Jump to content

Help removing bitcoin and svchost

MBPuser

By MBPuser
in Resolved Malware Removal Logs

 Share

Recommended Posts

Maniac

Maniac

Posted
Posted

Hello MBPuser and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

I'm glad about it! :)

Please take a look at my notes and instructions again:

Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow the instructions here and then post your log files in a new reply in this thread:

Link to post
Share on other sites
MBPuser

MBPuser

Posted
  • Author
Posted

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by MBPuser at 15:52:42 on 2013-12-14
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.351.2070.18.8183.6787 [GMT 0:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Jogos\TV\TeamViewer_Service.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\schtasks.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [AdobeBridge] <no file>
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0

TCP: NameServer = 192.168.2.1
TCP: Interfaces\{694C7A94-82F2-48EC-9572-5E6211CF3860} : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\MBPuser\AppData\Roaming\Mozilla\Firefox\Profiles\tg2vb4rd.default\


FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-11-27 09:56; xw-9fkfa@eyeuoye-ae.edu; C:\Users\MBPuser\AppData\Roaming\Mozilla\Firefox\Profiles\tg2vb4rd.default\extensions\xw-9fkfa@eyeuoye-ae.edu
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-7-23 239616]
R2 TeamViewer8;TeamViewer 8;C:\Jogos\TV\TeamViewer_Service.exe [2013-8-27 4308320]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-8-5 115272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-9-1 872152]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-8-4 1342064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-4 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-4 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2013-9-1 21712]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-12-14 89304]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-4 25928]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-4 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-5 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [userChoice]
FileExt: .ini: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [userChoice]
.
=============== Created Last 30 ================
.
2013-12-14 15:24:38    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-14 15:23:59    89304    ----a-w-    C:\Windows\System32\drivers\39375AD3.sys
2013-12-14 15:23:36    89304    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-14 15:19:06    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DB825689-64B0-4242-8C65-34ED13BCF61F}\offreg.dll
2013-12-14 14:57:18    --------    d-----w-    C:\Windows\ERUNT
2013-12-13 15:48:12    10285968    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DB825689-64B0-4242-8C65-34ED13BCF61F}\mpengine.dll
2013-12-12 17:49:00    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 17:49:00    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 17:47:59    7211520    ----a-w-    C:\Program Files\Internet Explorer\F12Resources.dll
2013-12-12 15:06:20    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-12-10 01:34:08    81768    ----a-w-    C:\Windows\SysWow64\xinput1_3.dll
2013-12-03 17:17:29    --------    d-----w-    C:\Program Files (x86)\NVIDIA Corporation
2013-12-03 16:57:10    757760    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2013-12-03 16:57:10    69715    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2013-12-03 16:57:10    5632    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2013-12-03 16:57:10    274432    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2013-12-03 16:57:10    204800    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2013-12-03 16:57:09    331908    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2013-12-03 16:57:09    200836    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2013-12-03 16:41:32    --------    d--h--w-    C:\Program Files (x86)\Temp
2013-12-02 20:48:48    466456    ----a-w-    C:\Windows\System32\wrap_oal.dll
2013-12-02 20:48:48    444952    ----a-w-    C:\Windows\SysWow64\wrap_oal.dll
2013-12-02 20:48:48    122904    ----a-w-    C:\Windows\System32\OpenAL32.dll
2013-12-02 20:48:48    109080    ----a-w-    C:\Windows\SysWow64\OpenAL32.dll
2013-12-02 20:48:48    --------    d-----w-    C:\Program Files (x86)\OpenAL
2013-12-01 19:49:08    --------    d-----w-    C:\Users\MBPuser\AppData\Local\Logitech
2013-12-01 19:46:02    --------    d-----w-    C:\Program Files\Common Files\Logitech
2013-11-30 14:25:20    --------    d-----w-    C:\Users\MBPuser\AppData\Local\Rockstar Games
2013-11-27 09:55:30    --------    d-----w-    C:\ProgramData\YoutubeAdblocker
2013-11-27 09:55:30    --------    d-----w-    C:\Program Files (x86)\YoutubeAdblocker
2013-11-26 16:32:21    669956    ----a-w-    C:\Windows\SysWow64\scrypt130511Juniperglg2tc4032w64l4.bin
2013-11-23 22:28:59    529424    ----a-w-    C:\Windows\System32\d3dx10_37.dll
2013-11-20 20:00:00    --------    d-----w-    C:\Program Files\NVIDIA Corporation
2013-11-20 19:58:56    151552    ----a-w-    C:\Windows\SysWow64\nvRegDev.dll
2013-11-20 19:58:47    61440    ----a-w-    C:\Windows\SysWow64\nvPhotoshopUtil.dll
2013-11-20 19:58:47    40960    ----a-w-    C:\Windows\SysWow64\nvISWOW64.dll
2013-11-20 19:58:45    729088    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2013-11-20 19:58:45    69715    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2013-11-20 19:58:45    5632    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2013-11-20 19:58:45    32768    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2013-11-20 19:58:45    311428    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2013-11-20 19:58:45    266240    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2013-11-20 19:58:45    192512    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2013-11-20 19:58:45    188548    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2013-11-19 19:43:26    --------    d-----w-    C:\Program Files (x86)\Common Files\Steam
2013-11-15 22:25:13    56832    ------w-    C:\Windows\SysWow64\mwace.dll
2013-11-15 22:25:13    28672    ------w-    C:\Windows\SysWow64\mwgfxcopy.exe
2013-11-15 22:25:13    237056    ------w-    C:\Windows\SysWow64\mwgfx24.dll
2013-11-15 22:25:13    191488    ------w-    C:\Windows\SysWow64\mwgfx.dll
2013-11-15 22:25:13    104960    ------w-    C:\Windows\SysWow64\mwdds.dll
2013-11-15 22:25:13    --------    d-----w-    C:\Graphics
2013-11-15 18:42:04    --------    d-----w-    C:\Program Files (x86)\Code Laboratories
2013-11-15 18:42:03    --------    d-----r-    C:\Program Files (x86)\Skype
.
==================== Find3M  ====================
.
2013-12-11 01:51:06    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 01:51:06    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-11-11 05:50:16    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-10-30 02:32:01    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-10-19 02:18:57    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04    150016    ----a-w-    C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04    202752    ----a-w-    C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36    121856    ----a-w-    C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31    163840    ----a-w-    C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39    156160    ----a-w-    C:\Windows\System32\cscript.exe
2013-10-12 01:33:26    168960    ----a-w-    C:\Windows\System32\wscript.exe
2013-10-12 01:15:48    141824    ----a-w-    C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48    126976    ----a-w-    C:\Windows\SysWow64\cscript.exe
2013-10-08 06:50:37    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25:35    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17    197120    ----a-w-    C:\Windows\System32\credui.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-10-04 02:16:30    116736    ----a-w-    C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-10-04 01:36:04    230400    ----a-w-    C:\Windows\System32\drivers\portcls.sys
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\Windows\System32\lsass.exe
.
============= FINISH: 15:52:49,02 ===============


 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 04-08-2013 22:31:32
System Uptime: 14-12-2013 15:32:21 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P7P55D PRO
Processor: Intel® Core i5 CPU         650  @ 3.20GHz | LGA1156 | 3209/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 821,12 GiB free.
D: is FIXED (NTFS) - 1863 GiB total, 1510,43 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP94: 10-12-2013 01:33:48 - Installed DirectX
RP95: 10-12-2013 15:47:30 - Windows Update
RP96: 12-12-2013 17:47:12 - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS6
Adobe Reader XI (11.0.05) - Português
AMD Accelerated Video Transcoding
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
AMD Wireless Display v3.0
BS.Player PRO
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CL-Eye Driver
Fraps (remove only)
Grand Theft Auto V - The Manual
Java 7 Update 45
Java Auto Updater
Logitech Gaming Software 5.10
Malwarebytes Anti-Malware versão 1.75.0.1300
Microsoft .NET Framework 4 Client Profile PTG Language Pack
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
MotioninJoy DS3 driver version 0.6.0005
Mozilla Firefox 25.0.1 (x86 pt-PT)
Mozilla Maintenance Service
Notepad++
NVIDIA Photoshop Plug-ins 64 bit
NVIDIA PhysX
OpenAL
PDF Settings CS6
Platform
PowerISO
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft .NET Framework 4.5 (KB2861208)
Skype™ 6.10
Steam
TeamSpeak 3 Client
TeamViewer 8
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
VIA Gestor de Dispositivo de Plataforma
Windows Mobile Device Updater Component
WinRAR 5.00 (64-bit)
Xfire
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== End Of File ===========================
 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Thanks!

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites
MBPuser

MBPuser

Posted
  • Author
Posted

ComboFix 13-12-13.01 - MBPuser 14-12-2013  16:12:59.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.351.2070.18.8183.6433 [GMT 0:00]
Executando de: C:\Users\MBPuser\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Criado um novo ponto de restauração


(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\MBPuser\AppData\Roaming\Mozilla\Firefox\Profiles\tg2vb4rd.default\extensions\xw-9fkfa@eyeuoye-ae.edu
C:\Users\MBPuser\AppData\Roaming\Mozilla\Firefox\Profiles\tg2vb4rd.default\extensions\xw-9fkfa@eyeuoye-ae.edu\bootstrap.js
C:\Users\MBPuser\AppData\Roaming\Mozilla\Firefox\Profiles\tg2vb4rd.default\extensions\xw-9fkfa@eyeuoye-ae.edu\chrome.manifest
C:\Users\MBPuser\AppData\Roaming\Mozilla\Firefox\Profiles\tg2vb4rd.default\extensions\xw-9fkfa@eyeuoye-ae.edu\content\bg.js
C:\Users\MBPuser\AppData\Roaming\Mozilla\Firefox\Profiles\tg2vb4rd.default\extensions\xw-9fkfa@eyeuoye-ae.edu\install.rdf
C:\Windows\SysWow64\frapsvid.dll


((((((((((((((((   Arquivos/Ficheiros criados de 2013-11-14 to 2013-12-14  ))))))))))))))))))))))))))))


2013-12-14 16:15:57 . 2013-12-14 16:15:57    --------    d-----w-    C:\Users\Default\AppData\Local\temp
2013-12-14 15:24:38 . 2013-12-14 15:31:19    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-14 15:23:59 . 2013-12-14 15:23:59    89304    ----a-w-    C:\Windows\system32\drivers\39375AD3.sys
2013-12-14 15:23:36 . 2013-12-14 15:23:36    89304    ----a-w-    C:\Windows\system32\drivers\mbamchameleon.sys
2013-12-14 15:19:06 . 2013-12-14 15:19:06    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DB825689-64B0-4242-8C65-34ED13BCF61F}\offreg.dll
2013-12-14 14:57:18 . 2013-12-14 14:57:18    --------    d-----w-    C:\Windows\ERUNT
2013-12-13 15:48:12 . 2013-11-08 03:12:00    10285968    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DB825689-64B0-4242-8C65-34ED13BCF61F}\mpengine.dll
2013-12-12 17:49:00 . 2013-05-10 04:30:50    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 17:49:00 . 2013-05-10 03:48:09    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 17:47:59 . 2013-11-26 10:07:05    7211520    ----a-w-    C:\Program Files\Internet Explorer\F12Resources.dll
2013-12-12 15:06:20 . 2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-12-10 01:34:08 . 2007-04-04 18:53:42    81768    ----a-w-    C:\Windows\SysWow64\xinput1_3.dll
2013-12-03 17:17:29 . 2013-12-03 17:17:29    --------    d-----w-    C:\Program Files (x86)\NVIDIA Corporation
2013-12-03 17:17:29 . 2013-12-03 17:17:29    --------    d-----w-    C:\Program Files (x86)\AGEIA Technologies
2013-12-03 16:57:10 . 2006-02-07 15:45:54    757760    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2013-12-03 16:57:10 . 2006-02-07 15:40:38    204800    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2013-12-03 16:57:10 . 2006-02-07 15:40:30    69715    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2013-12-03 16:57:10 . 2006-02-07 15:40:22    274432    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2013-12-03 16:57:10 . 2005-11-13 23:19:18    5632    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2013-12-03 16:57:09 . 2013-12-03 16:57:09    331908    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2013-12-03 16:57:09 . 2013-12-03 16:57:09    200836    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2013-12-03 16:41:32 . 2013-12-03 17:04:08    --------    d--h--w-    C:\Program Files (x86)\Temp
2013-12-02 20:48:48 . 2013-12-02 23:00:26    466456    ----a-w-    C:\Windows\system32\wrap_oal.dll
2013-12-02 20:48:48 . 2013-12-02 23:00:26    444952    ----a-w-    C:\Windows\SysWow64\wrap_oal.dll
2013-12-02 20:48:48 . 2013-12-02 23:00:26    122904    ----a-w-    C:\Windows\system32\OpenAL32.dll
2013-12-02 20:48:48 . 2013-12-02 23:00:26    109080    ----a-w-    C:\Windows\SysWow64\OpenAL32.dll
2013-12-02 20:48:48 . 2013-12-02 23:00:26    --------    d-----w-    C:\Program Files (x86)\OpenAL
2013-12-01 19:49:08 . 2013-12-01 19:49:08    --------    d-----w-    C:\Users\MBPuser\AppData\Local\Logitech
2013-12-01 19:46:02 . 2013-12-01 19:46:02    --------    d-----w-    C:\Program Files\Logitech
2013-12-01 19:46:02 . 2013-12-01 19:46:02    --------    d-----w-    C:\Program Files\Common Files\Logitech
2013-11-30 14:25:20 . 2013-11-30 14:25:20    --------    d-----w-    C:\Users\MBPuser\AppData\Local\Rockstar Games
2013-11-27 09:55:30 . 2013-12-14 14:37:16    --------    d-----w-    C:\Program Files (x86)\YoutubeAdblocker
2013-11-27 09:55:30 . 2013-11-27 09:55:30    --------    d-----w-    C:\ProgramData\YoutubeAdblocker
2013-11-26 16:44:25 . 2013-10-14 18:00:00    28368    ----a-w-    C:\Windows\system32\IEUDINIT.EXE
2013-11-26 16:32:21 . 2013-11-26 16:32:21    669956    ----a-w-    C:\Windows\SysWow64\scrypt130511Juniperglg2tc4032w64l4.bin
2013-11-23 22:28:59 . 2008-03-05 15:56:58    4910088    ----a-w-    C:\Windows\system32\D3DX9_37.dll
2013-11-20 20:00:00 . 2013-11-20 20:00:00    --------    d-----w-    C:\Program Files\NVIDIA Corporation
2013-11-20 19:58:56 . 2013-11-20 19:58:45    151552    ----a-w-    C:\Windows\SysWow64\nvRegDev.dll
2013-11-20 19:58:47 . 2013-11-20 19:58:45    61440    ----a-w-    C:\Windows\SysWow64\nvPhotoshopUtil.dll
2013-11-20 19:58:47 . 2013-11-20 19:58:45    40960    ----a-w-    C:\Windows\SysWow64\nvISWOW64.dll
2013-11-20 19:58:45 . 2013-11-20 19:58:45    311428    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2013-11-20 19:58:45 . 2013-11-20 19:58:45    188548    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2013-11-20 19:58:45 . 2006-02-07 15:39:46    32768    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2013-11-20 19:58:45 . 2003-11-10 18:14:46    729088    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2013-11-20 19:58:45 . 2003-11-10 18:13:28    69715    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2013-11-20 19:58:45 . 2003-11-10 18:12:42    266240    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2013-11-20 19:58:45 . 2003-11-10 18:12:12    192512    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2013-11-20 19:58:45 . 2003-11-10 18:11:58    5632    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2013-11-19 19:43:26 . 2013-11-19 19:55:00    --------    d-----w-    C:\Program Files (x86)\Common Files\Steam
2013-11-15 22:25:13 . 2013-11-15 22:25:13    --------    d-----w-    C:\Graphics
2013-11-15 22:25:13 . 2009-03-10 23:25:30    191488    ------w-    C:\Windows\SysWow64\mwgfx.dll
2013-11-15 22:25:13 . 2008-10-20 13:44:58    237056    ------w-    C:\Windows\SysWow64\mwgfx24.dll
2013-11-15 22:25:13 . 2008-09-05 08:32:44    104960    ------w-    C:\Windows\SysWow64\mwdds.dll
2013-11-15 22:25:13 . 2007-08-19 09:37:24    28672    ------w-    C:\Windows\SysWow64\mwgfxcopy.exe
2013-11-15 22:25:13 . 2004-05-14 11:13:46    56832    ------w-    C:\Windows\SysWow64\mwace.dll
2013-11-15 21:09:28 . 2013-11-15 21:09:28    --------    d-----w-    C:\ProgramData\ATI
2013-11-15 18:42:07 . 2013-11-15 20:24:18    --------    d-----w-    C:\Users\MBPuser\AppData\Roaming\Skype
2013-11-15 18:42:04 . 2013-11-15 18:42:04    --------    d-----w-    C:\Program Files (x86)\Code Laboratories
2013-11-15 18:42:03 . 2013-11-15 18:42:03    --------    d-----w-    C:\Program Files (x86)\Common Files\Skype
2013-11-15 18:42:03 . 2013-11-15 18:42:03    --------    d-----r-    C:\Program Files (x86)\Skype
2013-11-15 18:42:00 . 2013-11-15 18:42:06    --------    d-----w-    C:\ProgramData\Skype
.


(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-12-11 01:51:06 . 2013-08-04 21:38:37    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 01:51:06 . 2013-08-04 21:38:37    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-14 13:14:45 . 2013-08-04 23:00:45    82896128    ----a-w-    C:\Windows\system32\MRT.exe
2013-11-11 05:50:16 . 2013-08-04 22:09:17    267936    ------w-    C:\Windows\system32\MpSigStub.exe
2013-10-12 02:30:42 . 2013-11-14 13:03:01    830464    ----a-w-    C:\Windows\system32\nshwfp.dll
2013-10-12 02:29:21 . 2013-11-14 13:03:02    859648    ----a-w-    C:\Windows\system32\IKEEXT.DLL
2013-10-12 02:29:08 . 2013-11-14 13:03:01    324096    ----a-w-    C:\Windows\system32\FWPUCLNT.DLL
2013-10-12 02:03:08 . 2013-11-14 13:03:01    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 . 2013-11-14 13:03:01    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-08 06:50:37 . 2013-10-22 16:34:15    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25:35 . 2013-11-14 13:03:13    1474048    ----a-w-    C:\Windows\system32\crypt32.dll
2013-10-05 19:57:25 . 2013-11-14 13:03:13    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 . 2013-11-14 13:03:07    190464    ----a-w-    C:\Windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 . 2013-11-14 13:03:07    197120    ----a-w-    C:\Windows\system32\credui.dll
2013-10-04 02:24:49 . 2013-11-14 13:03:07    1930752    ----a-w-    C:\Windows\system32\authui.dll
2013-10-04 01:58:50 . 2013-11-14 13:03:07    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 . 2013-11-14 13:03:07    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 . 2013-11-14 13:03:07    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 . 2013-11-14 13:03:12    404480    ----a-w-    C:\Windows\system32\gdi32.dll
2013-10-03 02:00:44 . 2013-11-14 13:03:12    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 . 2013-11-14 13:03:12    497152    ----a-w-    C:\Windows\system32\drivers\afd.sys
2013-09-25 02:26:40 . 2013-11-14 13:03:11    95680    ----a-w-    C:\Windows\system32\drivers\ksecdd.sys
2013-09-25 02:26:40 . 2013-11-14 13:03:11    154560    ----a-w-    C:\Windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23:33 . 2013-11-14 13:03:10    28672    ----a-w-    C:\Windows\system32\sspisrv.dll
2013-09-25 02:23:33 . 2013-11-14 13:03:10    135680    ----a-w-    C:\Windows\system32\sspicli.dll
2013-09-25 02:23:01 . 2013-11-14 13:03:10    28160    ----a-w-    C:\Windows\system32\secur32.dll
2013-09-25 02:22:59 . 2013-11-14 13:03:11    340992    ----a-w-    C:\Windows\system32\schannel.dll
2013-09-25 02:21:50 . 2013-11-14 13:03:10    307200    ----a-w-    C:\Windows\system32\ncrypt.dll
2013-09-25 02:21:07 . 2013-11-14 13:03:11    1447936    ----a-w-    C:\Windows\system32\lsasrv.dll
2013-09-25 01:58:17 . 2013-11-14 13:03:10    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 . 2013-11-14 13:03:10    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 . 2013-11-14 13:03:11    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 . 2013-11-14 13:03:10    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 . 2013-11-14 13:03:10    30720    ----a-w-    C:\Windows\system32\lsass.exe


((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))


*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 12:37:14 517096]
"AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 15:26:58 1073312]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 08:16:26 254336]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-10-08 09:59:30 766208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
R3 cleanhlp;cleanhlp;C:\EEK\Run\cleanhlp64.sys;C:\EEK\Run\cleanhlp64.sys [x]
R3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS;C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mbamchameleon;mbamchameleon;C:\Windows\system32\drivers\mbamchameleon.sys;C:\Windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\MBAMSwissArmy.sys;C:\Windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SliceDisk5;SliceDisk5;C:\Users\MBPuser\Desktop\Nova pasta\A-FF Find and Mount\slicedisk-x64.sys;C:\Users\MBPuser\Desktop\Nova pasta\A-FF Find and Mount\slicedisk-x64.sys [x]
R3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys;C:\Windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys;C:\Windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys;C:\Windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x]
S2 TeamViewer8;TeamViewer 8;C:\Jogos\TV\TeamViewer_Service.exe;C:\Jogos\TV\TeamViewer_Service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys;C:\Windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys;C:\Windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys;C:\Windows\SYSNATIVE\drivers\viahduaa.sys [x]


Conteúdo da pasta 'Tarefas Agendadas'

2013-12-14 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-04 21:38:37 . 2013-12-11 01:51:06]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 05:09:46 446392]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 16:18:10 190536]

------- Scan Suplementar -------

uLocal Page = C:\Windows\system32\blank.htm


mLocal Page = C:\Windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - C:\Users\MBPuser\AppData\Roaming\Mozilla\Firefox\Profiles\tg2vb4rd.default\


FF - ExtSQL: 2013-11-27 09:56; xw-9fkfa@eyeuoye-ae.edu; C:\Users\MBPuser\AppData\Roaming\Mozilla\Firefox\Profiles\tg2vb4rd.default\extensions\xw-9fkfa@eyeuoye-ae.edu

- - - - ORFÃOS REMOVIDOS - - - -

Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - C:\Windows\System32\SPReview\SPReview.exe
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - C:\ProgramData\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{22154f09-719a-4619-bb71-5b3356999fbf} - C:\ProgramData\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe



--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Tempo para conclusão: 2013-12-14  16:17:06
ComboFix-quarantined-files.txt  2013-12-14 16:17:06

Pré-execução: 881.483.259.904 bytes livres
Pós execução: 881.324.367.872 bytes livres

- - End Of File - - 1F902D4D8D50753E67F725D9E9F1DAA9
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FireFox::

FF - ExtSQL: 2013-11-27 09:56; xw-9fkfa@eyeuoye-ae.edu; C:\Users\MBPuser\AppData\Roaming\Mozilla\Firefox\Profiles\tg2vb4rd.default\extensions\xw-9fkfa@eyeuoye-ae.edu

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites
MBPuser

MBPuser

Posted
  • Author
Posted

ComboFix 13-12-13.01 - MBPuser 14-12-2013  16:25:58.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.351.2070.18.8183.6499 [GMT 0:00]
Executando de: c:\users\MBPuser\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\MBPuser\Desktop\CFScript.txt.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2013-11-14 to 2013-12-14  ))))))))))))))))))))))))))))
.
.
2013-12-14 16:28 . 2013-12-14 16:28    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-12-14 15:24 . 2013-12-14 15:31    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-14 15:23 . 2013-12-14 15:23    89304    ----a-w-    c:\windows\system32\drivers\39375AD3.sys
2013-12-14 15:23 . 2013-12-14 15:23    89304    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-12-14 15:19 . 2013-12-14 15:19    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB825689-64B0-4242-8C65-34ED13BCF61F}\offreg.dll
2013-12-14 14:57 . 2013-12-14 14:57    --------    d-----w-    c:\windows\ERUNT
2013-12-13 15:48 . 2013-11-08 03:12    10285968    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB825689-64B0-4242-8C65-34ED13BCF61F}\mpengine.dll
2013-12-12 17:49 . 2013-05-10 04:30    167424    ----a-w-    c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 17:49 . 2013-05-10 03:48    164864    ----a-w-    c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 17:47 . 2013-11-26 10:07    7211520    ----a-w-    c:\program files\Internet Explorer\F12Resources.dll
2013-12-12 15:06 . 2013-11-23 18:26    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-12-10 01:34 . 2007-04-04 18:53    81768    ----a-w-    c:\windows\SysWow64\xinput1_3.dll
2013-12-03 17:17 . 2013-12-03 17:17    --------    d-----w-    c:\program files (x86)\NVIDIA Corporation
2013-12-03 17:17 . 2013-12-03 17:17    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-12-03 16:57 . 2006-02-07 15:45    757760    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2013-12-03 16:57 . 2006-02-07 15:40    204800    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2013-12-03 16:57 . 2006-02-07 15:40    69715    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2013-12-03 16:57 . 2006-02-07 15:40    274432    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2013-12-03 16:57 . 2005-11-13 23:19    5632    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2013-12-03 16:57 . 2013-12-03 16:57    331908    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2013-12-03 16:57 . 2013-12-03 16:57    200836    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2013-12-03 16:41 . 2013-12-03 17:04    --------    d--h--w-    c:\program files (x86)\Temp
2013-12-02 20:48 . 2013-12-02 23:00    466456    ----a-w-    c:\windows\system32\wrap_oal.dll
2013-12-02 20:48 . 2013-12-02 23:00    444952    ----a-w-    c:\windows\SysWow64\wrap_oal.dll
2013-12-02 20:48 . 2013-12-02 23:00    122904    ----a-w-    c:\windows\system32\OpenAL32.dll
2013-12-02 20:48 . 2013-12-02 23:00    109080    ----a-w-    c:\windows\SysWow64\OpenAL32.dll
2013-12-02 20:48 . 2013-12-02 23:00    --------    d-----w-    c:\program files (x86)\OpenAL
2013-12-01 19:49 . 2013-12-01 19:49    --------    d-----w-    c:\users\MBPuser\AppData\Local\Logitech
2013-12-01 19:46 . 2013-12-01 19:46    --------    d-----w-    c:\program files\Logitech
2013-12-01 19:46 . 2013-12-01 19:46    --------    d-----w-    c:\program files\Common Files\Logitech
2013-11-30 14:25 . 2013-11-30 14:25    --------    d-----w-    c:\users\MBPuser\AppData\Local\Rockstar Games
2013-11-27 09:55 . 2013-12-14 14:37    --------    d-----w-    c:\program files (x86)\YoutubeAdblocker
2013-11-27 09:55 . 2013-11-27 09:55    --------    d-----w-    c:\programdata\YoutubeAdblocker
2013-11-26 16:44 . 2013-10-14 18:00    28368    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2013-11-26 16:32 . 2013-11-26 16:32    669956    ----a-w-    c:\windows\SysWow64\scrypt130511Juniperglg2tc4032w64l4.bin
2013-11-23 22:28 . 2008-03-05 15:56    4910088    ----a-w-    c:\windows\system32\D3DX9_37.dll
2013-11-20 20:00 . 2013-11-20 20:00    --------    d-----w-    c:\program files\NVIDIA Corporation
2013-11-20 19:58 . 2013-11-20 19:58    151552    ----a-w-    c:\windows\SysWow64\nvRegDev.dll
2013-11-20 19:58 . 2013-11-20 19:58    61440    ----a-w-    c:\windows\SysWow64\nvPhotoshopUtil.dll
2013-11-20 19:58 . 2013-11-20 19:58    40960    ----a-w-    c:\windows\SysWow64\nvISWOW64.dll
2013-11-20 19:58 . 2013-11-20 19:58    311428    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2013-11-20 19:58 . 2013-11-20 19:58    188548    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2013-11-20 19:58 . 2006-02-07 15:39    32768    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2013-11-20 19:58 . 2003-11-10 18:14    729088    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2013-11-20 19:58 . 2003-11-10 18:13    69715    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2013-11-20 19:58 . 2003-11-10 18:12    266240    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2013-11-20 19:58 . 2003-11-10 18:12    192512    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2013-11-20 19:58 . 2003-11-10 18:11    5632    ----a-w-    c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2013-11-19 19:43 . 2013-11-19 19:55    --------    d-----w-    c:\program files (x86)\Common Files\Steam
2013-11-15 22:25 . 2013-11-15 22:25    --------    d-----w-    C:\Graphics
2013-11-15 22:25 . 2009-03-10 23:25    191488    ------w-    c:\windows\SysWow64\mwgfx.dll
2013-11-15 22:25 . 2008-10-20 13:44    237056    ------w-    c:\windows\SysWow64\mwgfx24.dll
2013-11-15 22:25 . 2008-09-05 08:32    104960    ------w-    c:\windows\SysWow64\mwdds.dll
2013-11-15 22:25 . 2007-08-19 09:37    28672    ------w-    c:\windows\SysWow64\mwgfxcopy.exe
2013-11-15 22:25 . 2004-05-14 11:13    56832    ------w-    c:\windows\SysWow64\mwace.dll
2013-11-15 21:09 . 2013-11-15 21:09    --------    d-----w-    c:\programdata\ATI
2013-11-15 18:42 . 2013-11-15 20:24    --------    d-----w-    c:\users\MBPuser\AppData\Roaming\Skype
2013-11-15 18:42 . 2013-11-15 18:42    --------    d-----w-    c:\program files (x86)\Code Laboratories
2013-11-15 18:42 . 2013-11-15 18:42    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2013-11-15 18:42 . 2013-11-15 18:42    --------    d-----r-    c:\program files (x86)\Skype
2013-11-15 18:42 . 2013-11-15 18:42    --------    d-----w-    c:\programdata\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 01:51 . 2013-08-04 21:38    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 01:51 . 2013-08-04 21:38    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-14 13:14 . 2013-08-04 23:00    82896128    ----a-w-    c:\windows\system32\MRT.exe
2013-11-11 05:50 . 2013-08-04 22:09    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-10-12 02:30 . 2013-11-14 13:03    830464    ----a-w-    c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-14 13:03    859648    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-14 13:03    324096    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-14 13:03    656896    ----a-w-    c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-14 13:03    216576    ----a-w-    c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-08 06:50 . 2013-10-22 16:34    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25 . 2013-11-14 13:03    1474048    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-14 13:03    1168384    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-14 13:03    190464    ----a-w-    c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-14 13:03    197120    ----a-w-    c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-14 13:03    1930752    ----a-w-    c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-14 13:03    152576    ----a-w-    c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-14 13:03    168960    ----a-w-    c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-14 13:03    1796096    ----a-w-    c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-14 13:03    404480    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-14 13:03    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2013-09-28 01:09 . 2013-11-14 13:03    497152    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-09-25 02:26 . 2013-11-14 13:03    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-14 13:03    154560    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-14 13:03    28672    ----a-w-    c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-14 13:03    135680    ----a-w-    c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-14 13:03    28160    ----a-w-    c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-14 13:03    340992    ----a-w-    c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-14 13:03    307200    ----a-w-    c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-14 13:03    1447936    ----a-w-    c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-14 13:03    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-14 13:03    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-14 13:03    247808    ----a-w-    c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-14 13:03    220160    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-14 13:03    30720    ----a-w-    c:\windows\system32\lsass.exe
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-10-08 766208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp64.sys;c:\eek\Run\cleanhlp64.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SliceDisk5;SliceDisk5;c:\users\MBPuser\Desktop\Nova pasta\A-FF Find and Mount\slicedisk-x64.sys;c:\users\MBPuser\Desktop\Nova pasta\A-FF Find and Mount\slicedisk-x64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\jogos\TV\TeamViewer_Service.exe;c:\jogos\TV\TeamViewer_Service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-12-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-04 01:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm


mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\MBPuser\AppData\Roaming\Mozilla\Firefox\Profiles\tg2vb4rd.default\


.
- - - - ORFÃOS REMOVIDOS - - - -
.
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{22154f09-719a-4619-bb71-5b3356999fbf} - c:\programdata\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2013-12-14  16:29:14
ComboFix-quarantined-files.txt  2013-12-14 16:29
ComboFix2.txt  2013-12-14 16:17
.
Pré-execução: 881.390.718.976 bytes livres
Pós execução: 881.820.585.984 bytes livres
.
- - End Of File - - 747F452EECF23D6E9B106404749F9999
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Don't bump your thread. I'm not 24/7 here.

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites
  • 2 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.