TechSpot

Remote Desktop Connection: mstsc.exe - Bad Image

By russellme
Dec 15, 2011
  1. When I start my computer, I get the following error message:

    avgtray.exe - Bad Image

    "C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."


    When I click on Remote Desktop Connection I get 3 errors, in this order:

    Remote Desktop Connection: mstsc.exe - Bad Image

    1. "C:\Windows\System32\mstscax.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."

    2. "Could not load the Remote Desktop Service ActiveX control. Make sure mstscax.dll is in the path."

    3. "Your computer was unable to connect to the remote computer. Try to reconnect. If the problem continues, contact the owner of the remote computer or your network administrator."

    This started happening about a month ago. I never had problems with Remote Desktop Connection before but now I am never able to use it. Also, since this started my computer has been randomly freezing and crashing. Not sure if the 2 are related.

    When my computer freezes, I try to use "ctrl-alt-delete" and i get the following error:

    "The logon process was unable to display security and logon options when CTRL + ALT + DELETE was pressed. If the operating system does not respond, press ESC or restart the computer by using the power switch."

    Any help would be appreciated, thanks-
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================================================
     
  3. russellme

    russellme TS Rookie Topic Starter

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8377

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    12/15/2011 10:17:27 PM
    mbam-log-2011-12-15 (22-17-27).txt

    Scan type: Quick scan
    Objects scanned: 191978
    Time elapsed: 7 minute(s), 26 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-12-15 22:32:24
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916082 rev.3.CD
    Running: 7py83w3i.exe; Driver: C:\Users\Russell\AppData\Local\Temp\afrdafow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Russell at 22:40:31 on 2011-12-15
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3062.1816 [GMT -8:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Windows\system32\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\STacSV.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\System32\bcmwltry.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\OEM02Mon.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
    C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3080307
    uSearch Bar = Preserve
    uStart Page = hxxp://www.google.com/
    uWindow Title = Internet Explorer provided by Dell
    uInternet Settings,ProxyServer = http=127.0.0.1:52182
    uInternet Settings,ProxyOverride = *.local
    uWinlogon: Shell=explorer.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
    mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEVENT~1.EXE
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFU3SEctWUxVVlUtRVMyRUctUUY3WEMtVkxDOVctUTRMWkc"&"inst=NzctNzcyNzE1MzU3LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1YTzM2KzEtRjlNN0MrNS1GOU0xMEIrMi1GOU0yKzEtRkwxMCsxLVhPMTArMTEtRERUKzI1MzkzLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMS1MMTBNKzItRjEwTTEyQVQrMjItRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtU1QxMkZPSSsxLUYxME0xMkFVKzEtRVVMQSsxLVNUMTJGQVBQKzEtU1RGMTBNMTJBVUYrMQ"&"prod=90"&"ver=2012.0.1831"&"mid=752e18dbf417614deda778e1aa88715d-a200422ab4a64a09daa5c196635c37e9004e1359
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} - hxxp://www.pdc.wa.gov/viewer/activeXViewer/activexviewer.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://youthrevolution.squarespace.com/universal/activex/XUpload.ocx
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{C5BBACF0-3032-4AAA-879A-84D30C746BB5} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{DB95D3A6-6916-4C2C-9386-5669337E140B} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{DB95D3A6-6916-4C2C-9386-5669337E140B}\3756365727561405 : DhcpNameServer = 10.1.10.2 75.75.75.75 75.75.76.76
    TCP: Interfaces\{DB95D3A6-6916-4C2C-9386-5669337E140B}\74F405E4564777F627B6 : DhcpNameServer = 192.168.2.1 68.87.69.150 68.87.85.102
    TCP: Interfaces\{DB95D3A6-6916-4C2C-9386-5669337E140B}\C696E6B6379737 : DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{DB95D3A6-6916-4C2C-9386-5669337E140B}\D49636865616C6 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{DB95D3A6-6916-4C2C-9386-5669337E140B}\E4544574541425 : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Notify: igfxcui - igfxdev.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165648]
    R1 MpKsl5d700655;MpKsl5d700655;c:\programdata\microsoft\microsoft antimalware\definition updates\{b8988e67-b22b-45b9-92b6-a43cd6daca2d}\MpKsl5d700655.sys [2011-12-15 29904]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-10-23 73728]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-3-7 111104]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-5-14 1153368]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-24 1343400]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
    S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
    .
    =============== Created Last 30 ================
    .
    2011-12-16 06:05:17 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b8988e67-b22b-45b9-92b6-a43cd6daca2d}\MpKsl5d700655.sys
    2011-12-16 06:05:14 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b8988e67-b22b-45b9-92b6-a43cd6daca2d}\offreg.dll
    2011-12-16 00:19:04 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-16 00:19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-16 00:09:12 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b8988e67-b22b-45b9-92b6-a43cd6daca2d}\mpengine.dll
    2011-12-15 23:44:10 2342912 ----a-w- c:\windows\system32\win32k.sys
    2011-12-15 23:44:07 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-15 23:44:02 534528 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-15 23:44:02 38912 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-15 23:44:00 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-12-15 23:44:00 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
    .
    ==================== Find3M ====================
    .
    2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-24 22:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 22:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-11 18:33:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-29 16:03:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    ============= FINISH: 22:41:19.05 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 10/23/2009 4:52:20 PM
    System Uptime: 12/15/2011 10:04:26 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0U990C
    Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 2001/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 136 GiB total, 81.999 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 5.698 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKslf1275534
    Device ID: ROOT\LEGACY_MPKSLF1275534\0000
    Manufacturer:
    Name: MpKslf1275534
    PNP Device ID: ROOT\LEGACY_MPKSLF1275534\0000
    Service: MpKslf1275534
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl065b8706
    Device ID: ROOT\LEGACY_MPKSL065B8706\0000
    Manufacturer:
    Name: MpKsl065b8706
    PNP Device ID: ROOT\LEGACY_MPKSL065B8706\0000
    Service: MpKsl065b8706
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl07565968
    Device ID: ROOT\LEGACY_MPKSL07565968\0000
    Manufacturer:
    Name: MpKsl07565968
    PNP Device ID: ROOT\LEGACY_MPKSL07565968\0000
    Service: MpKsl07565968
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl5716b05a
    Device ID: ROOT\LEGACY_MPKSL5716B05A\0000
    Manufacturer:
    Name: MpKsl5716b05a
    PNP Device ID: ROOT\LEGACY_MPKSL5716B05A\0000
    Service: MpKsl5716b05a
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKslfaad9973
    Device ID: ROOT\LEGACY_MPKSLFAAD9973\0000
    Manufacturer:
    Name: MpKslfaad9973
    PNP Device ID: ROOT\LEGACY_MPKSLFAAD9973\0000
    Service: MpKslfaad9973
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKslc5a7edfe
    Device ID: ROOT\LEGACY_MPKSLC5A7EDFE\0000
    Manufacturer:
    Name: MpKslc5a7edfe
    PNP Device ID: ROOT\LEGACY_MPKSLC5A7EDFE\0000
    Service: MpKslc5a7edfe
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl1ea3c712
    Device ID: ROOT\LEGACY_MPKSL1EA3C712\0000
    Manufacturer:
    Name: MpKsl1ea3c712
    PNP Device ID: ROOT\LEGACY_MPKSL1EA3C712\0000
    Service: MpKsl1ea3c712
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl3e9e84b7
    Device ID: ROOT\LEGACY_MPKSL3E9E84B7\0000
    Manufacturer:
    Name: MpKsl3e9e84b7
    PNP Device ID: ROOT\LEGACY_MPKSL3E9E84B7\0000
    Service: MpKsl3e9e84b7
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsla334a226
    Device ID: ROOT\LEGACY_MPKSLA334A226\0000
    Manufacturer:
    Name: MpKsla334a226
    PNP Device ID: ROOT\LEGACY_MPKSLA334A226\0000
    Service: MpKsla334a226
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsle96e3d17
    Device ID: ROOT\LEGACY_MPKSLE96E3D17\0000
    Manufacturer:
    Name: MpKsle96e3d17
    PNP Device ID: ROOT\LEGACY_MPKSLE96E3D17\0000
    Service: MpKsle96e3d17
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl4c588643
    Device ID: ROOT\LEGACY_MPKSL4C588643\0000
    Manufacturer:
    Name: MpKsl4c588643
    PNP Device ID: ROOT\LEGACY_MPKSL4C588643\0000
    Service: MpKsl4c588643
    .
    ==== System Restore Points ===================
    .
    RP498: 11/8/2011 8:36:53 PM - Windows Update
    RP499: 11/12/2011 1:47:19 PM - Windows Update
    RP500: 11/18/2011 3:54:13 PM - Windows Update
    RP501: 11/27/2011 7:33:22 PM - Windows Update
    RP502: 12/3/2011 2:49:00 PM - Windows Update
    RP503: 12/7/2011 9:07:59 AM - Windows Update
    RP504: 12/10/2011 6:27:07 PM - Windows Update
    RP505: 12/14/2011 4:07:31 PM - Windows Update
    RP506: 12/15/2011 3:45:19 PM - Windows Update
    RP507: 12/15/2011 10:01:10 PM - Removed AVG 2012
    RP508: 12/15/2011 10:02:44 PM - Removed AVG 2012
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.4.6
    Adobe Shockwave Player
    Advanced Audio FX Engine
    Advanced Video FX Engine
    Advertising Center
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft PhotoImpression 6
    ArcSoft Print Creations
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    Avery Wizard 3.1
    AVG 2012
    Axara AudioConverter 3.0.3
    Banctec Service Agreement
    Bonjour
    Browser Address Error Redirector
    Business Contact Manager for Outlook 2007 SP2
    Compatibility Pack for the 2007 Office system
    Computrace
    Conexant HDA D330 MDC V.92 Modem
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell DataSafe Online
    Dell Driver Download Manager
    Dell Getting Started Guide
    Dell Support Center (Support Software)
    Dell Touchpad
    Dell Webcam Center
    Dell Webcam Manager
    Dell Wireless WLAN Card
    Digital Line Detect
    EarthLink Setup Files
    EPSON Artisan 810 Series Printer Uninstall
    EPSON CX7400 User's Guide
    Epson Event Manager
    Epson FAX Utility
    Epson PC-FAX Driver
    Epson Print CD
    EPSON Printer Software
    EPSON Scan
    EPSON Stylus CX7400 Series Scanner Driver Update
    EpsonNet Print
    EpsonNet Setup
    GDR 4060 for SQL Server Database Services 2005 ENU (KB2494113)
    Google Update Helper
    iCloud
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Matrix Storage Manager
    Intel(R) TV Wizard
    iTunes
    Java(TM) 6 Update 15
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6
    Laptop Integrated Webcam Driver (1.04.01.1011)
    Live! Cam Avatar Creator
    Live! Cam Avatar v1.0
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MediaDirect
    Microsoft .NET Framework 4 Client Profile
    Microsoft Antimalware
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access database engine 2007 (English)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Accounting 2007
    Microsoft Office Accounting ADP Payroll Addin
    Microsoft Office Accounting Equifax Addin
    Microsoft Office Accounting Fixed Asset Manager
    Microsoft Office Accounting PayPal Addin
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable Package
    Microsoft Works
    Modem Diagnostic Tool
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music, Photos & Videos Launcher
    Nero ControlCenter
    Nero Installer
    Nero MediaHome 4
    Nero MediaHome 4 Essentials
    Nero MediaHome 4 Help
    Nero Online Upgrade
    NetWaiting
    Octoshape add-in for Adobe Flash Player
    OGA Notifier 2.0.0048.0
    ORCA
    OutlookAddinSetup
    Presto! PageManager 8.15.01 SE
    QuickSet
    QuickTime
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    System Requirements Lab for Intel
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    User's Guides
    WebXtender Client
    WIDCOMM Bluetooth Software 6.0.1.3100
    Windows Live ID Sign-in Assistant
    Windows Live installer
    Windows Live Mail
    Windows Media Encoder 9 Series
    Xtranormal State
    Xtranormal State - Showpak-Playgoz-Preview
    Xtranormal State - Showpak-PlaygozHistory
    Xtranormal State - SoundPack-Starter Kit
    Xtranormal State - Voicepack-English-Australian-Karen
    Xtranormal State - Voicepack-English-Australian-Lee
    Xtranormal State - Voicepack-English-Indian-Sangeeta
    Xtranormal State - Voicepack-English-UK-Daniel
    Xtranormal State - Voicepack-English-UK-Serena
    Xtranormal State - Voicepack-English-US-Samantha
    Xtranormal State - Voicepack-English-US-Tom
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/15/2011 10:05:51 PM, Error: Service Control Manager [7024] - The SQL Server (MSSMLBIZ) service terminated with service-specific error You will be automatically disconnected at SQL Server (MSSMLBIZ)..
    12/15/2011 10:05:24 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
    .
    ==== End Of File ===========================
     
  4. russellme

    russellme TS Rookie Topic Starter

    additionally, prior to running the GNER scan, I tried to access Windows Defender to temporarily disable it it informs me that "this program is turned off". when i click the link to turn it on i get the following error:

    "The specified service does not exist as an installed service. (Error Code: 0x80070424)"

    when i try to access AVG i get the same error as indicated in my original post: "C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_n one_4bf7e3e2bf9ada4c\mfc90u.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."
     
  5. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    You're running two AV programs, AVG and MSE.
    One of them has to go.
    If AVG make sure to use AVG Remover to uninstall it: http://www.avg.com/us-en/utilities

    NOTE. MSE will disable Windows Defender by default.
    Windows Defender is useless anyway.

    So far I don't see much.

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  6. russellme

    russellme TS Rookie Topic Starter

    i used the AVG remover to uninstall AVG, i am no longer getting an error when the computer starts or restarts. however, the Remote Desktop still gets the same set of errors.

    before i ran ComboFix, i turned off MSE, Spybot and Firewall as instructed. however, when ComboFix ran it notified me that MSE and AVG 2011 programs were still active. i double checked that MSE, SpyBot and firewall were all off and ran ComobFix.

    i already deleted AVG so i'm not even sure why that would be included in the list...

    also... as i had mentioned, my computer is randomly freezing and not working. when this happens, i have to manually restart via the power button. this happened today (before I ran ComboFix/aswMBR) and Windows would NOT boot... repair startup, safe mode, regular mode... nothing would work.

    i had to go into my BIOS settings, switch off the flash module and switch the SATA drive (from ahci) then my computer booted normally.


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-16 17:36:29
    -----------------------------
    17:36:29.122 OS Version: Windows 6.1.7601 Service Pack 1
    17:36:29.122 Number of processors: 2 586 0xF0D
    17:36:29.122 ComputerName: RussellJohnson UserName: Russell
    17:36:52.772 Initialize success
    17:37:26.333 AVAST engine defs: 11121603
    17:37:37.674 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
    17:37:37.674 Disk 0 Vendor: ST9160821AS 3.CDE Size: 152627MB BusType: 3
    17:37:39.733 Disk 0 MBR read successfully
    17:37:39.733 Disk 0 MBR scan
    17:37:39.811 Disk 0 Windows 7 default MBR code
    17:37:39.827 Disk 0 scanning sectors +312578048
    17:37:40.123 Disk 0 scanning C:\Windows\system32\drivers
    17:38:14.652 Service scanning
    17:38:19.970 Service MpKslf08075ef c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B8988E67-B22B-45B9-92B6-A43CD6DACA2D}\MpKslf08075ef.sys **LOCKED** 32
    17:38:19.970 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    17:38:20.656 Modules scanning
    17:39:08.764 Disk 0 trace - called modules:
    17:39:08.827 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys
    17:39:09.342 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86170a88]
    17:39:09.342 3 CLASSPNP.SYS[8b79359e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85d0b908]
    17:39:10.605 AVAST engine scan C:\Windows
    17:39:21.182 AVAST engine scan C:\Windows\system32
    17:46:01.405 AVAST engine scan C:\Windows\system32\drivers
    17:46:20.062 AVAST engine scan C:\Users\Russell
    18:06:47.386 AVAST engine scan C:\ProgramData
    18:09:20.393 Scan finished successfully
    18:10:10.735 Disk 0 MBR has been saved successfully to "C:\Users\Russell\Desktop\MBR.dat"
    18:10:10.829 The log file has been saved successfully to "C:\Users\Russell\Desktop\aswMBR.txt"


    ComboFix 11-12-16.03 - Russell 12/16/2011 18:27:15.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3062.2071 [GMT -8:00]
    Running from: c:\users\Russell\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Russell\AppData\Roaming\Adobe\plugs
    c:\users\Russell\AppData\Roaming\Adobe\shed
    c:\users\Russell\g2mdlhlpx.exe
    c:\windows\Fonts\kaiu.ttf
    c:\windows\security\Database\tmp.edb
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-17 to 2011-12-17 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-17 02:36 . 2011-12-17 02:37 -------- d-----w- c:\users\Russell\AppData\Local\temp
    2011-12-17 02:36 . 2011-12-17 02:36 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp
    2011-12-17 02:36 . 2011-12-17 02:36 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-12-17 01:41 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18B52B98-7C9E-4FD8-B351-EFBFD1326195}\mpengine.dll
    2011-12-17 01:23 . 2011-12-17 01:23 -------- d-----w- C:\Temp
    2011-12-16 00:19 . 2011-12-16 00:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-16 00:19 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-15 23:44 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
    2011-12-15 23:44 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-15 23:44 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-15 23:44 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-15 23:44 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-12-15 23:44 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-21 10:47 . 2009-10-01 17:26 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-11 18:33 . 2011-05-18 20:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 23:30 . 2011-10-10 23:31 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AAE2138B-CE2D-4870-82CA-0C6DDBA702A8}\gapaengine.dll
    2011-09-29 16:03 . 2011-11-09 02:08 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-10-06 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
    "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-02-06 843776]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2008-05-24 26448]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFU3SEctWUxVVlUtRVMyRUctUUY3WEMtVkxDOVctUTRMWkc&inst=NzctNzcyNzE1MzU3LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1YTzM2KzEtRjlNN0MrNS1GOU0xMEIrMi1GOU0yKzEtRkwxMCsxLVhPMTArMTEtRERUKzI1MzkzLUxTRCsyLUREMTBGKzEtU1QxMEZBUFArMS1MMTBNKzItRjEwTTEyQVQrMjItRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtU1QxMkZPSSsxLUYxME0xMkFVKzEtRVVMQSsxLVNUMTJGQVBQKzEtU1RGMTBNMTJBVUYrMQ&prod=90&ver=2012.0.1831&mid=752e18dbf417614deda778e1aa88715d-a200422ab4a64a09daa5c196635c37e9004e1359" [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
    backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
    backupExtension=.CommonStartup
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
    backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup
    backupExtension=.CommonStartup
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
    backupExtension=.CommonStartup
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
    backup=c:\windows\pss\QuickSet.lnk.CommonStartup
    backupExtension=.CommonStartup
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
    .
    [HKLM\~\startupfolder\C:^Users^Russell^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\users\Russell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    2007-10-25 20:31 167936 ----a-w- c:\program files\DellTPad\Apoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    2010-10-28 03:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Artisan 810(Network)]
    2009-02-23 05:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFRA.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2009-07-14 01:14 8704 ----a-w- c:\windows\System32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
    2007-07-27 22:43 118784 ----a-w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
    2009-05-21 17:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    2007-10-10 00:57 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2010-11-20 12:17 144384 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX7400 Series]
    2007-02-15 13:00 179200 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICDA.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2008-10-24 16:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
    2011-09-01 01:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome 4]
    2009-06-23 22:59 4891944 ----a-w- c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
    2007-05-10 00:01 36864 ----a-w- c:\windows\OEM02Mon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2007-12-21 17:58 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMSpeed]
    2008-12-09 16:32 55120 ----a-w- c:\program files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 22:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Russell Printer]
    2007-02-15 13:00 179200 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICDA.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    2007-11-12 11:07 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-07-25 12:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2009-07-14 01:14 660480 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    R1 MpKsl0555a6b1;MpKsl0555a6b1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8988E67-B22B-45B9-92B6-A43CD6DACA2D}\MpKsl0555a6b1.sys [x]
    R1 MpKsl065b8706;MpKsl065b8706;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{282F6D0F-3B47-400C-989F-C0899D5CE5B6}\MpKsl065b8706.sys [x]
    R1 MpKsl07565968;MpKsl07565968;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A79FA86B-E371-4956-9B88-8510517A5526}\MpKsl07565968.sys [x]
    R1 MpKsl1ea3c712;MpKsl1ea3c712;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D34F0C6-9987-4921-ABEE-360F4A7E687A}\MpKsl1ea3c712.sys [x]
    R1 MpKsl3e9e84b7;MpKsl3e9e84b7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C63CC5E9-42A9-4692-BF4A-6496CDCA4B83}\MpKsl3e9e84b7.sys [x]
    R1 MpKsl4c588643;MpKsl4c588643;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12B31F73-E3C3-4987-B9E6-62D24B2E89D2}\MpKsl4c588643.sys [x]
    R1 MpKsl5716b05a;MpKsl5716b05a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D890EFE-DC52-4533-8DA3-EC6C2B54936C}\MpKsl5716b05a.sys [x]
    R1 MpKsl6048ebf7;MpKsl6048ebf7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8988E67-B22B-45B9-92B6-A43CD6DACA2D}\MpKsl6048ebf7.sys [x]
    R1 MpKsla334a226;MpKsla334a226;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ED2E8C4D-E827-458A-93DC-EACA2C9894A6}\MpKsla334a226.sys [x]
    R1 MpKslc5a7edfe;MpKslc5a7edfe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89E72CA8-DB91-4E97-A2C9-C3FC92FC0892}\MpKslc5a7edfe.sys [x]
    R1 MpKsle96e3d17;MpKsle96e3d17;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D1BBD6D9-DC9C-4FC9-8FFC-0775ED9197E5}\MpKsle96e3d17.sys [x]
    R1 MpKslf1275534;MpKslf1275534;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{401F0C48-4EA9-4B72-BEEE-96E7691DF396}\MpKslf1275534.sys [x]
    R1 MpKslfaad9973;MpKslfaad9973;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D890EFE-DC52-4533-8DA3-EC6C2B54936C}\MpKslfaad9973.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-12-15 111104]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
    .
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = http=127.0.0.1:52182
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    MSConfigStartUp-Boingo Wi-Fi - c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk
    MSConfigStartUp-conhost - c:\users\Russell\AppData\Roaming\Microsoft\conhost.exe
    MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-12-16 18:39:07
    ComboFix-quarantined-files.txt 2011-12-17 02:39
    .
    Pre-Run: 94,619,127,808 bytes free
    Post-Run: 94,811,226,112 bytes free
    .
    - - End Of File - - 9B34B51268D9DD099653E87DEA37C461
     
  7. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    I don't see anything malicious in your logs.
    I suggest you repost in Windows forum.
     
  8. russellme

    russellme TS Rookie Topic Starter

    ok, will do. thanks for your help-
     
  9. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    :)....................
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...