Smitfraud-C.generic...Please Help!
- Thread starter coyotekanta
- Start date
coyotekanta
New member
ESET March6
Here is new ESET result...
I unistalled SecurityStronghold's SVCHOST removal tools the other days, and Norton Security Scan by Norton's tech support. And removed and reinstalled ComboFix. other than that, nothing has been changed since the first post.
Thanks for your patience to my slow reply!
C:\$RECYCLE.BIN\S-1-5-21-1062982632-715189573-2474834400-1003\$R1H2C84.exe a variant of Win32/SecurityStronghold application
C:\ProgramData\Microsoft\Windows\DRM\50F9.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Microsoft\Windows\DRM\50F9.tmp.dat a variant of Win32/Kryptik.AAZO trojan
C:\ProgramData\Microsoft\Windows\DRM\ED57.tmp a variant of Win32/Kryptik.AAZO trojan
C:\ProgramData\Microsoft\Windows\DRM\F440.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.JG trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\Users\All Users\Microsoft\Windows\DRM\50F9.tmp Win64/Olmarik.AD trojan
C:\Users\All Users\Microsoft\Windows\DRM\50F9.tmp.dat a variant of Win32/Kryptik.AAZO trojan
C:\Users\All Users\Microsoft\Windows\DRM\ED57.tmp a variant of Win32/Kryptik.AAZO trojan
C:\Users\All Users\Microsoft\Windows\DRM\F440.tmp Win64/Olmarik.AD trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\Users\Kaori\Downloads\cnet_EFit_installer_exe.exe a variant of Win32/InstallCore.D application
C:\Windows\System32\config\systemprofile\AppData\Roaming\F95495.exe a variant of Win32/Kryptik.ABEC trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\F95495.exe a variant of Win32/Kryptik.ABEC trojan
Here is new ESET result...
I unistalled SecurityStronghold's SVCHOST removal tools the other days, and Norton Security Scan by Norton's tech support. And removed and reinstalled ComboFix. other than that, nothing has been changed since the first post.
Thanks for your patience to my slow reply!
C:\$RECYCLE.BIN\S-1-5-21-1062982632-715189573-2474834400-1003\$R1H2C84.exe a variant of Win32/SecurityStronghold application
C:\ProgramData\Microsoft\Windows\DRM\50F9.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Microsoft\Windows\DRM\50F9.tmp.dat a variant of Win32/Kryptik.AAZO trojan
C:\ProgramData\Microsoft\Windows\DRM\ED57.tmp a variant of Win32/Kryptik.AAZO trojan
C:\ProgramData\Microsoft\Windows\DRM\F440.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.JG trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\Users\All Users\Microsoft\Windows\DRM\50F9.tmp Win64/Olmarik.AD trojan
C:\Users\All Users\Microsoft\Windows\DRM\50F9.tmp.dat a variant of Win32/Kryptik.AAZO trojan
C:\Users\All Users\Microsoft\Windows\DRM\ED57.tmp a variant of Win32/Kryptik.AAZO trojan
C:\Users\All Users\Microsoft\Windows\DRM\F440.tmp Win64/Olmarik.AD trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\Users\Kaori\Downloads\cnet_EFit_installer_exe.exe a variant of Win32/InstallCore.D application
C:\Windows\System32\config\systemprofile\AppData\Roaming\F95495.exe a variant of Win32/Kryptik.ABEC trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\F95495.exe a variant of Win32/Kryptik.ABEC trojan
ComboFix shouldn't be uninstalled while case is still under work (assuming you did more than just deleting ComboFix.exe file on your desktop).
Open notepad and copy/paste the text in the quotebox below into it:
Code:
File::
C:\ProgramData\Microsoft\Windows\DRM\50F9.tmp
C:\ProgramData\Microsoft\Windows\DRM\50F9.tmp.dat
C:\ProgramData\Microsoft\Windows\DRM\ED57.tmp
C:\ProgramData\Microsoft\Windows\DRM\F440.tmp
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip
C:\Users\All Users\Microsoft\Windows\DRM\50F9.tmp
C:\Users\All Users\Microsoft\Windows\DRM\50F9.tmp.dat
C:\Users\All Users\Microsoft\Windows\DRM\ED57.tmp
C:\Users\All Users\Microsoft\Windows\DRM\F440.tmp
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip
C:\Users\Kaori\Downloads\cnet_EFit_installer_exe.exe
C:\Windows\System32\config\systemprofile\AppData\Roaming\F95495.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\F95495.exeSave this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log. Run ESET scanner again and post back its log.
coyotekanta
New member
New CF result
Thanks, again.
ComboFIx did not update. It said it was expired, and I tried to reinstall without uninstall but it didn't work, so I uninstalled once and reinstalled.
Here is a new CF result..
ComboFix 12-03-04.02 - Kaori 03/06/2012 12:47:54.8.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1977.1134 [GMT -5:00]
Running from: c:\users\Kaori\Downloads\ComboFix.exe
Command switches used :: c:\users\Kaori\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\programdata\Microsoft\Windows\DRM\50F9.tmp"
"c:\programdata\Microsoft\Windows\DRM\50F9.tmp.dat"
"c:\programdata\Microsoft\Windows\DRM\ED57.tmp"
"c:\programdata\Microsoft\Windows\DRM\F440.tmp"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip"
"c:\users\All Users\Microsoft\Windows\DRM\50F9.tmp"
"c:\users\All Users\Microsoft\Windows\DRM\50F9.tmp.dat"
"c:\users\All Users\Microsoft\Windows\DRM\ED57.tmp"
"c:\users\All Users\Microsoft\Windows\DRM\F440.tmp"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip"
"c:\users\Kaori\Downloads\cnet_EFit_installer_exe.exe"
"c:\windows\System32\config\systemprofile\AppData\Roaming\F95495.exe"
"c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\F95495.exe"
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-06 17:55 . 2012-03-06 17:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-02 21:44 . 2012-03-02 21:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-02 06:40 . 2012-03-02 06:40 -------- d-----w- c:\program files (x86)\ESET
2012-02-28 21:32 . 2012-03-02 05:40 -------- d-----w- c:\users\Kaori\AppData\Local\LogMeIn Rescue Applet
2012-02-28 02:09 . 2012-02-28 02:10 -------- d-----w- c:\program files (x86)\ERUNT
2012-02-25 17:55 . 2012-02-28 00:08 691 ----a-w- c:\users\Kaori\AppData\Roaming\GetValue.vbs
2012-02-25 17:55 . 2012-02-28 00:08 35 ----a-w- c:\users\Kaori\AppData\Roaming\SetValue.bat
2012-02-25 10:57 . 2012-02-25 17:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-25 10:57 . 2012-02-25 11:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-23 02:34 . 2012-02-23 02:34 -------- d-----w- c:\users\Kaori\AppData\Roaming\CheckPoint
2012-02-23 02:33 . 2012-02-28 21:18 -------- d-----w- c:\program files\CheckPoint
2012-02-23 02:33 . 2012-02-23 02:33 -------- d-----w- c:\programdata\CheckPoint
2012-02-23 02:32 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-02-23 02:16 . 2012-02-28 21:18 -------- d-----w- c:\program files (x86)\CheckPoint
2012-02-22 12:36 . 2012-02-22 12:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-20 01:20 . 2012-02-20 01:20 128512 ------w- c:\programdata\Microsoft\Windows\DRM\ED57.tmp
2012-02-20 01:20 . 2012-02-20 01:20 6656 ------w- c:\programdata\Microsoft\Windows\DRM\50F9.tmp
2012-02-07 17:20 . 2012-02-07 17:20 6656 ------w- c:\programdata\Microsoft\Windows\DRM\F440.tmp
2012-02-07 17:02 . 2012-02-07 17:02 -------- d-----w- c:\users\Kaori\AppData\Local\DDMSettings
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 12:35 . 2011-02-03 00:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-20 01:27 . 2012-01-18 02:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-27 12:49 . 2011-12-27 12:49 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-27 12:49 . 2011-12-27 12:49 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-27 12:49 . 2011-12-27 12:49 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-27 12:49 . 2011-12-27 12:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-27 12:49 . 2011-12-27 12:49 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-12-27 12:49 . 2011-12-27 12:49 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-27 12:49 . 2011-12-27 12:49 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-12-27 12:49 . 2011-12-27 12:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-27 12:49 . 2011-12-27 12:49 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-27 12:49 . 2011-12-27 12:49 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-27 12:49 . 2011-12-27 12:49 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-27 12:49 . 2011-12-27 12:49 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-27 12:49 . 2011-12-27 12:49 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-12-27 12:49 . 2011-12-27 12:49 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-27 12:49 . 2011-12-27 12:49 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-27 12:49 . 2011-12-27 12:49 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-27 12:49 . 2011-12-27 12:49 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-12-27 12:49 . 2011-12-27 12:49 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-27 12:49 . 2011-12-27 12:49 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-27 12:49 . 2011-12-27 12:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-27 12:49 . 2011-12-27 12:49 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-27 12:49 . 2011-12-27 12:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-12-27 12:49 . 2011-12-27 12:49 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-27 12:49 . 2011-12-27 12:49 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-27 12:49 . 2011-12-27 12:49 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-27 12:49 . 2011-12-27 12:49 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-27 12:49 . 2011-12-27 12:49 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-12-27 12:49 . 2011-12-27 12:49 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-27 12:49 . 2011-12-27 12:49 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-27 12:49 . 2011-12-27 12:49 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-27 12:49 . 2011-12-27 12:49 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-27 12:49 . 2011-12-27 12:49 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-27 12:49 . 2011-12-27 12:49 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-27 12:49 . 2011-12-27 12:49 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-27 12:49 . 2011-12-27 12:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-27 12:49 . 2011-12-27 12:49 448512 ----a-w- c:\windows\system32\html.iec
2011-12-27 12:49 . 2011-12-27 12:49 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-27 12:49 . 2011-12-27 12:49 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-27 12:49 . 2011-12-27 12:49 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-27 12:49 . 2011-12-27 12:49 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-27 12:49 . 2011-12-27 12:49 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-27 12:49 . 2011-12-27 12:49 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-10 20:24 . 2011-07-25 10:54 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-05_13.05.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-06 17:55 . 2012-03-06 17:55 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-03-05 13:03 . 2012-03-05 13:03 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-01-28 05:37 . 2012-03-06 17:44 55910 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-03-05 12:51 37528 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-06 17:44 37528 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-03 00:13 . 2012-03-06 17:44 14822 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1062982632-715189573-2474834400-1003_UserData.bin
- 2011-02-02 23:36 . 2012-03-02 22:12 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-02 23:36 . 2012-03-06 15:45 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-02 23:36 . 2012-03-02 22:12 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-02 23:36 . 2012-03-06 15:45 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-02 22:12 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-06 15:45 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-28 05:37 . 2012-03-06 17:44 55910 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-03-05 12:51 37528 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-06 17:44 37528 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-03 00:13 . 2012-03-06 17:44 14822 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1062982632-715189573-2474834400-1003_UserData.bin
- 2011-02-02 23:36 . 2012-03-02 22:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-02 23:36 . 2012-03-06 15:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-02 23:36 . 2012-03-06 15:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-02 23:36 . 2012-03-02 22:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-02 22:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-06 15:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-05 13:04 . 2012-03-05 13:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-06 17:56 . 2012-03-06 17:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-06 17:56 . 2012-03-06 17:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-05 13:04 . 2012-03-05 13:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-03-05 13:03 408324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-06 17:55 408324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-24 16:13 . 2012-03-06 17:55 5664320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1062982632-715189573-2474834400-1003-12288.dat
- 2009-07-14 02:34 . 2012-03-02 22:21 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-05 13:36 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-03-02 22:21 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-05 13:36 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"BTMeter"="c:\program files (x86)\Battery Meter\BTMeter.exe" [2009-07-02 623984]
"WSED"="c:\program files (x86)\WSED\WSED.exe" [2009-05-27 247080]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-03-02 1583808]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNTkyMTczNDIyLVhPMTArMTItTElDKzIyLVNQMSsxLVNQMVRCKzEtU1VEKzEtUzFJKzEtU1UzKzEtRkwxMCsxLVRVRyszLUREVCsyMDk3OC1MU0QrMi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQVQrMy1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GVUkrMi1GMTBUQisyLVNUMTBUQkYrMQ&prod=90&ver=10.0.1424" [?]
.
c:\users\Kaori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Epson all-in-one Registration.lnk - [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R2 MSSQL$SCHEDUFLOW2008;SQL Server (SCHEDUFLOW2008);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-01-14 341296]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1c51x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 14:35]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 14:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="\Elantech\ETDCtrl.exe" [BU]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-14 7970848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Kaori\AppData\Roaming\Mozilla\Firefox\Profiles\6v7c1pnl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.jp/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1062982632-715189573-2474834400-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1062982632-715189573-2474834400-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
.
**************************************************************************
.
Completion time: 2012-03-06 13:02:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-06 18:02
ComboFix2.txt 2012-03-05 13:29
ComboFix3.txt 2012-03-05 13:10
.
Pre-Run: 279,995,224,064 bytes free
Post-Run: 279,909,732,352 bytes free
.
- - End Of File - - A88FB7E17A48DB26FE493C8EA80FA923
Thanks, again.
ComboFIx did not update. It said it was expired, and I tried to reinstall without uninstall but it didn't work, so I uninstalled once and reinstalled.
Here is a new CF result..
ComboFix 12-03-04.02 - Kaori 03/06/2012 12:47:54.8.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1977.1134 [GMT -5:00]
Running from: c:\users\Kaori\Downloads\ComboFix.exe
Command switches used :: c:\users\Kaori\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\programdata\Microsoft\Windows\DRM\50F9.tmp"
"c:\programdata\Microsoft\Windows\DRM\50F9.tmp.dat"
"c:\programdata\Microsoft\Windows\DRM\ED57.tmp"
"c:\programdata\Microsoft\Windows\DRM\F440.tmp"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip"
"c:\users\All Users\Microsoft\Windows\DRM\50F9.tmp"
"c:\users\All Users\Microsoft\Windows\DRM\50F9.tmp.dat"
"c:\users\All Users\Microsoft\Windows\DRM\ED57.tmp"
"c:\users\All Users\Microsoft\Windows\DRM\F440.tmp"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip"
"c:\users\Kaori\Downloads\cnet_EFit_installer_exe.exe"
"c:\windows\System32\config\systemprofile\AppData\Roaming\F95495.exe"
"c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\F95495.exe"
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-06 17:55 . 2012-03-06 17:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-02 21:44 . 2012-03-02 21:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-02 06:40 . 2012-03-02 06:40 -------- d-----w- c:\program files (x86)\ESET
2012-02-28 21:32 . 2012-03-02 05:40 -------- d-----w- c:\users\Kaori\AppData\Local\LogMeIn Rescue Applet
2012-02-28 02:09 . 2012-02-28 02:10 -------- d-----w- c:\program files (x86)\ERUNT
2012-02-25 17:55 . 2012-02-28 00:08 691 ----a-w- c:\users\Kaori\AppData\Roaming\GetValue.vbs
2012-02-25 17:55 . 2012-02-28 00:08 35 ----a-w- c:\users\Kaori\AppData\Roaming\SetValue.bat
2012-02-25 10:57 . 2012-02-25 17:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-25 10:57 . 2012-02-25 11:02 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-23 02:34 . 2012-02-23 02:34 -------- d-----w- c:\users\Kaori\AppData\Roaming\CheckPoint
2012-02-23 02:33 . 2012-02-28 21:18 -------- d-----w- c:\program files\CheckPoint
2012-02-23 02:33 . 2012-02-23 02:33 -------- d-----w- c:\programdata\CheckPoint
2012-02-23 02:32 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-02-23 02:16 . 2012-02-28 21:18 -------- d-----w- c:\program files (x86)\CheckPoint
2012-02-22 12:36 . 2012-02-22 12:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-20 01:20 . 2012-02-20 01:20 128512 ------w- c:\programdata\Microsoft\Windows\DRM\ED57.tmp
2012-02-20 01:20 . 2012-02-20 01:20 6656 ------w- c:\programdata\Microsoft\Windows\DRM\50F9.tmp
2012-02-07 17:20 . 2012-02-07 17:20 6656 ------w- c:\programdata\Microsoft\Windows\DRM\F440.tmp
2012-02-07 17:02 . 2012-02-07 17:02 -------- d-----w- c:\users\Kaori\AppData\Local\DDMSettings
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 12:35 . 2011-02-03 00:38 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-20 01:27 . 2012-01-18 02:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-27 12:49 . 2011-12-27 12:49 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-27 12:49 . 2011-12-27 12:49 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-27 12:49 . 2011-12-27 12:49 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-27 12:49 . 2011-12-27 12:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-27 12:49 . 2011-12-27 12:49 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-12-27 12:49 . 2011-12-27 12:49 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-27 12:49 . 2011-12-27 12:49 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-12-27 12:49 . 2011-12-27 12:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-27 12:49 . 2011-12-27 12:49 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-27 12:49 . 2011-12-27 12:49 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-27 12:49 . 2011-12-27 12:49 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-27 12:49 . 2011-12-27 12:49 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-27 12:49 . 2011-12-27 12:49 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-12-27 12:49 . 2011-12-27 12:49 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-27 12:49 . 2011-12-27 12:49 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-27 12:49 . 2011-12-27 12:49 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-27 12:49 . 2011-12-27 12:49 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-12-27 12:49 . 2011-12-27 12:49 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-27 12:49 . 2011-12-27 12:49 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-27 12:49 . 2011-12-27 12:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-27 12:49 . 2011-12-27 12:49 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-27 12:49 . 2011-12-27 12:49 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-12-27 12:49 . 2011-12-27 12:49 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-27 12:49 . 2011-12-27 12:49 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-27 12:49 . 2011-12-27 12:49 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-27 12:49 . 2011-12-27 12:49 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-27 12:49 . 2011-12-27 12:49 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-12-27 12:49 . 2011-12-27 12:49 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-27 12:49 . 2011-12-27 12:49 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-27 12:49 . 2011-12-27 12:49 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-27 12:49 . 2011-12-27 12:49 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-27 12:49 . 2011-12-27 12:49 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-27 12:49 . 2011-12-27 12:49 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-27 12:49 . 2011-12-27 12:49 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-27 12:49 . 2011-12-27 12:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-27 12:49 . 2011-12-27 12:49 448512 ----a-w- c:\windows\system32\html.iec
2011-12-27 12:49 . 2011-12-27 12:49 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-27 12:49 . 2011-12-27 12:49 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-27 12:49 . 2011-12-27 12:49 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-27 12:49 . 2011-12-27 12:49 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-27 12:49 . 2011-12-27 12:49 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-27 12:49 . 2011-12-27 12:49 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-10 20:24 . 2011-07-25 10:54 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-05_13.05.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-06 17:55 . 2012-03-06 17:55 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-03-05 13:03 . 2012-03-05 13:03 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-01-28 05:37 . 2012-03-06 17:44 55910 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-03-05 12:51 37528 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-06 17:44 37528 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-03 00:13 . 2012-03-06 17:44 14822 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1062982632-715189573-2474834400-1003_UserData.bin
- 2011-02-02 23:36 . 2012-03-02 22:12 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-02 23:36 . 2012-03-06 15:45 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-02 23:36 . 2012-03-02 22:12 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-02 23:36 . 2012-03-06 15:45 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-02 22:12 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-06 15:45 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-28 05:37 . 2012-03-06 17:44 55910 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-03-05 12:51 37528 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-06 17:44 37528 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-03 00:13 . 2012-03-06 17:44 14822 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1062982632-715189573-2474834400-1003_UserData.bin
- 2011-02-02 23:36 . 2012-03-02 22:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-02 23:36 . 2012-03-06 15:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-02 23:36 . 2012-03-06 15:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-02 23:36 . 2012-03-02 22:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-02 22:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-06 15:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-05 13:04 . 2012-03-05 13:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-06 17:56 . 2012-03-06 17:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-06 17:56 . 2012-03-06 17:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-05 13:04 . 2012-03-05 13:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-03-05 13:03 408324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-06 17:55 408324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-24 16:13 . 2012-03-06 17:55 5664320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1062982632-715189573-2474834400-1003-12288.dat
- 2009-07-14 02:34 . 2012-03-02 22:21 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-05 13:36 10223616 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-03-02 22:21 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-05 13:36 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"BTMeter"="c:\program files (x86)\Battery Meter\BTMeter.exe" [2009-07-02 623984]
"WSED"="c:\program files (x86)\WSED\WSED.exe" [2009-05-27 247080]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-03-02 1583808]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNTkyMTczNDIyLVhPMTArMTItTElDKzIyLVNQMSsxLVNQMVRCKzEtU1VEKzEtUzFJKzEtU1UzKzEtRkwxMCsxLVRVRyszLUREVCsyMDk3OC1MU0QrMi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQVQrMy1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GVUkrMi1GMTBUQisyLVNUMTBUQkYrMQ&prod=90&ver=10.0.1424" [?]
.
c:\users\Kaori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Epson all-in-one Registration.lnk - [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R2 MSSQL$SCHEDUFLOW2008;SQL Server (SCHEDUFLOW2008);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-01-14 341296]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1c51x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 14:35]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 14:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="\Elantech\ETDCtrl.exe" [BU]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-14 7970848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Kaori\AppData\Roaming\Mozilla\Firefox\Profiles\6v7c1pnl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.jp/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1062982632-715189573-2474834400-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1062982632-715189573-2474834400-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
.
**************************************************************************
.
Completion time: 2012-03-06 13:02:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-06 18:02
ComboFix2.txt 2012-03-05 13:29
ComboFix3.txt 2012-03-05 13:10
.
Pre-Run: 279,995,224,064 bytes free
Post-Run: 279,909,732,352 bytes free
.
- - End Of File - - A88FB7E17A48DB26FE493C8EA80FA923
coyotekanta
New member
new eset
C:\ProgramData\Microsoft\Windows\DRM\50F9.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Microsoft\Windows\DRM\50F9.tmp.dat a variant of Win32/Kryptik.AAZO trojan
C:\ProgramData\Microsoft\Windows\DRM\ED57.tmp a variant of Win32/Kryptik.AAZO trojan
C:\ProgramData\Microsoft\Windows\DRM\F440.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.JG trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\Users\All Users\Microsoft\Windows\DRM\50F9.tmp Win64/Olmarik.AD trojan
C:\Users\All Users\Microsoft\Windows\DRM\50F9.tmp.dat a variant of Win32/Kryptik.AAZO trojan
C:\Users\All Users\Microsoft\Windows\DRM\ED57.tmp a variant of Win32/Kryptik.AAZO trojan
C:\Users\All Users\Microsoft\Windows\DRM\F440.tmp Win64/Olmarik.AD trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\Users\Kaori\Downloads\cnet_EFit_installer_exe.exe a variant of Win32/InstallCore.D application
C:\Windows\System32\config\systemprofile\AppData\Roaming\F95495.exe a variant of Win32/Kryptik.ABEC trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\F95495.exe a variant of Win32/Kryptik.ABEC trojan
C:\ProgramData\Microsoft\Windows\DRM\50F9.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Microsoft\Windows\DRM\50F9.tmp.dat a variant of Win32/Kryptik.AAZO trojan
C:\ProgramData\Microsoft\Windows\DRM\ED57.tmp a variant of Win32/Kryptik.AAZO trojan
C:\ProgramData\Microsoft\Windows\DRM\F440.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.JG trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\Users\All Users\Microsoft\Windows\DRM\50F9.tmp Win64/Olmarik.AD trojan
C:\Users\All Users\Microsoft\Windows\DRM\50F9.tmp.dat a variant of Win32/Kryptik.AAZO trojan
C:\Users\All Users\Microsoft\Windows\DRM\ED57.tmp a variant of Win32/Kryptik.AAZO trojan
C:\Users\All Users\Microsoft\Windows\DRM\F440.tmp Win64/Olmarik.AD trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\Users\Kaori\Downloads\cnet_EFit_installer_exe.exe a variant of Win32/InstallCore.D application
C:\Windows\System32\config\systemprofile\AppData\Roaming\F95495.exe a variant of Win32/Kryptik.ABEC trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\F95495.exe a variant of Win32/Kryptik.ABEC trojan
Hi,
Show hidden files
-----------------
1. Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
2. Click the View tab.
3. Under Advanced settings, click Show hidden files and folders, and then click OK.
Navigate to C:\ProgramData\Microsoft\Windows\DRM folder and see if you can find and delete these files:
50F9.tmp
50F9.tmp.dat
ED57.tmp
F440.tmp
Let me know how it goes and then we'll continue.
Show hidden files
-----------------
1. Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
2. Click the View tab.
3. Under Advanced settings, click Show hidden files and folders, and then click OK.
Navigate to C:\ProgramData\Microsoft\Windows\DRM folder and see if you can find and delete these files:
50F9.tmp
50F9.tmp.dat
ED57.tmp
F440.tmp
Let me know how it goes and then we'll continue.
coyotekanta
New member
Those Files
Hi, how are you?
I followed your direction precisely, and did not see DRM folder under C:\Program Data\Microsoft\Windows\.
I went to control panel again and tried to unclick "hide protected operating system file", and looked under C:\.....\Windows\. DRM folder appered under \Windows\..., but did not see the files. Checked "hide..." option back.
So I used "search option" in windows explore. Then the search option showed those files in search windows! I deleted them.
They are in "recicle bin" now.
I restarted PC just in case. It restarted without a trouble.
Aren't those files "protected operating system fie"?
Is it OK to delete them?
Should I empty recicle bin too?
Waiting for the next direction patiently.
Thanks.
Hi, how are you?
I followed your direction precisely, and did not see DRM folder under C:\Program Data\Microsoft\Windows\.
I went to control panel again and tried to unclick "hide protected operating system file", and looked under C:\.....\Windows\. DRM folder appered under \Windows\..., but did not see the files. Checked "hide..." option back.
So I used "search option" in windows explore. Then the search option showed those files in search windows! I deleted them.
They are in "recicle bin" now.
I restarted PC just in case. It restarted without a trouble.
Aren't those files "protected operating system fie"?
Is it OK to delete them?
Should I empty recicle bin too?
Waiting for the next direction patiently.
Thanks.
coyotekanta
New member
and this is new eset
ESET new result...
C:\$RECYCLE.BIN\S-1-5-21-1062982632-715189573-2474834400-1003\$R67BHQC.tmp Win64/Olmarik.AD trojan
C:\$RECYCLE.BIN\S-1-5-21-1062982632-715189573-2474834400-1003\$RACEYLA.tmp a variant of Win32/Kryptik.AAZO trojan
C:\$RECYCLE.BIN\S-1-5-21-1062982632-715189573-2474834400-1003\$RD64GNZ.dat a variant of Win32/Kryptik.AAZO trojan
C:\$RECYCLE.BIN\S-1-5-21-1062982632-715189573-2474834400-1003\$RPBW5AB.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.JG trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\Users\Kaori\Downloads\cnet_EFit_installer_exe.exe a variant of Win32/InstallCore.D application
C:\Windows\System32\config\systemprofile\AppData\Roaming\F95495.exe a variant of Win32/Kryptik.ABEC trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\F95495.exe a variant of Win32/Kryptik.ABEC trojan
ESET new result...
C:\$RECYCLE.BIN\S-1-5-21-1062982632-715189573-2474834400-1003\$R67BHQC.tmp Win64/Olmarik.AD trojan
C:\$RECYCLE.BIN\S-1-5-21-1062982632-715189573-2474834400-1003\$RACEYLA.tmp a variant of Win32/Kryptik.AAZO trojan
C:\$RECYCLE.BIN\S-1-5-21-1062982632-715189573-2474834400-1003\$RD64GNZ.dat a variant of Win32/Kryptik.AAZO trojan
C:\$RECYCLE.BIN\S-1-5-21-1062982632-715189573-2474834400-1003\$RPBW5AB.tmp Win64/Olmarik.AD trojan
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.JG trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\02.03.2012_16.43.15\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm
C:\Users\Kaori\Downloads\cnet_EFit_installer_exe.exe a variant of Win32/InstallCore.D application
C:\Windows\System32\config\systemprofile\AppData\Roaming\F95495.exe a variant of Win32/Kryptik.ABEC trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\F95495.exe a variant of Win32/Kryptik.ABEC trojan
Fine. I hope you too
Let's see if we can tackle those remaining items in the same way.
Delete C:\TDSSKiller_Quarantine folder.
Then delete these files:
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip
C:\Users\Kaori\Downloads\cnet_EFit_installer_exe.exe
C:\Windows\System32\config\systemprofile\AppData\Roaming\F95495.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\F95495.exe
coyotekanta
New member
thanks but..
Thanks for your support all this way.
It looked that smitfraud was gone now, and remained F959...file seemed to invade my laptop long time ago. None of spyware detector and AVG did not even detect it.
My husband brought my laptop to a repair guy to reinstall OS because our daughter's 10" laptop was also attached by Rootkit..so we are tired to deal with it.
So I do not have infected PC right now.
But thank you very much for your help!
I really had a great experience to see how to work with the virus and to find out somebody can take care of us!
Thank you!
Thanks for your support all this way.
It looked that smitfraud was gone now, and remained F959...file seemed to invade my laptop long time ago. None of spyware detector and AVG did not even detect it.
My husband brought my laptop to a repair guy to reinstall OS because our daughter's 10" laptop was also attached by Rootkit..so we are tired to deal with it.
So I do not have infected PC right now.
But thank you very much for your help!
I really had a great experience to see how to work with the virus and to find out somebody can take care of us!
Thank you!
Since this issue appears to be resolved ... this Topic has been closed.
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.