• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
paket

Firefox home page being set to search.conduit.com

11 posts in this topic

Something is setting my Firefox home page to search.conduit.com (specifically: search.conduit. com/?ctid=CT3227983&SearchSource=13). Chrome and IE seem to be fine. Here is the background:

 

My son installed some crapware for playing Minecraft, which naturally forced extra toolbars, search providers and home pages on my browsers. I uninstalled the crapware and removed the add-ons, toolbars and extensions. IE and Chrome seem to be fine, but something resets my Firefox home page every time I start it. I try scanning with MS Security, SuperAntiSpyWare and Spybot S&D. Some problems are found and fixed, but the Firefox home page keeps getting reset. I installed Malwarebytes Anti-Malware and ran a scan with it. It found and fixed some problems. I rebooted, scanned again and it was clean, but my home Firefox page is still being reset to search.conduit.com. Can anyone help me?

 

logs:

 

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

 

Database version: v2012.09.17.10

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

alu :: TESLA [administrator]

 

17/09/2012 5:14:19 PM

mbam-log-2012-09-17 (17-14-19).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 217833

Time elapsed: 5 minute(s), 37 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2

Run by alu at 17:23:47 on 2012-09-17

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4094.2722 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Users\alu\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\alu\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\alu\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\alu\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\alu\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\alu\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\alu\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0EyCtCyCtBtD0BzztCtAtN0D0Tzu0CtByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=414542317

mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0EyCtCyCtBtD0BzztCtAtN0D0Tzu0CtByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=414542317

mWinlogon: Userinit=userinit.exe,

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

{ae07101b-46d4-4a98-af68-0333ea26e113}

uRun: [Google Update] "C:\Users\alu\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\alu\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

LSP: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll

TCP: DhcpNameServer = 192.168.1.1 64.59.177.226

TCP: Interfaces\{4B38E3D3-A0C5-4479-B575-9E110BC082C2} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{4B38E3D3-A0C5-4479-B575-9E110BC082C2} : DhcpNameServer = 192.168.1.1 64.59.177.226

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs: c:\progra~3\browse~1\22580~1.182\{d1538~1\brwmngr.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

{ae07101b-46d4-4a98-af68-0333ea26e113}

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

AppInit_DLLs-X64: c:\progra~3\browse~1\22580~1.182\{d1538~1\brwmngr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\alu\AppData\Roaming\Mozilla\Firefox\Profiles\nknickt9.default\

FF - prefs.js: browser.search.selectedEngine - Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3227983&SearchSource=13

FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\alu\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0EyCtCyCtBtD0BzztCtAtN0D0Tzu0CtByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=414542317

FF - user.js: extensions.funmoods.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0EyCtCyCtBtD0BzztCtAtN0D0Tzu0CtByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=414542317

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0EyCtCyCtBtD0BzztCtAtN0D0Tzu0CtByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=414542317&q=

FF - user.js: extensions.funmoods.id - 001A92E61620B813

FF - user.js: extensions.funmoods.instlDay - 15599

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2220:50:19

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - adknlg

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - adknlg

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

FF - user.js: extensions.autoDisableScopes - 14//Playbryte-fa-bndl

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys --> C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-8 116648]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-17 250568]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-8 116648]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-9 114144]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-09-17 22:01:45 -------- d-----w- C:\Users\alu\AppData\Roaming\Malwarebytes

2012-09-17 22:01:32 -------- d-----w- C:\ProgramData\Malwarebytes

2012-09-17 22:01:30 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-17 22:01:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-09-17 17:26:38 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{58AC58D8-633A-46D6-90C6-15E504DB7045}\mpengine.dll

2012-09-16 17:02:01 9310152 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-09-15 06:36:14 -------- d-----w- C:\Users\alu\AppData\Local\Microsoft Games

2012-09-15 02:16:05 -------- d-----w- C:\Users\alu\jagexcache

2012-09-14 04:26:06 -------- d-----w- C:\Program Files (x86)\uTorrent

2012-09-14 04:25:21 -------- d-----w- C:\Users\alu\AppData\Roaming\uTorrent

2012-09-12 06:25:45 -------- d-----w- C:\Program Files\Tor Browser

2012-09-12 06:06:04 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-09-12 06:06:04 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-09-12 06:06:04 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-09-12 00:01:10 -------- d-----w- C:\Users\alu\AppData\Local\Evernote

2012-09-12 00:00:50 -------- d-----w- C:\Program Files (x86)\Evernote

2012-09-10 21:22:29 -------- d-----w- C:\Users\alu\AppData\Local\{63BB2BAE-6341-44F6-85BA-34102731E35E}

2012-09-10 21:22:29 -------- d-----w- C:\Users\alu\AppData\Local\{45CB2799-A541-4D7E-B40B-F5745B51A285}

2012-09-10 21:22:17 -------- d-----w- C:\Users\alu\AppData\Roaming\Windows Live Writer

2012-09-10 21:22:17 -------- d-----w- C:\Users\alu\AppData\Local\Windows Live Writer

2012-09-10 05:16:28 -------- d-----w- C:\Program Files\Process Monitor

2012-09-10 01:06:15 -------- d-----w- C:\Program Files (x86)\WinDirStat

2012-09-10 00:55:06 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-09-09 21:25:48 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-09-09 21:25:48 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-09-09 16:15:07 -------- d-----w- C:\Program Files\profilemanager

2012-09-09 15:34:43 -------- d---a-w- C:\.Trash-1000

2012-09-09 07:48:51 -------- d-----w- C:\Users\alu\AppData\Local\Wajam

2012-09-09 04:18:05 -------- d-----w- C:\Windows\SysWow64\Extensions

2012-09-09 04:18:02 -------- d-----w- C:\Windows\SysWow64\searchplugins

2012-09-09 02:01:26 666272 ----a-w- C:\Program Files (x86)\Uninstall Information\ib_uninst_567\uninstall.exe

2012-09-09 02:01:06 -------- d-----w- C:\ProgramData\Browser Manager

2012-09-08 16:12:15 -------- d-s---w- C:\Users\alu\Google Drive

2012-09-07 22:46:29 -------- d-----w- C:\Windows\en

2012-09-07 22:42:35 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-09-07 22:36:06 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys

2012-09-07 22:31:53 -------- d-----w- C:\Program Files (x86)\Microsoft

2012-09-07 22:31:31 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2012-09-07 22:31:31 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2012-09-07 22:31:23 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2012-09-07 22:31:23 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2012-09-07 22:30:24 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

2012-09-07 22:30:24 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

2012-09-07 22:28:03 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9381ed81cd8d4805\bingbarsetup.exe

2012-09-07 22:27:43 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ff560f881cd8d4704\MeshBetaRemover.exe

2012-09-07 22:27:38 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\fc1822981cd8d4703\DSETUP.dll

2012-09-07 22:27:38 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\fc1822981cd8d4703\DXSETUP.exe

2012-09-07 22:27:38 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\fc1822981cd8d4703\dsetup32.dll

2012-09-07 22:27:33 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f8a20ea81cd8d4702\DXSETUP.exe

2012-09-07 22:27:33 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f8a20ea81cd8d4702\dsetup32.dll

2012-09-07 22:27:32 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f8a20ea81cd8d4702\DSETUP.dll

2012-09-07 22:27:26 6260088 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f4975bd81cd8d4701\Silverlight.4.0.exe

2012-09-07 22:27:05 -------- d-----w- C:\Users\alu\AppData\Local\Windows Live

2012-09-07 22:27:04 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2012-09-07 02:55:30 5115584 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2012-09-07 02:14:05 -------- d-----w- C:\Asus WebStorage

2012-09-07 02:08:30 -------- d-----w- C:\Users\alu\AppData\Roaming\ASUS WebStorage

2012-09-07 02:08:24 -------- d-----w- C:\ProgramData\ASUS WebStorage

2012-09-07 00:24:45 -------- d-----w- C:\Users\alu\AppData\Roaming\LibreOffice

2012-09-07 00:20:10 -------- d-----w- C:\Program Files (x86)\LibreOffice 3.6

2012-09-06 00:45:31 -------- d-----w- C:\Users\alu\AppData\Roaming\Guitar Pro 6

2012-09-05 21:20:26 389120 ----a-w- C:\Windows\SysWow64\RegistryHelperLM.ocx

2012-09-05 01:41:32 -------- d-----w- C:\Users\alu\AppData\Roaming\FreeFileSync

2012-09-05 01:41:03 -------- d-----w- C:\Program Files\FreeFileSync

2012-09-04 03:22:22 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-01 21:35:29 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-09-01 21:35:28 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-09-01 21:35:28 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-09-01 21:35:28 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2012-09-01 21:35:28 -------- d-----w- C:\Program Files (x86)\OpenAL

2012-09-01 21:35:04 -------- d-----w- C:\Program Files (x86)\Warzone 2100-3.1_rc2

2012-09-01 20:08:20 -------- d-----w- C:\.jagex_cache_32

2012-08-30 23:32:38 -------- d-----w- C:\Users\alu\AppData\Local\Turbine

2012-08-30 23:29:57 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll

2012-08-30 23:29:56 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll

2012-08-30 23:29:55 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll

2012-08-30 23:29:07 -------- d-----w- C:\Users\alu\AppData\Local\ApplicationHistory

2012-08-30 23:27:00 -------- d-----w- C:\Windows\SysWow64\URTTEMP

2012-08-30 23:08:34 -------- d-----w- C:\Program Files (x86)\Turbine

2012-08-30 19:30:42 -------- d-----w- C:\Program Files\DDO High Res Install Files

2012-08-30 19:05:55 -------- d-----w- C:\Program Files (x86)\Pando Networks

2012-08-29 23:29:52 -------- d--h--w- C:\Windows\System32\CanonMF Uninstaller Information

2012-08-29 23:26:47 -------- d-----w- C:\Program Files\Canon

2012-08-29 23:26:31 244736 ----a-w- C:\Windows\System32\CNCLSU38a.DLL

2012-08-29 23:26:31 114688 ----a-w- C:\Windows\System32\CNCLST38a.DLL

2012-08-29 23:26:30 99328 ----a-w- C:\Windows\System32\CNCLSC38a.DLL

2012-08-29 23:26:30 156160 ----a-w- C:\Windows\System32\CNCLSD38a.DLL

2012-08-29 23:26:30 110080 ----a-w- C:\Windows\System32\CNCLSI38a.DLL

2012-08-29 23:26:29 85504 ----a-w- C:\Windows\System32\CNCI4500.DLL

2012-08-29 23:26:29 49664 ----a-w- C:\Windows\System32\CNCLSO38a.dll

2012-08-29 23:26:29 372224 ----a-w- C:\Windows\System32\CNCC4500.DLL

2012-08-29 23:26:29 144384 ----a-w- C:\Windows\System32\CNCL4500.DLL

2012-08-29 23:26:29 136192 ----a-w- C:\Windows\System32\CNCE4500.DLL

2012-08-29 23:25:58 967168 ----a-w- C:\Windows\System32\CNAS0MOK.DLL

2012-08-29 23:25:07 247808 ----a-w- C:\Windows\SysWow64\CNCENPM6.dll

2012-08-29 23:25:07 247808 ----a-w- C:\Windows\System32\CNCENPM6.dll

2012-08-29 23:25:07 195584 ----a-w- C:\Windows\System32\CNCENPR6.dll

2012-08-29 23:25:07 140800 ----a-w- C:\Windows\System32\CNCENPU6.dll

2012-08-27 20:54:20 -------- d-----w- C:\ProgramData\Guitar Pro 6

2012-08-27 20:03:45 -------- d-----w- C:\Program Files (x86)\Guitar Pro 6

2012-08-26 18:48:14 -------- d-----w- C:\wamp

2012-08-26 18:14:52 -------- d-----w- C:\Users\alu\AppData\Roaming\freac

2012-08-26 18:14:44 -------- d-----w- C:\Program Files (x86)\freac

2012-08-26 17:57:26 -------- d-----w- C:\Windows\System32\appmgmt

2012-08-26 17:52:20 -------- d-----w- C:\Program Files (x86)\eRightSoft

2012-08-26 05:37:47 -------- d-----w- C:\Users\alu\AppData\Roaming\TeraCopy

2012-08-26 05:37:37 -------- d-----w- C:\Program Files\TeraCopy

2012-08-26 05:22:12 -------- d-----w- C:\Users\alu\Superfreakonomics

2012-08-24 22:39:04 -------- d-----w- C:\Users\alu\AppData\Roaming\HandBrake

2012-08-24 21:59:19 -------- d-----w- C:\Program Files\Handbrake

2012-08-23 02:10:15 916456 ----a-w- C:\Windows\System32\deployJava1.dll

2012-08-23 02:10:14 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-08-22 04:49:00 -------- d-----w- C:\Program Files (x86)\WinCDEmu

2012-08-22 02:54:09 -------- d-----w- C:\Users\alu\AppData\Roaming\BANDISOFT

2012-08-22 02:53:53 -------- d-----w- C:\Program Files (x86)\BandiMPEG1

2012-08-22 00:59:29 -------- d-----r- C:\Program Files (x86)\Skype

2012-08-21 04:32:13 -------- d-----w- C:\Program Files (x86)\MP3Gain

2012-08-20 05:50:37 -------- d-----w- C:\Windows\System32\SPReview

2012-08-20 05:49:49 -------- d-----w- C:\Windows\System32\EventProviders

2012-08-19 23:59:04 -------- d-----w- C:\Windows\System32\ms-MY

2012-08-19 22:17:26 -------- d-----r- C:\Users\alu\Podcasts

2012-08-19 19:38:09 -------- d-----w- C:\Windows\System32\drivers\UMDF\ko-KR

2012-08-19 19:38:08 -------- d-----w- C:\Windows\System32\drivers\UMDF\ms-MY

2012-08-19 19:38:07 -------- d-----w- C:\Windows\System32\drivers\UMDF\id-ID

2012-08-19 19:38:06 -------- d-----w- C:\Windows\System32\drivers\UMDF\sv-SE

2012-08-19 19:38:05 -------- d-----w- C:\Windows\System32\drivers\UMDF\nb-NO

2012-08-19 19:38:04 -------- d-----w- C:\Windows\System32\drivers\UMDF\hu-HU

2012-08-19 19:38:03 -------- d-----w- C:\Windows\System32\drivers\UMDF\fi-FI

2012-08-19 19:38:02 -------- d-----w- C:\Windows\System32\drivers\UMDF\el-GR

2012-08-19 19:38:01 -------- d-----w- C:\Windows\System32\drivers\UMDF\da-DK

2012-08-19 19:34:06 -------- d-----w- C:\Windows\PCHEALTH

2012-08-19 19:11:59 828416 ----a-w- C:\Windows\System32\MPSSVC.dll

2012-08-19 19:10:59 78720 ----a-w- C:\Windows\System32\drivers\HpSAMD.sys

2012-08-19 19:09:59 755200 ----a-w- C:\Windows\SysWow64\sud.dll

2012-08-19 19:08:59 70656 ----a-w- C:\Windows\SysWow64\amstream.dll

2012-08-19 19:07:39 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll

2012-08-19 19:06:23 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2012-08-19 19:06:23 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2012-08-19 19:06:23 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll

2012-08-19 19:00:07 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll

2012-08-19 19:00:06 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2012-08-19 18:59:56 244736 ----a-w- C:\Windows\System32\sqmapi.dll

.

==================== Find3M ====================

.

2012-09-07 22:26:25 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-07 22:26:25 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-04 03:22:02 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-09-04 03:22:02 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-08-20 14:26:48 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-08-20 14:26:48 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-08-18 16:59:00 24576 ----a-w- C:\Windows\SysWow64\AsIO.dll

2012-08-18 16:59:00 13440 ----a-w- C:\Windows\SysWow64\drivers\AsIO.sys

2012-08-18 16:59:00 13368 ----a-w- C:\Windows\SysWow64\drivers\AsUpIO.sys

2012-08-17 01:54:20 0 ----a-w- C:\Windows\ativpsrm.bin

2012-08-09 07:40:36 70184 ----a-w- C:\Windows\System32\bdmpega64.acm

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-07-04 07:32:22 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-07-04 07:32:06 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-07-04 07:32:02 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-07-04 07:31:54 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-07-04 07:31:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-07-04 07:31:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll

2012-07-04 07:30:58 13008384 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-07-04 07:30:12 54784 ----a-w- C:\Windows\System32\OpenCL.dll

2012-07-04 07:30:08 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-07-04 06:59:32 11922944 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-07-04 06:52:04 26016256 ----a-w- C:\Windows\System32\atio6axx.dll

2012-07-04 06:35:46 19586048 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-07-04 06:27:18 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-07-04 06:27:08 918528 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-07-04 06:25:14 1081856 ----a-w- C:\Windows\System32\aticfx64.dll

2012-07-04 06:21:46 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-07-04 06:21:40 514048 ----a-w- C:\Windows\System32\atieclxx.exe

2012-07-04 06:20:54 238080 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-07-04 06:19:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-07-04 06:19:16 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-07-04 06:19:12 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-07-04 06:19:06 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-07-04 06:18:18 6811648 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-07-04 05:57:18 7510528 ----a-w- C:\Windows\System32\atidxx64.dll

2012-07-04 05:36:34 1053696 ----a-w- C:\Windows\System32\atiumd6v.dll

2012-07-04 05:36:24 69632 ----a-w- C:\Windows\System32\coinst_8.97.100.3.dll

2012-07-04 05:36:14 1960960 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2012-07-04 05:35:42 4261376 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-07-04 05:35:14 6245888 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-07-04 05:28:52 4749312 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-07-04 05:24:02 7477760 ----a-w- C:\Windows\System32\atiumd64.dll

2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll

2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-07-04 05:11:40 535552 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-07-04 05:11:30 364544 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-07-04 05:11:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-07-04 05:11:16 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-07-04 05:11:16 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-07-04 05:11:12 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-07-04 05:11:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-07-04 05:10:56 359936 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-07-04 05:10:04 55296 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-07-04 05:09:56 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-07-04 05:09:50 45056 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-07-04 05:09:42 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-07-04 05:09:10 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-07-04 05:04:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-07-04 05:04:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-07-04 05:04:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-07-04 05:04:18 44544 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-07-04 05:04:08 15827456 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-07-04 04:59:40 13402112 ----a-w- C:\Windows\SysWow64\aticaldd.dll

.

============= FINISH: 17:24:48.19 ===============

 

 

Results of screen317's Security Check version 0.99.51

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.0.1400

Java 7 Update 7

Adobe Flash Player 11.4.402.265

Mozilla Firefox (15.0.1)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

 

 

thx

 

EDIT: To disable malware link - please do not post active malware links in the forum...

Edited by Budfred

Share this post


Link to post
Share on other sites

Welcome paket to SpywareInfo. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :)

 

Please go to Start>Control Panel>Programs and Features>Programs and uninstall the following (if present):

 

  • Conduit
  • Conduit Engine

Please restart your computer after these program removals.

==========

 

Next, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

 

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

 

Please go here to see a list of programs that need to be disabled.

 

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

 

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

 

Please include the C:\ComboFix.txt in your next reply for further review.

===========

 

Finally, please download AdwCleaner by Xplode onto your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[1].txt as well.

==========

 

In your reply please provide the following:

  • ComboFix.txt.
  • AdwCleaner[1].txt.

Share this post


Link to post
Share on other sites

Thanks for your help. I ran ComboFix, but it never finished, even after letting it sit for a few hours. I ran Adwcleaner, hit 'Search', then 'Delete' and it told me it had to reboot the computer. After it was done restarting, the problem was gone, Thanks for your help!

 

Is there any way to lock the browser config and prevent the installation of any toolbars, extension and addons without the administrator's permission? Even if someone (a regular user, not an admin) tries to install one?

 

In case you are interested, here is the log file from Adwcleaner:

 

 

# AdwCleaner v2.002 - Logfile created 09/17/2012 at 23:24:26

# Updated 16/09/2012 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : alu - TESLA

# Boot Mode : Normal

# Running from : C:\Users\alu\Downloads\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Deleted on reboot : C:\ProgramData\Browser Manager

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\user.js

File Deleted : C:\Users\alu\AppData\Local\funmoods-speeddial.crx

File Deleted : C:\Users\alu\AppData\Roaming\Mozilla\Firefox\Profiles\nknickt9.default\searchplugins\search.xml

Folder Deleted : C:\Users\alu\AppData\Local\Wajam

Folder Deleted : C:\Users\alu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\bProtector

Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKLM\Software\bProtector

Key Deleted : HKLM\Software\BrowserMngr

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKLM\SOFTWARE\Tarma Installer

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0EyCtCyCtBtD0BzztCtAtN0D0Tzu0CtByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=414542317 --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - BrowserMngr Start Page] = hxxp://search.babylon.com/?affID=111511&tt=3612_2&babsrc=HP_ss&mntrId=80e0b813000000000000001a92e61620 --> hxxp://www.google.com

 

-\\ Mozilla Firefox v15.0.1 (en-US)

 

Profile name : default

File : C:\Users\alu\AppData\Roaming\Mozilla\Firefox\Profiles\nknickt9.default\prefs.js

 

C:\Users\alu\AppData\Roaming\Mozilla\Firefox\Profiles\nknickt9.default\user.js ... Deleted !

 

Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3227983&SearchSource=13");

Deleted : user_pref("extensions.funmoods.aflt", "adknlg");

Deleted : user_pref("extensions.funmoods.autoRvrt", false);

Deleted : user_pref("extensions.funmoods.cntry", "CA");

Deleted : user_pref("extensions.funmoods.cv", "cv5");

Deleted : user_pref("extensions.funmoods.dfltLng", "");

Deleted : user_pref("extensions.funmoods.dfltSrch", true);

Deleted : user_pref("extensions.funmoods.dnsErr", true);

Deleted : user_pref("extensions.funmoods.envrmnt", "production");

Deleted : user_pref("extensions.funmoods.excTlbr", false);

Deleted : user_pref("extensions.funmoods.hdrMd5", "49CA573AA6CF3D623EF5B8C95D4F70FE");

Deleted : user_pref("extensions.funmoods.hmpg", true);

Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2Xz[...]

Deleted : user_pref("extensions.funmoods.id", "001A92E61620B813");

Deleted : user_pref("extensions.funmoods.instlDay", "15599");

Deleted : user_pref("extensions.funmoods.instlRef", "adknlg");

Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);

Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:50:19");

Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

Deleted : user_pref("extensions.funmoods.newTab", true);

Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2[...]

Deleted : user_pref("extensions.funmoods.prdct", "funmoods");

Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");

Deleted : user_pref("extensions.funmoods.sg", "none");

Deleted : user_pref("extensions.funmoods.smplGrp", "none");

Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");

Deleted : user_pref("extensions.funmoods.tlbrId", "base");

Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd[...]

Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");

Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:50:19");

Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");

Deleted : user_pref("extensions.funmoods_i.newTab", true);

Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");

Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:50:19");

 

Profile name : default-1347845835245 [Profil par défaut]

File : C:\Users\brandon\AppData\Roaming\Mozilla\Firefox\Profiles\9ir6qi9y.default-1347845835245\prefs.js

 

Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3227983&SearchSource=13");

 

-\\ Google Chrome v21.0.1180.89

 

File : C:\Users\alu\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

Deleted [l.13] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0EyCtCyCtBtD0BzztCtAtN0D0Tzu0CtByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=414542317" ]

Deleted [l.1683] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AzytB0EyCtCyCtBtD0BzztCtAtN0D0Tzu0CtByCtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=414542317" ]

 

*************************

 

AdwCleaner[R1].txt - [10419 octets] - [17/09/2012 19:08:41]

AdwCleaner[R2].txt - [10480 octets] - [17/09/2012 23:17:00]

AdwCleaner[R3].txt - [10541 octets] - [17/09/2012 23:23:50]

AdwCleaner[s2].txt - [11268 octets] - [17/09/2012 23:24:26]

 

########## EOF - C:\AdwCleaner[s2].txt - [11329 octets] ##########

Share this post


Link to post
Share on other sites

Good afternoon paket. :)

 

I'm glad the issue seems to have been solved.

 

Is there any way to lock the browser config and prevent the installation of any toolbars, extension and addons without the administrator's permission? Even if someone (a regular user, not an admin) tries to install one?

Not really. It all comes down to watching what you click and download. You could use a basic user account, as opposed to an Administrator, but other than that you just need to be careful. :)

 

Are you experiencing any other issues at the moment on your computer? It usually isn't a good sign if ComboFix doesn't complete.

 

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com).


  •  
  • There are 3 different versions. If one of them won't run then download and try to run the other one.
  • Vista and Win7 users need to right click and choose Run as Admin.
  • You only need to get one of them to run, not all of them.

rkill.exe

rkill.com

rkill.scr

 

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the Desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

 

Before proceeding any further the processes that belong to Windows Recovery need to be terminated so that it does not interfere with the cleaning procedure.

 

Double-click on the RKill.exe icon in order to automatically attempt to stop any processes associated with Windows Recovery and other Rogue programs.

===

 

Please do not reboot your computer.

 

Then, please try running ComboFix. Post the contents of ComboFix.txt in your reply. :thumbup:

Share this post


Link to post
Share on other sites

rkill.exe ran sucessfully, and so did ComboFix after that, although it took a really long time. I left it overnight. Logs are below.

 

Rkill 2.3.15 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

 

Program started at: 09/18/2012 12:54:02 AM in x64 mode.

Windows Version: Windows 7 Ultimate Service Pack 1

 

Checking for Windows services to stop:

 

* No malware services found to stop.

 

Checking for processes to terminate:

 

* No malware processes found to kill.

 

Checking Registry for malware related settings:

 

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

 

Backup Registry file created at:

C:\Users\alu\Desktop\rkill\rkill-09-18-2012-12-54-05.reg

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 

* Windows Defender Disabled

 

[HKLM\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware" = dword:00000001

 

Checking Windows Service Integrity:

 

* WinDefend => %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [incorrect ServiceDLL]

 

Searching for Missing Digital Signatures:

 

* No issues found.

 

Program finished at: 09/18/2012 12:54:13 AM

Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)

 

ComboFix 12-09-18.02 - alu 18/09/2012 0:58.6.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4094.2436 [GMT -5:00]

Running from: c:\users\alu\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\alu\AppData\Local\Temp\_MEI6762\_ctypes.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\_elementtree.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\_hashlib.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\_socket.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\_ssl.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\pyexpat.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\pysqlite2._sqlite.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\python26.dll

c:\users\alu\AppData\Local\Temp\_MEI6762\pythoncom26.dll

c:\users\alu\AppData\Local\Temp\_MEI6762\PyWinTypes26.dll

c:\users\alu\AppData\Local\Temp\_MEI6762\select.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\unicodedata.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\win32api.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\win32com.shell.shell.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\win32crypt.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\win32event.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\win32file.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\win32inet.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\win32pdh.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\win32process.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\windows._cacheinvalidation.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\wx._controls_.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\wx._core_.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\wx._gdi_.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\wx._html2.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\wx._misc_.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\wx._windows_.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\wx._wizard.pyd

c:\users\alu\AppData\Local\Temp\_MEI6762\wxbase293u_net_vc.dll

c:\users\alu\AppData\Local\Temp\_MEI6762\wxbase293u_vc.dll

c:\users\alu\AppData\Local\Temp\_MEI6762\wxmsw293u_adv_vc.dll

c:\users\alu\AppData\Local\Temp\_MEI6762\wxmsw293u_core_vc.dll

c:\users\alu\AppData\Local\Temp\_MEI6762\wxmsw293u_html_vc.dll

c:\users\alu\AppData\Local\Temp\_MEI6762\wxmsw293u_webview_vc.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-08-18 to 2012-09-18 )))))))))))))))))))))))))))))))

.

.

2012-09-18 06:10 . 2012-09-18 06:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-18 04:39 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B7B364C-6E27-4F5B-9D2B-B679436B582E}\mpengine.dll

2012-09-17 22:01 . 2012-09-17 22:01 -------- d-----w- c:\users\alu\AppData\Roaming\Malwarebytes

2012-09-17 22:01 . 2012-09-17 22:01 -------- d-----w- c:\programdata\Malwarebytes

2012-09-17 22:01 . 2012-09-17 22:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-17 22:01 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-16 17:02 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-09-15 06:36 . 2012-09-15 06:49 -------- d-----w- c:\users\alu\AppData\Local\Microsoft Games

2012-09-15 02:16 . 2012-09-15 02:16 -------- d-----w- c:\users\alu\jagexcache

2012-09-14 04:26 . 2012-09-14 04:26 -------- d-----w- c:\program files (x86)\uTorrent

2012-09-14 04:25 . 2012-09-15 01:25 -------- d-----w- c:\users\alu\AppData\Roaming\uTorrent

2012-09-12 06:25 . 2012-08-27 06:31 -------- d-----w- c:\program files\Tor Browser

2012-09-12 06:06 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-12 06:06 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-12 06:06 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-12 00:01 . 2012-09-12 00:01 -------- d-----w- c:\users\alu\AppData\Local\Evernote

2012-09-12 00:00 . 2012-09-12 00:00 -------- d-----w- c:\program files (x86)\Evernote

2012-09-10 21:22 . 2012-09-10 21:22 -------- d-----w- c:\users\alu\AppData\Local\Windows Live Writer

2012-09-10 21:22 . 2012-09-10 21:22 -------- d-----w- c:\users\alu\AppData\Roaming\Windows Live Writer

2012-09-10 05:16 . 2012-09-10 05:24 -------- d-----w- c:\program files\Process Monitor

2012-09-10 01:06 . 2012-09-10 01:06 -------- d-----w- c:\program files (x86)\WinDirStat

2012-09-10 00:55 . 2012-09-10 00:55 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-09-09 21:25 . 2012-09-17 21:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-09-09 21:25 . 2012-09-17 21:59 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-09-09 17:14 . 2012-09-09 17:14 -------- d-----w- c:\users\alu\AppData\Roaming\Notepad++

2012-09-09 17:14 . 2012-09-09 17:14 -------- d-----w- c:\program files (x86)\Notepad++

2012-09-09 16:15 . 2012-09-09 16:15 -------- d-----w- c:\program files\profilemanager

2012-09-09 15:34 . 2012-09-09 15:34 -------- d---a-w- C:\.Trash-1000

2012-09-09 04:18 . 2012-09-09 04:18 -------- d-----w- c:\windows\SysWow64\Extensions

2012-09-09 04:18 . 2012-09-09 04:18 -------- d-----w- c:\windows\SysWow64\searchplugins

2012-09-09 02:01 . 2012-09-07 22:26 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_567\uninstall.exe

2012-09-08 16:31 . 2012-09-08 16:31 -------- d-----w- c:\program files (x86)\7-Zip

2012-09-08 16:12 . 2012-09-18 05:19 -------- d-s---w- c:\users\alu\Google Drive

2012-09-07 22:46 . 2012-09-07 22:46 -------- d-----w- c:\windows\en

2012-09-07 22:42 . 2012-09-07 22:42 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2012-09-07 22:36 . 2012-09-07 22:36 -------- dc----w- c:\windows\system32\DRVSTORE

2012-09-07 22:36 . 2012-03-08 23:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2012-09-07 22:36 . 2012-09-07 22:46 -------- d-----w- c:\program files (x86)\Windows Live

2012-09-07 22:34 . 2012-09-07 22:36 -------- d-----w- c:\program files\Windows Live

2012-09-07 22:31 . 2012-09-09 14:33 -------- d-----w- c:\program files (x86)\Microsoft

2012-09-07 22:31 . 2009-09-04 22:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll

2012-09-07 22:31 . 2009-09-04 22:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll

2012-09-07 22:31 . 2009-09-04 22:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll

2012-09-07 22:31 . 2009-09-04 22:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll

2012-09-07 22:30 . 2006-11-29 18:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll

2012-09-07 22:30 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll

2012-09-07 22:28 . 2012-09-09 14:47 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-09-07 22:27 . 2012-09-10 21:22 -------- d-----w- c:\users\alu\AppData\Local\Windows Live

2012-09-07 22:27 . 2012-09-07 22:27 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

2012-09-07 02:14 . 2012-09-07 02:14 -------- d-----w- C:\Asus WebStorage

2012-09-07 02:08 . 2012-09-08 16:00 -------- d-----w- c:\users\alu\AppData\Roaming\ASUS WebStorage

2012-09-07 02:08 . 2012-09-07 02:08 -------- d-----w- c:\programdata\ASUS WebStorage

2012-09-07 00:24 . 2012-09-07 00:24 -------- d-----w- c:\users\alu\AppData\Roaming\LibreOffice

2012-09-07 00:20 . 2012-09-07 00:22 -------- d-----w- c:\program files (x86)\LibreOffice 3.6

2012-09-06 00:45 . 2012-09-06 01:54 -------- d-----w- c:\users\alu\AppData\Roaming\Guitar Pro 6

2012-09-05 21:20 . 2012-09-05 21:20 389120 ----a-w- c:\windows\SysWow64\RegistryHelperLM.ocx

2012-09-05 01:41 . 2012-09-05 02:07 -------- d-----w- c:\users\alu\AppData\Roaming\FreeFileSync

2012-09-05 01:41 . 2012-09-05 01:41 -------- d-----w- c:\program files\FreeFileSync

2012-09-04 03:22 . 2012-09-04 03:22 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-09-04 03:22 . 2012-09-04 03:22 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-04 03:21 . 2012-09-04 03:21 -------- d-----w- c:\program files (x86)\Java

2012-09-01 21:35 . 2012-09-01 21:35 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2012-09-01 21:35 . 2012-09-01 21:35 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2012-09-01 21:35 . 2012-09-01 21:35 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-09-01 21:35 . 2012-09-01 21:35 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-09-01 21:35 . 2012-09-01 21:35 -------- d-----w- c:\program files (x86)\OpenAL

2012-09-01 21:35 . 2012-09-01 22:13 -------- d-----w- c:\program files (x86)\Warzone 2100-3.1_rc2

2012-09-01 20:08 . 2012-09-01 20:08 -------- d-----w- C:\.jagex_cache_32

2012-08-30 23:32 . 2012-08-30 23:37 -------- d-----w- c:\users\alu\AppData\Local\Turbine

2012-08-30 23:29 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll

2012-08-30 23:29 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll

2012-08-30 23:29 . 2007-03-12 21:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll

2012-08-30 23:29 . 2012-09-17 18:02 -------- d-----w- c:\users\alu\AppData\Local\ApplicationHistory

2012-08-30 23:08 . 2012-08-30 23:08 -------- d-----w- c:\program files (x86)\Turbine

2012-08-30 19:30 . 2012-08-30 21:53 -------- d-----w- c:\program files\DDO High Res Install Files

2012-08-30 19:05 . 2012-08-30 19:05 -------- d-----w- c:\program files (x86)\Pando Networks

2012-08-29 23:29 . 2012-08-29 23:29 -------- d--h--w- c:\windows\system32\CanonMF Uninstaller Information

2012-08-29 23:26 . 2012-08-29 23:29 -------- d-----w- c:\program files\Canon

2012-08-29 23:26 . 2010-09-17 19:55 114688 ----a-w- c:\windows\system32\CNCLST38a.DLL

2012-08-29 23:26 . 2010-09-17 19:55 244736 ----a-w- c:\windows\system32\CNCLSU38a.DLL

2012-08-29 23:26 . 2010-09-17 19:56 110080 ----a-w- c:\windows\system32\CNCLSI38a.DLL

2012-08-29 23:26 . 2010-09-17 19:55 156160 ----a-w- c:\windows\system32\CNCLSD38a.DLL

2012-08-29 23:26 . 2010-09-17 19:55 99328 ----a-w- c:\windows\system32\CNCLSC38a.DLL

2012-08-29 23:26 . 2010-09-17 19:56 49664 ----a-w- c:\windows\system32\CNCLSO38a.dll

2012-08-29 23:26 . 2010-09-17 19:55 136192 ----a-w- c:\windows\system32\CNCE4500.DLL

2012-08-29 23:26 . 2010-09-17 19:55 85504 ----a-w- c:\windows\system32\CNCI4500.DLL

2012-08-29 23:26 . 2010-09-17 19:55 372224 ----a-w- c:\windows\system32\CNCC4500.DLL

2012-08-29 23:26 . 2010-09-17 19:54 144384 ----a-w- c:\windows\system32\CNCL4500.DLL

2012-08-29 23:25 . 2010-07-09 13:42 967168 ----a-w- c:\windows\system32\CNAS0MOK.DLL

2012-08-29 23:25 . 2010-07-07 18:38 247808 ----a-w- c:\windows\SysWow64\CNCENPM6.dll

2012-08-29 23:25 . 2010-07-07 18:38 247808 ----a-w- c:\windows\system32\CNCENPM6.dll

2012-08-29 23:25 . 2009-06-18 23:43 195584 ----a-w- c:\windows\system32\CNCENPR6.dll

2012-08-29 23:25 . 2009-06-18 23:43 140800 ----a-w- c:\windows\system32\CNCENPU6.dll

2012-08-28 00:50 . 2012-09-08 16:09 -------- d-----w- c:\program files (x86)\Google

2012-08-27 20:54 . 2012-08-27 20:54 -------- d-----w- c:\programdata\Guitar Pro 6

2012-08-27 20:03 . 2012-08-27 20:04 -------- d-----w- c:\program files (x86)\Guitar Pro 6

2012-08-26 18:48 . 2012-08-26 18:55 -------- d-----w- C:\wamp

2012-08-26 18:14 . 2012-08-26 18:17 -------- d-----w- c:\users\alu\AppData\Roaming\freac

2012-08-26 18:14 . 2012-08-26 18:14 -------- d-----w- c:\program files (x86)\freac

2012-08-26 17:57 . 2012-08-26 18:08 -------- d-----w- c:\windows\system32\appmgmt

2012-08-26 17:52 . 2012-08-26 17:52 -------- d-----w- c:\program files (x86)\eRightSoft

2012-08-26 05:37 . 2012-08-26 18:32 -------- d-----w- c:\users\alu\AppData\Roaming\TeraCopy

2012-08-26 05:37 . 2012-08-26 05:37 -------- d-----w- c:\program files\TeraCopy

2012-08-26 05:22 . 2012-08-26 05:24 -------- d-----w- c:\users\alu\Superfreakonomics

2012-08-24 22:39 . 2012-08-26 17:58 -------- d-----w- c:\users\alu\AppData\Roaming\HandBrake

2012-08-24 21:59 . 2012-08-24 21:59 -------- d-----w- c:\program files\Handbrake

2012-08-24 04:09 . 2012-09-18 04:27 -------- d-----w- c:\users\alu\AppData\Roaming\Skype

2012-08-23 02:10 . 2012-08-23 02:09 916456 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-23 02:10 . 2012-08-23 02:09 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-22 04:49 . 2012-08-22 04:49 -------- d-----w- c:\program files (x86)\WinCDEmu

2012-08-22 02:54 . 2012-08-22 02:54 -------- d-----w- c:\users\alu\AppData\Roaming\BANDISOFT

2012-08-22 02:53 . 2012-09-17 18:02 -------- d-----w- c:\program files (x86)\BandiMPEG1

2012-08-22 00:59 . 2012-08-22 00:59 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-08-22 00:59 . 2012-08-22 01:00 -------- d-----r- c:\program files (x86)\Skype

2012-08-22 00:59 . 2012-08-29 01:06 -------- d-----w- c:\programdata\Skype

2012-08-22 00:52 . 2012-09-07 04:27 -------- d-----w- c:\users\brandon

2012-08-21 04:32 . 2012-08-21 04:32 -------- d-----w- c:\program files (x86)\MP3Gain

2012-08-20 05:50 . 2012-08-20 05:50 -------- d-----w- c:\windows\system32\SPReview

2012-08-20 05:49 . 2012-08-20 05:49 -------- d-----w- c:\windows\system32\EventProviders

2012-08-19 23:59 . 2012-08-19 23:59 -------- d-----w- c:\windows\system32\ms-MY

2012-08-19 22:17 . 2012-09-18 05:26 -------- d-----r- c:\users\alu\Podcasts

2012-08-19 19:38 . 2012-08-19 19:38 -------- d-----w- c:\windows\system32\drivers\UMDF\ko-KR

2012-08-19 19:38 . 2012-08-19 19:38 -------- d-----w- c:\windows\system32\drivers\UMDF\ms-MY

2012-08-19 19:38 . 2012-08-19 19:38 -------- d-----w- c:\windows\system32\drivers\UMDF\id-ID

2012-08-19 19:38 . 2012-08-19 19:38 -------- d-----w- c:\windows\system32\drivers\UMDF\sv-SE

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-12 06:06 . 2012-08-17 03:49 64462936 ----a-w- c:\windows\system32\MRT.exe

2012-09-07 22:34 . 2011-03-28 23:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-09-07 22:26 . 2012-08-18 04:20 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-07 22:26 . 2012-08-18 04:20 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-09-04 03:22 . 2012-08-18 04:26 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-04 03:22 . 2012-08-18 04:26 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-20 14:26 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2012-08-20 14:26 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2012-08-18 16:59 . 2012-08-18 17:00 13368 ----a-w- c:\windows\SysWow64\drivers\AsUpIO.sys

2012-08-18 16:59 . 2012-08-18 17:00 24576 ----a-w- c:\windows\SysWow64\AsIO.dll

2012-08-18 16:59 . 2012-08-18 17:00 13440 ----a-w- c:\windows\SysWow64\drivers\AsIO.sys

2012-08-17 05:21 . 2012-08-17 05:21 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27084E78-2EA9-4FE6-A6C6-CDFC707185F2}\gapaengine.dll

2012-08-17 04:05 . 2012-08-17 04:05 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-08-17 04:05 . 2012-08-17 04:05 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-08-17 04:05 . 2012-08-17 04:05 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-17 04:05 . 2012-08-17 04:05 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-17 04:05 . 2012-08-17 04:05 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-08-17 04:05 . 2012-08-17 04:05 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-08-17 04:05 . 2012-08-17 04:05 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-08-17 04:05 . 2012-08-17 04:05 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-08-17 04:05 . 2012-08-17 04:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-08-17 04:05 . 2012-08-17 04:05 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-08-17 04:05 . 2012-08-17 04:05 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-08-17 04:05 . 2012-08-17 04:05 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-08-17 04:05 . 2012-08-17 04:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-08-17 04:05 . 2012-08-17 04:05 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-17 04:05 . 2012-08-17 04:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-08-17 04:05 . 2012-08-17 04:05 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-08-17 04:05 . 2012-08-17 04:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-17 04:05 . 2012-08-17 04:05 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-08-17 04:05 . 2012-08-17 04:05 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-17 04:05 . 2012-08-17 04:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-17 04:05 . 2012-08-17 04:05 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-08-17 04:05 . 2012-08-17 04:05 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-08-17 04:05 . 2012-08-17 04:05 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-17 04:05 . 2012-08-17 04:05 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-17 04:05 . 2012-08-17 04:05 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-17 04:05 . 2012-08-17 04:05 65024 ----a-w- c:\windows\system32\pngfilt.dll

2012-08-17 04:05 . 2012-08-17 04:05 55296 ----a-w- c:\windows\system32\msfeedsbs.dll

2012-08-17 04:05 . 2012-08-17 04:05 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-08-17 04:05 . 2012-08-17 04:05 267776 ----a-w- c:\windows\system32\ieaksie.dll

2012-08-17 04:05 . 2012-08-17 04:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-17 04:05 . 2012-08-17 04:05 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-17 04:05 . 2012-08-17 04:05 222208 ----a-w- c:\windows\system32\msls31.dll

2012-08-17 04:05 . 2012-08-17 04:05 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-17 04:05 . 2012-08-17 04:05 197120 ----a-w- c:\windows\system32\msrating.dll

2012-08-17 04:05 . 2012-08-17 04:05 17809920 ----a-w- c:\windows\system32\mshtml.dll

2012-08-17 04:05 . 2012-08-17 04:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-17 04:05 . 2012-08-17 04:05 163840 ----a-w- c:\windows\system32\ieakui.dll

2012-08-17 04:05 . 2012-08-17 04:05 149504 ----a-w- c:\windows\system32\occache.dll

2012-08-17 04:05 . 2012-08-17 04:05 145920 ----a-w- c:\windows\system32\iepeers.dll

2012-08-17 04:05 . 2012-08-17 04:05 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-17 04:05 . 2012-08-17 04:05 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-08-17 04:05 . 2012-08-17 04:05 12288 ----a-w- c:\windows\system32\mshta.exe

2012-08-17 04:05 . 2012-08-17 04:05 114176 ----a-w- c:\windows\system32\admparse.dll

2012-08-17 04:05 . 2012-08-17 04:05 10752 ----a-w- c:\windows\system32\msfeedssync.exe

2012-08-17 04:05 . 2012-08-17 04:05 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-08-17 04:05 . 2012-08-17 04:05 89088 ----a-w- c:\windows\system32\ie4uinit.exe

2012-08-17 04:05 . 2012-08-17 04:05 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-08-17 04:05 . 2012-08-17 04:05 82432 ----a-w- c:\windows\system32\icardie.dll

2012-08-17 04:05 . 2012-08-17 04:05 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-08-17 04:05 . 2012-08-17 04:05 534528 ----a-w- c:\windows\system32\ieapfltr.dll

2012-08-17 04:05 . 2012-08-17 04:05 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-08-17 04:05 . 2012-08-17 04:05 452608 ----a-w- c:\windows\system32\dxtmsft.dll

2012-08-17 04:05 . 2012-08-17 04:05 448512 ----a-w- c:\windows\system32\html.iec

2012-08-17 04:05 . 2012-08-17 04:05 403248 ----a-w- c:\windows\system32\iedkcs32.dll

2012-08-17 04:05 . 2012-08-17 04:05 39936 ----a-w- c:\windows\system32\iernonce.dll

2012-08-17 04:05 . 2012-08-17 04:05 3695416 ----a-w- c:\windows\system32\ieapfltr.dat

2012-08-17 04:05 . 2012-08-17 04:05 282112 ----a-w- c:\windows\system32\dxtrans.dll

2012-08-17 04:05 . 2012-08-17 04:05 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-17 04:05 . 2012-08-17 04:05 237056 ----a-w- c:\windows\system32\url.dll

2012-08-17 04:05 . 2012-08-17 04:05 160256 ----a-w- c:\windows\system32\ieakeng.dll

2012-08-17 04:05 . 2012-08-17 04:05 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-08-17 04:05 . 2012-08-17 04:05 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-17 04:05 . 2012-08-17 04:05 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-17 04:05 . 2012-08-17 04:05 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-17 04:05 . 2012-08-17 04:05 697344 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-17 04:05 . 2012-08-17 04:05 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-08-17 04:05 . 2012-08-17 04:05 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-17 04:05 . 2012-08-17 04:05 249344 ----a-w- c:\windows\system32\webcheck.dll

2012-08-17 04:05 . 2012-08-17 04:05 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-08-17 04:05 . 2012-08-17 04:05 160256 ----a-w- c:\windows\system32\wextract.exe

2012-08-17 04:05 . 2012-08-17 04:05 103936 ----a-w- c:\windows\system32\inseng.dll

2012-08-09 07:40 . 2012-08-09 07:40 70184 ----a-w- c:\windows\system32\bdmpega64.acm

2012-07-18 18:15 . 2012-08-17 03:27 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-16 07:40 . 2012-08-17 03:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6AB9EF9E-9BA5-4218-BF64-3D8E55C053C3}\mpengine.dll

2012-07-04 22:16 . 2012-08-17 03:39 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-07-04 22:13 . 2012-08-17 03:39 59392 ----a-w- c:\windows\system32\browcli.dll

2012-07-04 22:13 . 2012-08-17 03:39 136704 ----a-w- c:\windows\system32\browser.dll

2012-07-04 21:14 . 2012-08-17 03:39 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-07-04 07:32 . 2012-07-04 07:32 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-07-04 07:32 . 2012-07-04 07:32 75264 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-07-04 07:32 . 2012-07-04 07:32 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-07-04 07:31 . 2012-07-04 07:31 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-07-04 07:31 . 2012-07-04 07:31 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-07-04 07:31 . 2012-07-04 07:31 16457216 ----a-w- c:\windows\system32\amdocl64.dll

2012-07-04 07:30 . 2012-07-04 07:30 13008384 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-07-04 07:30 . 2012-07-04 07:30 54784 ----a-w- c:\windows\system32\OpenCL.dll

2012-07-04 07:30 . 2012-07-04 07:30 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-07-04 06:59 . 2012-07-04 06:59 11922944 ----a-w- c:\windows\system32\drivers\atikmdag.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-18 1353080]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\users\alu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-8-14 1014624]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-08 116648]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 250568]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-08 116648]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-17 1255736]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-07-04 361984]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-04 359936]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2011-08-08 198480]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-18 22:26]

.

2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-08 16:09]

.

2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-08 16:09]

.

2012-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-145603362-2156621200-4154018364-1000Core.job

- c:\users\alu\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-18 04:11]

.

2012-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-145603362-2156621200-4154018364-1000UA.job

- c:\users\alu\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-18 04:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 291944]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

"MFNetworkScanUtility"="c:\program files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE" [2009-12-15 508312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/ig

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll

TCP: DhcpNameServer = 192.168.1.1 64.59.177.226

TCP: Interfaces\{4B38E3D3-A0C5-4479-B575-9E110BC082C2}: NameServer = 8.8.8.8,8.8.4.4

FF - ProfilePath - c:\users\alu\AppData\Roaming\Mozilla\Firefox\Profiles\nknickt9.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-145603362-2156621200-4154018364-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-145603362-2156621200-4154018364-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-09-18 08:27:48 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-18 13:27

.

Pre-Run: 742,576,009,216 bytes free

Post-Run: 742,238,502,912 bytes free

.

- - End Of File - - B41F52CC5532627475193E232BF700C1

Share this post


Link to post
Share on other sites

Hello paket. :)

 

So conduit has stopped making changes?

 

I see that you have a P2P (Peer-to-Peer) file sharing program installed (uTorrent). I highly recommend that you consider uninstalling it. P2P programs represent a security threat to the information on your system as they allow others to access your system. Just look at the number of high profile compromises in the news as a result of P2P software:

Data about Obama's helicopter breached via P2P?

Leak of congressional ethics document prompts calls for cybersecurity probe

Walter Reed suffers peer-to-peer data breach

Update: Seattle man arrested for p-to-p ID theft

 

More listed here:

Data Security Threats And Breaches

You should read the link at the bottom of that page:

Why File Sharing Networks Are Dangerous (Dartmouth study, .pdf file)

 

In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to remove malware. There are many risks associated with P2P programs, none are worth the risks. If you don't uninstall the P2P software, we will continue to clean your system, but realize that it's likely only a matter of time before you are infected again.

==========

 

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Are there any remaining issues on your computer?

Share this post


Link to post
Share on other sites

Due to the lack of feedback this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0