also @ TechSpot: Google, Samsung unveil Chromebook, Chromebox with Chrome OS 19

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Solved] FireFox hijacked

Discussion in 'Virus and Malware Removal' started by Swizzle, Dec 26, 2010.

Thread Status:
Not open for further replies.
Page 3 of 3

  1. Broni Malware Annihilator

    Happy Birthday!

    Either way will do.

    Re-run MBAM one more time.
    Broni, Dec 31, 2010
    #41

  2. Swizzle Newcomer, in training

    Thank you.

    MAMB says it removed it last time but I double checked and it doesn't remove the Trojan.


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5401

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    1/01/2011 11:07:05 a.m.
    mbam-log-2011-01-01 (11-07-05).txt

    Scan type: Quick scan
    Objects scanned: 137696
    Time elapsed: 5 minute(s), 17 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{94D3FFAF-8C22-7A2D-D478-D3F4658F9416} (Trojan.ZbotR.Gen) -> Value: {94D3FFAF-8C22-7A2D-D478-D3F4658F9416} -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    Swizzle, Dec 31, 2010
    #42

  3. Broni Malware Annihilator

    Hmm...

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
    Broni, Dec 31, 2010
    #43

  4. Swizzle Newcomer, in training

    ComboFix 10-12-31.01 - Rippedorgans 01/01/2011 11:20:21.4.1 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.64.1033.18.894.322 [GMT 13:00]
    Running from: c:\users\Rippedorgans\Downloads\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Rippedorgans\AppData\Roaming\Ivotbu\zueb.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-31 )))))))))))))))))))))))))))))))
    .

    2010-12-31 22:29 . 2010-12-31 22:29 -------- d-----w- c:\users\Rippedorgans\AppData\Local\temp
    2010-12-31 22:29 . 2010-12-31 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-31 18:48 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{23F9E6B9-B1D3-4AAC-B900-F5CBC07EA63F}\mpengine.dll
    2010-12-31 07:53 . 2010-12-31 07:53 -------- d-----w- c:\program files\Common Files\Adobe
    2010-12-31 07:50 . 2010-12-31 07:50 -------- d-----w- c:\programdata\McAfee Security Scan
    2010-12-31 07:50 . 2010-12-31 07:50 -------- d-----w- c:\program files\McAfee Security Scan
    2010-12-31 05:24 . 2010-12-31 05:24 -------- d-----w- c:\program files\ESET
    2010-12-27 05:51 . 2010-12-12 19:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-12-27 05:51 . 2010-12-12 19:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-12-27 05:51 . 2010-12-27 05:51 -------- d-----w- c:\programdata\Avira
    2010-12-27 05:51 . 2010-12-27 05:51 -------- d-----w- c:\program files\Avira
    2010-12-26 23:25 . 2009-11-03 01:07 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
    2010-12-26 23:25 . 2009-11-03 01:07 1970176 ----a-w- c:\windows\system32\d3dx9.dll
    2010-12-26 22:55 . 2010-12-26 22:55 -------- d-----w- c:\program files\Trend Micro
    2010-12-24 22:15 . 2010-12-27 09:05 -------- d-----w- c:\users\Rippedorgans\AppData\Roaming\Kodak
    2010-12-24 22:14 . 2010-12-24 22:14 -------- d-----w- c:\program files\SANYO
    2010-12-24 22:14 . 2010-12-24 22:14 -------- d-----w- c:\users\Rippedorgans\AppData\Local\Programs
    2010-12-24 22:13 . 2010-12-24 22:13 -------- d-----w- c:\users\Rippedorgans\AppData\Local\ArcSoft
    2010-12-24 22:12 . 2010-12-27 22:19 -------- d--h--w- c:\programdata\ArcSoft
    2010-12-24 22:10 . 2006-11-10 02:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
    2010-12-24 22:10 . 2010-12-24 22:10 -------- d-----w- c:\program files\Common Files\ArcSoft
    2010-12-24 22:10 . 2010-12-24 22:10 -------- d-----w- c:\program files\ArcSoft
    2010-12-24 22:09 . 2010-12-26 13:11 -------- d-----w- c:\users\Rippedorgans\AppData\Roaming\ArcSoft
    2010-12-22 06:32 . 2010-12-31 04:24 -------- d-----w- c:\program files\Cheat Engine
    2010-12-19 05:27 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
    2010-12-19 05:25 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2010-12-19 05:25 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-12-19 05:25 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll
    2010-12-19 05:25 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2010-12-19 05:25 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
    2010-12-19 05:25 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe
    2010-12-19 05:25 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-12-19 05:25 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-19 05:25 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
    2010-12-19 05:23 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
    2010-12-19 05:23 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2010-12-19 05:19 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-12-16 23:49 . 2010-12-16 23:49 -------- d--h--w- c:\programdata\CanonBJ
    2010-12-16 11:14 . 2010-12-16 11:14 -------- d-----w- c:\users\Rippedorgans\AppData\Roaming\OpenOffice.org
    2010-12-16 10:22 . 2010-12-16 10:23 -------- d-----w- c:\program files\OpenOffice.org 3

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-20 05:09 . 2010-08-18 21:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 05:08 . 2010-08-18 21:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-14 05:59 . 2010-11-14 03:03 21840 ----atw- c:\windows\system32\SIntfNT.dll
    2010-11-14 05:59 . 2010-11-14 03:03 17212 ----atw- c:\windows\system32\SIntf32.dll
    2010-11-14 05:59 . 2010-11-14 03:03 12067 ----atw- c:\windows\system32\SIntf16.dll
    2010-11-14 04:32 . 2009-12-24 15:50 249856 ------w- c:\windows\Setup1.exe
    2010-11-14 04:32 . 2009-12-24 15:50 73216 ----a-w- c:\windows\ST6UNST.EXE
    2010-11-14 04:26 . 2010-11-14 04:26 94208 ----a-w- c:\windows\DIIUnin.exe
    2010-11-14 04:26 . 2010-11-14 04:26 2829 ----a-w- c:\windows\DIIUnin.pif
    2010-11-13 23:07 . 2010-11-13 23:07 26 ----a-w- c:\windows\winstart.bat
    2010-11-13 23:07 . 2010-11-13 23:07 144 ----a-w- c:\windows\tmpcpyis.bat
    2010-11-13 23:07 . 2010-11-13 23:07 122 ----a-w- c:\windows\tmpdelis.bat
    2010-11-12 05:53 . 2010-08-16 13:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-26 03:40 . 2010-10-26 03:40 48522 ----a-w- c:\windows\system32\nglide_uninst.exe
    2010-10-18 21:41 . 2009-12-17 20:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-15 15:32 . 2010-10-15 15:32 1298432 ----a-w- c:\windows\system32\glide3x.dll
    2010-10-15 15:32 . 2010-10-15 15:32 1286144 ----a-w- c:\windows\system32\glide2x.dll
    2010-10-13 23:04 . 2010-10-13 23:04 53248 ----a-w- c:\windows\system32\nglide_config.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
    "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-13 248552]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-17 207360]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-12 281768]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-09 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-09 932288]

    c:\users\Rippedorgans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockFree\ObjectDock.exe [N/A]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-16 255536]
    SANYO Screen Capture 1.1.lnk - c:\windows\Installer\{59498F87-43F8-4A02-AAE6-DD91519A9D05}\_53DB54D1AAC28DB5D10AED.exe [2010-12-25 128198]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @=""

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
    backup=c:\windows\pss\Rainmeter.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-08-15 3700176]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-30 1343400]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-12 135336]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HsfXAudioService REG_MULTI_SZ HsfXAudioService
    Akamai REG_MULTI_SZ Akamai
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.nz/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=91&bd=Presario&pf=cnnb
    IE: &AOL Toolbar Search
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Rippedorgans\AppData\Roaming\Mozilla\Firefox\Profiles\lwoqfj2n.default\
    FF - prefs.js: network.proxy.type - 4
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
    FF - Ext: RefreshBlocker: {55ce2530-61df-4ddc-b287-feae64e70575} - %profile%\extensions\{55ce2530-61df-4ddc-b287-feae64e70575}
    FF - Ext: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    FF - Ext: MessengerPlusLive TB Toolbar: {d8fb4583-db9d-4c7b-85be-294c13a3e5c4} - %profile%\extensions\{d8fb4583-db9d-4c7b-85be-294c13a3e5c4}
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-{94D3FFAF-8C22-7A2D-D478-D3F4658F9416} - c:\users\Rippedorgans\AppData\Roaming\Ivotbu\zueb.exe
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    AddRemove-{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1 - c:\program files\Uniblue\RegistryBooster\unins000.exe



    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000001

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-01-01 11:33:41
    ComboFix-quarantined-files.txt 2010-12-31 22:33

    Pre-Run: 25,187,811,328 bytes free
    Post-Run: 25,131,397,120 bytes free

    - - End Of File - - 9E552689BEF4D9D283CE560DF1C3A849
    Swizzle, Dec 31, 2010
    #44

  5. Broni Malware Annihilator

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
c:\users\Rippedorgans\AppData\Roaming\Ivotbu

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
    Broni, Dec 31, 2010
    #45

  6. Swizzle Newcomer, in training

    ComboFix 10-12-31.01 - Rippedorgans 01/01/2011 11:44:08.5.1 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.64.1033.18.894.218 [GMT 13:00]
    Running from: c:\users\Rippedorgans\Downloads\ComboFix.exe
    Command switches used :: c:\users\Rippedorgans\Desktop\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-31 )))))))))))))))))))))))))))))))
    .

    2010-12-31 22:53 . 2010-12-31 22:53 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-31 22:33 . 2010-12-31 22:53 -------- d-----w- c:\users\Rippedorgans\AppData\Local\temp
    2010-12-31 18:48 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{23F9E6B9-B1D3-4AAC-B900-F5CBC07EA63F}\mpengine.dll
    2010-12-31 07:53 . 2010-12-31 07:53 -------- d-----w- c:\program files\Common Files\Adobe
    2010-12-31 07:50 . 2010-12-31 07:50 -------- d-----w- c:\programdata\McAfee Security Scan
    2010-12-31 07:50 . 2010-12-31 07:50 -------- d-----w- c:\program files\McAfee Security Scan
    2010-12-31 05:24 . 2010-12-31 05:24 -------- d-----w- c:\program files\ESET
    2010-12-27 05:51 . 2010-12-12 19:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-12-27 05:51 . 2010-12-12 19:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-12-27 05:51 . 2010-12-27 05:51 -------- d-----w- c:\programdata\Avira
    2010-12-27 05:51 . 2010-12-27 05:51 -------- d-----w- c:\program files\Avira
    2010-12-26 23:25 . 2009-11-03 01:07 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
    2010-12-26 23:25 . 2009-11-03 01:07 1970176 ----a-w- c:\windows\system32\d3dx9.dll
    2010-12-26 22:55 . 2010-12-26 22:55 -------- d-----w- c:\program files\Trend Micro
    2010-12-24 22:15 . 2010-12-27 09:05 -------- d-----w- c:\users\Rippedorgans\AppData\Roaming\Kodak
    2010-12-24 22:14 . 2010-12-24 22:14 -------- d-----w- c:\program files\SANYO
    2010-12-24 22:14 . 2010-12-24 22:14 -------- d-----w- c:\users\Rippedorgans\AppData\Local\Programs
    2010-12-24 22:13 . 2010-12-24 22:13 -------- d-----w- c:\users\Rippedorgans\AppData\Local\ArcSoft
    2010-12-24 22:12 . 2010-12-27 22:19 -------- d--h--w- c:\programdata\ArcSoft
    2010-12-24 22:10 . 2006-11-10 02:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
    2010-12-24 22:10 . 2010-12-24 22:10 -------- d-----w- c:\program files\Common Files\ArcSoft
    2010-12-24 22:10 . 2010-12-24 22:10 -------- d-----w- c:\program files\ArcSoft
    2010-12-24 22:09 . 2010-12-26 13:11 -------- d-----w- c:\users\Rippedorgans\AppData\Roaming\ArcSoft
    2010-12-22 06:32 . 2010-12-31 04:24 -------- d-----w- c:\program files\Cheat Engine
    2010-12-19 05:27 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
    2010-12-19 05:25 . 2010-11-02 04:39 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2010-12-19 05:25 . 2010-11-02 04:41 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-12-19 05:25 . 2010-11-02 04:40 496128 ----a-w- c:\windows\system32\taskschd.dll
    2010-12-19 05:25 . 2010-11-02 04:40 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2010-12-19 05:25 . 2010-11-02 04:34 192000 ----a-w- c:\windows\system32\taskeng.exe
    2010-12-19 05:25 . 2010-11-02 04:34 179712 ----a-w- c:\windows\system32\schtasks.exe
    2010-12-19 05:25 . 2010-10-20 04:54 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-12-19 05:25 . 2010-10-20 02:58 294400 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-19 05:25 . 2010-10-16 04:36 314368 ----a-w- c:\windows\system32\webio.dll
    2010-12-19 05:23 . 2010-10-16 04:41 101760 ----a-w- c:\windows\system32\consent.exe
    2010-12-19 05:23 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2010-12-19 05:19 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-12-16 23:49 . 2010-12-16 23:49 -------- d--h--w- c:\programdata\CanonBJ
    2010-12-16 11:14 . 2010-12-16 11:14 -------- d-----w- c:\users\Rippedorgans\AppData\Roaming\OpenOffice.org
    2010-12-16 10:22 . 2010-12-16 10:23 -------- d-----w- c:\program files\OpenOffice.org 3

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-20 05:09 . 2010-08-18 21:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 05:08 . 2010-08-18 21:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-14 05:59 . 2010-11-14 03:03 21840 ----atw- c:\windows\system32\SIntfNT.dll
    2010-11-14 05:59 . 2010-11-14 03:03 17212 ----atw- c:\windows\system32\SIntf32.dll
    2010-11-14 05:59 . 2010-11-14 03:03 12067 ----atw- c:\windows\system32\SIntf16.dll
    2010-11-14 04:32 . 2009-12-24 15:50 249856 ------w- c:\windows\Setup1.exe
    2010-11-14 04:32 . 2009-12-24 15:50 73216 ----a-w- c:\windows\ST6UNST.EXE
    2010-11-14 04:26 . 2010-11-14 04:26 94208 ----a-w- c:\windows\DIIUnin.exe
    2010-11-14 04:26 . 2010-11-14 04:26 2829 ----a-w- c:\windows\DIIUnin.pif
    2010-11-13 23:07 . 2010-11-13 23:07 26 ----a-w- c:\windows\winstart.bat
    2010-11-13 23:07 . 2010-11-13 23:07 144 ----a-w- c:\windows\tmpcpyis.bat
    2010-11-13 23:07 . 2010-11-13 23:07 122 ----a-w- c:\windows\tmpdelis.bat
    2010-11-12 05:53 . 2010-08-16 13:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-26 03:40 . 2010-10-26 03:40 48522 ----a-w- c:\windows\system32\nglide_uninst.exe
    2010-10-18 21:41 . 2009-12-17 20:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-15 15:32 . 2010-10-15 15:32 1298432 ----a-w- c:\windows\system32\glide3x.dll
    2010-10-15 15:32 . 2010-10-15 15:32 1286144 ----a-w- c:\windows\system32\glide2x.dll
    2010-10-13 23:04 . 2010-10-13 23:04 53248 ----a-w- c:\windows\system32\nglide_config.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
    "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-13 248552]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-17 207360]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-12 281768]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-09 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-09 932288]

    c:\users\Rippedorgans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockFree\ObjectDock.exe [N/A]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-16 255536]
    SANYO Screen Capture 1.1.lnk - c:\windows\Installer\{59498F87-43F8-4A02-AAE6-DD91519A9D05}\_53DB54D1AAC28DB5D10AED.exe [2010-12-25 128198]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @=""

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
    backup=c:\windows\pss\Rainmeter.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-08-15 3700176]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-30 1343400]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-12 135336]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HsfXAudioService REG_MULTI_SZ HsfXAudioService
    Akamai REG_MULTI_SZ Akamai
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.nz/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nz&c=91&bd=Presario&pf=cnnb
    IE: &AOL Toolbar Search
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Rippedorgans\AppData\Roaming\Mozilla\Firefox\Profiles\lwoqfj2n.default\
    FF - prefs.js: network.proxy.type - 4
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
    FF - Ext: RefreshBlocker: {55ce2530-61df-4ddc-b287-feae64e70575} - %profile%\extensions\{55ce2530-61df-4ddc-b287-feae64e70575}
    FF - Ext: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - %profile%\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    FF - Ext: MessengerPlusLive TB Toolbar: {d8fb4583-db9d-4c7b-85be-294c13a3e5c4} - %profile%\extensions\{d8fb4583-db9d-4c7b-85be-294c13a3e5c4}
    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000001

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(1268)
    c:\users\Rippedorgans\AppData\Local\FLVService\lib\FLVSrvLib.dll
    c:\program files\Stardock\Fences\FencesMenu.dll
    c:\program files\stardock\fences\DesktopDock.dll
    .
    Completion time: 2011-01-01 11:57:55
    ComboFix-quarantined-files.txt 2010-12-31 22:57
    ComboFix2.txt 2010-12-31 22:33

    Pre-Run: 25,192,361,984 bytes free
    Post-Run: 25,124,614,144 bytes free

    - - End Of File - - BBCA57228EE8E37EB4A19BFC1755F5BC
    Swizzle, Dec 31, 2010
    #46

  7. Broni Malware Annihilator

    OK, re-run MBAM one more time...
    Broni, Dec 31, 2010
    #47

  8. Swizzle Newcomer, in training

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5401

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    1/01/2011 12:35:45 p.m.
    mbam-log-2011-01-01 (12-35-45).txt

    Scan type: Quick scan
    Objects scanned: 137427
    Time elapsed: 7 minute(s), 51 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    Swizzle, Dec 31, 2010
    #48

  9. Broni Malware Annihilator

    Good :)

    Reset your system restore (IMPORTANT!)

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.

    You should be good to go :)
    Broni, Dec 31, 2010
    #49

  10. Swizzle Newcomer, in training

    I done the OTL restore just to be safe. Came with a log so I'll add that to this post. On start up SpyBot came up with:

    "Category: Disable Command
    Change: Value Added
    Entry: DisableCMD
    Old Data:
    New Data: 0"

    Not sure if I should accept or deny these changes. Sounds a bit suspicious and don't want that Trojan coming back.

    OTL log:

    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 844 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 48.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Rippedorgans
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.18.2 log created on 01012011_130727

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...


    I'll be back in a while later, family is here. Thank you for all your assistance.
    Swizzle, Dec 31, 2010
    #50

  11. Broni Malware Annihilator

    Accept Spybot request.

    It doesn't look like OTL did reset system restore, so you better do it manually.
    Broni, Dec 31, 2010
    #51

  12. Swizzle Newcomer, in training

    Ok I will do that when I get back. I've got to head out for a few hours. I'll keep you posted then.
    Swizzle, Dec 31, 2010
    #52

  13. Broni Malware Annihilator

    Me too.
    Party time :)
    Broni, Dec 31, 2010
    #53

  14. Swizzle Newcomer, in training

    Hope you had a good party. Didn't get too drunk? :haha: Well, I've created a new System restore point. Anything else you need me to do? I'm going away on holiday for about a week tomorrow, but I can check up in the morning (about to sleep after I post this).
    Swizzle, Jan 1, 2011
    #54

  15. Broni Malware Annihilator

    I had a great time, thank you :)

    You should be good to go, if you don't have any other current issues.

    Good luck and stay safe ;)
    Broni, Jan 1, 2011
    #55

  16. Swizzle Newcomer, in training

    Thanks for all your help once again. :)
    Swizzle, Jan 1, 2011
    #56

  17. Broni Malware Annihilator

    You're very welcome [IMG]
    Broni, Jan 1, 2011
    #57
Page 3 of 3
Thread Status:
Not open for further replies.