2012-11-10 02:14 - 2011-09-10 05:00 - 00002198 ____A C:\Windows\epplauncher.mif

2012-11-10 02:13 - 2012-11-10 02:13 - 13529576 ____A (Microsoft Corporation) C:\Users\skamfull\Downloads\mseinstall.exe

2012-11-10 00:43 - 2012-11-10 00:43 - 00001823 ____A C:\Users\skamfull\Desktop\Spotify.lnk

2012-11-10 00:43 - 2012-11-10 00:42 - 00088640 ____A (Spotify Ltd) C:\Users\skamfull\Downloads\SpotifySetup.exe

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-29 12:37:42

Restore point made on: 2012-12-03 12:53:39

Restore point made on: 2012-12-06 13:21:49

==================== Memory info ===========================

Percentage of memory in use: 10%

Total physical RAM: 8191.18 MB

Available physical RAM: 7356.48 MB

Total Pagefile: 8189.33 MB

Available Pagefile: 7345.62 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:405.14 GB) NTFS

2 Drive e: (KRD10) (CDROM) (Total:0.27 GB) (Free:0 GB) CDFS

3 Drive f: () (Removable) (Total:0.96 GB) (Free:0.94 GB) FAT

4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

5 Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 Online 982 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 931 GB 101 MB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 982 MB 121 KB

==================================================================================

Disk: 1

Partition 1

Type : 06

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F FAT Removable 982 MB Healthy

=========================================================

Last Boot: 2012-12-05 14:28

==================== End Of Log =============================

Farbar Recovery Scan Tool (x64) Version: 06-12-2012

Ran by SYSTEM at 2012-12-10 18:50:29

Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

Link to post
Share on other sites

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if the virus is gone.

MrC

Link to post
Share on other sites

this is the fix log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-12-2012

Ran by SYSTEM at 2012-12-10 19:58:01 Run:1

Running from F:\

==============================================

HKEY_USERS\skamfull\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr Value deleted successfully.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value was restored successfully .

C:\Users\skamfull\AppData\Roaming\juivMvky.exe moved successfully.

C:\Users\skamfull\AppData\Local\juivMvky.exe moved successfully.

C:\Users\All Users\juivMvky.exe moved successfully.

==== End of Fixlog ====

after restarting the computer normally moneypak no longer opens.

Thank you very much.

Link to post
Share on other sites

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC (be back in the am)

Link to post
Share on other sites

Here is my ComboFix.txt File Thanks for you assistance

ComboFix 12-12-10.01 - skamfull 12/10/2012 22:23:55.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.5598 [GMT -8:00]

Running from: c:\users\skamfull\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}

SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\StartNow Toolbar

c:\program files (x86)\StartNow Toolbar\Reactivate.exe

c:\program files (x86)\StartNow Toolbar\ReactivateFF.exe

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png

c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png

c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png

c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png

c:\program files (x86)\StartNow Toolbar\Resources\installer.xml

c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png

c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png

c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml

c:\program files (x86)\StartNow Toolbar\Resources\update.xml

c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe

c:\program files (x86)\StartNow Toolbar\Toolbar32.dll

c:\program files (x86)\StartNow Toolbar\ToolbarBroker.exe

c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe

c:\program files (x86)\StartNow Toolbar\uninstall.dat

c:\program files (x86)\StartNow Toolbar\XBrowser.dll

c:\users\skamfull\AppData\Roaming\Love

c:\users\skamfull\AppData\Roaming\Love\mari0\options.txt

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\injection_button.js

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\popups.js

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\printerExternalAccessFF.js

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\index.html

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\LeftImage.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\NotIE6.css

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\OnlyIE6.css

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.css

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.js

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css

c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Updater Service for StartNow Toolbar

-------\Service_Updater Service for StartNow Toolbar

.

.

((((((((((((((((((((((((( Files Created from 2012-11-11 to 2012-12-11 )))))))))))))))))))))))))))))))

.

.

2012-12-11 06:28 . 2012-12-11 06:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-12-11 06:28 . 2012-12-11 06:28 -------- d-----w- c:\users\postgres\AppData\Local\temp

2012-12-11 06:28 . 2012-12-11 06:28 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-11 04:19 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C7B47A2-915A-4F64-BB90-D77F4AF47D58}\mpengine.dll

2012-12-10 13:03 . 2012-12-10 16:59 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0

2012-12-10 04:12 . 2012-12-10 04:12 -------- d-----w- C:\FRST

2012-12-09 18:12 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-11-28 00:20 . 2012-11-28 00:20 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2012-11-24 18:14 . 2012-11-24 18:14 -------- d-----w- c:\users\skamfull\AppData\Roaming\StartNow Toolbar

2012-11-18 09:44 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll

2012-11-15 20:42 . 2012-10-18 18:18 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-11-15 20:42 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll

2012-11-15 20:42 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-24 18:14 . 2012-04-04 00:18 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-11-24 18:14 . 2011-09-10 13:17 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-11-16 06:28 . 2011-09-10 12:19 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-11 05:23 . 2012-10-11 05:23 247144 ----a-w- c:\windows\system32\nvinitx.dll

2012-10-11 05:23 . 2012-10-11 05:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-10-11 05:23 . 2012-10-11 05:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-10-11 05:23 . 2012-10-11 05:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll

2012-10-11 05:23 . 2012-10-11 05:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll

2012-10-11 05:23 . 2012-10-11 05:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-10-11 05:23 . 2012-10-11 05:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll

2012-10-11 05:23 . 2012-10-11 05:23 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll

2012-10-11 05:23 . 2012-10-11 05:23 202600 ----a-w- c:\windows\SysWow64\nvinit.dll

2012-10-11 05:23 . 2012-10-11 05:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll

2012-10-11 05:23 . 2012-10-11 05:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll

2012-10-11 05:23 . 2012-10-11 05:23 973672 ----a-w- c:\windows\system32\nvumdshimx.dll

2012-10-11 05:23 . 2012-10-11 05:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-10-11 05:23 . 2012-10-11 05:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll

2012-10-11 05:23 . 2012-10-11 05:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-10-11 05:23 . 2012-10-11 05:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-10-11 05:23 . 2012-10-11 05:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-10-11 05:22 . 2012-10-11 05:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-10-11 05:22 . 2012-10-11 05:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll

2012-10-11 05:22 . 2011-09-14 01:27 1760104 ----a-w- c:\windows\system32\nvdispco64.dll

2012-10-11 05:22 . 2012-10-11 05:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-10-11 05:22 . 2012-10-11 05:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll

2012-10-11 05:22 . 2012-10-11 05:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-10-11 05:22 . 2012-10-11 05:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-10-11 05:22 . 2012-10-11 05:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-10-02 21:15 . 2012-10-02 21:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-10-02 19:51 . 2012-04-06 04:16 3536817 ----a-w- c:\windows\system32\nvcoproc.bin

2012-10-02 19:51 . 2011-09-14 01:31 3293544 ----a-w- c:\windows\system32\nvsvc64.dll

2012-10-02 19:51 . 2011-09-14 01:31 6200680 ----a-w- c:\windows\system32\nvcpl.dll

2012-10-02 19:50 . 2011-09-14 01:31 891240 ----a-w- c:\windows\system32\nvvsvc.exe

2012-10-02 19:50 . 2011-09-14 01:31 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-10-02 19:50 . 2011-09-14 01:31 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-09-30 02:54 . 2011-09-10 12:58 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-14 19:23 . 2012-10-09 23:35 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:30 . 2012-10-09 23:35 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-01-18 08:53 . 2011-01-18 08:53 2994688 ----a-w- c:\program files\openofficeorg33.msi

2011-01-18 08:52 . 2011-01-18 08:52 475016 ----a-w- c:\program files\setup.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\skamfull\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\skamfull\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\skamfull\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\skamfull\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\skamfull\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 2763776]

"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-02-04 5301888]

"TurboV"="c:\program files (x86)\ASUS\TurboV\TurboV.exe" [2009-11-20 5665280]

"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\Q-Button\QButton.exe" [2010-02-04 2079872]

"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe" [2010-02-04 872576]

"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2009-12-29 887936]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768]

.

c:\users\skamfull\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\skamfull\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2012-7-26 2298320]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2012-10-30 522752]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [2008-03-18 68096]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [x]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-08-30 117520]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-10 1255736]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-20 2462128]

S2 postgresql-x64-9.1;postgresql-x64-9.1 - PostgreSQL Server 9.1;C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N postgresql-x64-9.1 -D C:/Program Files/PostgreSQL/9.1/data -w [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-02 2673064]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-10-21 1270784]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2018965626-3746427808-1709343158-1000Core.job

- c:\users\skamfull\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-12 19:14]

.

2012-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2018965626-3746427808-1709343158-1000UA.job

- c:\users\skamfull\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-12 19:14]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\skamfull\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\skamfull\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\skamfull\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\skamfull\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000

LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll

TCP: Interfaces\{1698F823-99B0-432B-B4DB-7FB32E3582FC}: NameServer = 8.8.8.8

FF - ProfilePath - c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\

FF - ExtSQL: 2012-11-14 20:20; jid1-xUfzOsOFlzSOXg@jetpack; c:\users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{6E13D095-45C3-4271-9475-F3B48227DD9F} - c:\program files (x86)\StartNow Toolbar\Toolbar32.dll

Toolbar-{5911488E-9D1E-40ec-8CBB-06B231CC153F} - c:\program files (x86)\StartNow Toolbar\Toolbar32.dll

Wow6432Node-HKLM-Run-StartNowToolbarHelper - c:\program files (x86)\StartNow Toolbar\ToolbarHelper.exe

BHO-{3706EE7C-3CAD-445D-8A43-03EBC3B75908} - c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll

AddRemove-5513-1208-7298-9440-1 - g:\install file and such\jdown\JDownloader\JDUninstall.exe

AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.1]

"ImagePath"="C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.1\" -D \"C:/Program Files/PostgreSQL/9.1/data\" -w"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.1]

"ImagePath"="C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.1\" -D \"C:/Program Files/PostgreSQL/9.1/data\" -w"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe

c:\program files (x86)\Java\jre7\bin\javaw.exe

.

**************************************************************************

.

Completion time: 2012-12-10 22:36:21 - machine was rebooted

ComboFix-quarantined-files.txt 2012-12-11 06:36

.

Pre-Run: 437,299,351,552 bytes free

Post-Run: 437,017,522,176 bytes free

.

- - End Of File - - 752259AE651C3DCA0228929D01091E38

Link to post
Share on other sites

Looks Good....lets check for adware...........

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

MrC

Link to post
Share on other sites

Her are the results

# AdwCleaner v2.100 - Logfile created 12/11/2012 at 12:40:15

# Updated 09/12/2012 by Xplode

# Operating system : Windows 7 Ultimate (64 bits)

# User : skamfull - SKAMFULL-PC

# Boot Mode : Normal

# Running from : C:\Users\skamfull\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}

Key Found : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}

Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE

Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject

Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject

Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}

Key Found : HKLM\SOFTWARE\Classes\ZGClnt.Mngr

Key Found : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1

Key Found : HKLM\Software\StartNow Toolbar

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar

Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}

Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default

File : C:\Users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\prefs.js

Found : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.install_folder", "C:\\Program Files (x86)\\StartNo[...]

Found : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar");

Found : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "lf.startnow.com");

-\\ Google Chrome v23.0.1271.95

File : C:\Users\skamfull\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.11.1661.0

File : C:\Users\skamfull\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3798 octets] - [11/12/2012 12:40:15]

########## EOF - C:\AdwCleaner[R1].txt - [3858 octets] ##########

Link to post
Share on other sites

Some adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then............

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

Here are the logs

# AdwCleaner v2.100 - Logfile created 12/11/2012 at 12:44:30

# Updated 09/12/2012 by Xplode

# Operating system : Windows 7 Ultimate (64 bits)

# User : skamfull - SKAMFULL-PC

# Boot Mode : Normal

# Running from : C:\Users\skamfull\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}

Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr

Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1

Key Deleted : HKLM\Software\StartNow Toolbar

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default

File : C:\Users\skamfull\AppData\Roaming\Mozilla\Firefox\Profiles\jfg95655.default\prefs.js

Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.install_folder", "C:\\Program Files (x86)\\StartNo[...]

Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar");

Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "lf.startnow.com");

-\\ Google Chrome v23.0.1271.95

File : C:\Users\skamfull\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.11.1661.0

File : C:\Users\skamfull\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3921 octets] - [11/12/2012 12:40:15]

AdwCleaner[s1].txt - [3924 octets] - [11/12/2012 12:44:30]

########## EOF - C:\AdwCleaner[s1].txt - [3984 octets] ##########

Results of screen317's Security Check version 0.99.56

Windows 7 x64 (UAC is disabled!)

Out of date service pack!!

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

Java 6 Update 22

Java 6 Update 26

Java 7 Update 9

Java 3D 1.5.1

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 11.5.502.110

Adobe Reader 10.1.4 Adobe Reader out of Date!

Mozilla Firefox (17.0.1)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 22.0.1229.96

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

Google Chrome 23.0.1271.95

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.56

Windows 7 x64 (UAC is disabled!)

Out of date service pack!! <-----please check for an update

Java™ 6 Update 22 <---uninstall from add/remove programs

Java™ 6 Update 26 <---uninstall from add/remove programs

Java 3D 1.5.1 <---uninstall from add/remove programs

Java 7 Update 9 <---OK

Adobe Flash Player 10 Flash Player out of Date! <----please uninstall from add/remove programs

Adobe Flash Player 11.5.502.110 <----OK

Adobe Reader 10.1.4 Adobe Reader out of Date! <--------please check for an update

You have out dated programs on the system which are vulnerable to malware.

Please update or uninstall them

Info on doing that can be found in my Preventive Maintenance

~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.