Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus, Maybe Seneka/Senecca - Search Engine Redirect


  • This topic is locked This topic is locked
15 replies to this topic

#1 phidelt649

phidelt649

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 09 February 2009 - 08:38 AM

I'm at wit's end with this virus. I've run ATF Cleaner, SuperAntiSpyware, Malwarebytes, Avenger, Combofix, etc and nothing seems to kill it. Currently, nothing is detecting it now but any search engine I use redirects me to random webages.

I've attached a GMER, GooredFix, HijackThis and MBAM log to this post. Please help. This is a work computer and not being able to search is an incredible pain in the butt. I also have a Combofix log, but I removed it from this post. I can repost if necessary.

Attached Files


Edited by phidelt649, 09 February 2009 - 08:50 AM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:03:29 AM

Posted 21 February 2009 - 08:56 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 phidelt649

phidelt649
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 23 February 2009 - 11:40 AM

Thank you for getting back to me. I really do appreciate it!! I know you guys are ridiculously busy.

DDS Log:


DDS (Ver_09-02-01.01) - NTFSx86
Run by PM Chad at 11:40:18.82 on Mon 02/23/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2454 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PM Chad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pmchad~1\applic~1\mozilla\firefox\profiles\3gukdl5l.default\

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]

=============== Created Last 30 ================

2009-02-16 13:24 <DIR> --d-h--- c:\windows\PIF
2009-02-13 15:53 <DIR> --d----- c:\docume~1\pmchad~1\applic~1\InfraRecorder
2009-02-13 15:53 <DIR> --d----- c:\program files\InfraRecorder
2009-02-13 15:51 <DIR> --d----- c:\windows\system32\hdined32.nls.{00021401-0000-0000-C000-000000000046}
2009-02-13 15:51 <DIR> --d----- c:\program files\burnatonce
2009-02-13 15:48 <DIR> --d----- C:\e4c79ba79a3154d6aa5ec24d5e
2009-02-10 13:20 <DIR> --d----- c:\docume~1\pmchad~1\applic~1\Free Sound Recorder
2009-02-10 13:20 1,986,560 a------- c:\windows\system32\NCTAudioFile2.dll
2009-02-10 13:20 1,212,416 a------- c:\windows\system32\NCTAudioInformation2.dll
2009-02-10 13:20 880,640 a------- c:\windows\system32\NCTAudioEditor2.dll
2009-02-10 13:20 835,584 a------- c:\windows\system32\NCTAudioCDGrabber2.dll
2009-02-10 13:20 602,112 a------- c:\windows\system32\NCTAudioTransform2.dll
2009-02-10 13:20 479,232 a------- c:\windows\system32\NCTAudioVisualization2.dll
2009-02-10 13:20 458,752 a------- c:\windows\system32\NCTAudioRecord2.dll
2009-02-10 13:20 458,752 a------- c:\windows\system32\NCTAudioPlayer2.dll
2009-02-10 13:20 417,792 a------- c:\windows\system32\NCTTextToAudio2.dll
2009-02-10 13:20 348,160 a------- c:\windows\system32\NCTWMAFile2.dll
2009-02-10 13:20 113,486 a------- c:\windows\system32\NCTWMAProfiles.prx
2009-02-09 08:14 <DIR> --d----- C:\ComboFix
2009-02-09 08:02 250 a------- c:\windows\gmer.ini
2009-02-06 14:32 <DIR> --d----- c:\windows\pss
2009-02-06 14:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-02-06 14:28 <DIR> --d----- c:\program files\common files\iS3
2009-02-06 14:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-02-06 13:46 <DIR> a-dshr-- C:\cmdcons
2009-02-06 13:45 161,792 a------- c:\windows\SWREG.exe
2009-02-06 13:45 98,816 a------- c:\windows\sed.exe
2009-02-06 12:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-06 12:51 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-06 12:51 <DIR> --d----- c:\docume~1\pmchad~1\applic~1\SUPERAntiSpyware.com
2009-02-06 12:51 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-02-06 12:39 <DIR> --d----- c:\program files\Trend Micro
2009-02-06 12:18 <DIR> --d----- c:\docume~1\pmchad~1\applic~1\Malwarebytes
2009-02-06 12:18 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-06 12:18 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-06 12:18 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-06 12:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-06 12:11 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-02-06 12:11 <DIR> --d----- c:\documents and settings\pm chad\.housecall6.6
2009-02-06 12:10 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-06 12:10 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-06 09:00 2,204 a------- c:\windows\yekeunnb
2009-01-26 08:19 <DIR> --d----- c:\program files\BitLord

==================== Find3M ====================

2009-01-21 16:45 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-21 09:31 3,981 a------- c:\program files\uninstal.log
2009-01-20 16:13 124,796 a------- c:\windows\HPHins12.dat
2009-01-20 16:01 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-01-20 16:01 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-01-20 16:01 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-20 15:47 16,376 a------- c:\windows\gdrv.sys
2009-01-20 15:46 315,392 a------- c:\windows\HideWin.exe
2009-01-20 14:48 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-04-03 18:17 221,303 a------- c:\program files\CDLabelCheck.dll

============= FINISH: 11:40:23.06 ===============

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 23 February 2009 - 04:41 PM

Hello.

I woud like to see the Combofix report. I surprised you still get redirects.. Is there any specfic site you get redirected to? Ad-related page? The website name?

Run this batch as well and a gmer scan.

Backup Registry with ERUNT

This tool will create a complete backup of your registry. A backup is created to ensure we have backup so encase anything goes wrong we can deal with it. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt


How to Restore from the ERUNT Backup
Only restore from the backups if instructed to, or you need to do so. You need it if after doing something, your computer will only boot in Safe Mode and you are unable to contact us (or anyone else) for help by other means, or if your computer will not boot into Windows at all.

To restore if you can boot, navigate to C:\WINDOWS\erdnt, choose the folder with the most recent date, and double click ERDNT.EXE. Check all boxes in the restoration options.

To restore from the Recovery Console using the Windows CD:
  • Turn on your machine with the disk in the drive.
  • Type in the number of the Windows installation you want to repair (usually 1), then press Enter.
  • Type in the Administrator password (leave blank if you are unsure what it is or if you do not have one) and press Enter.
  • Type without quotes "cd erdnt" followed by Enter.
  • Type without quotes "dir" followed by Enter. This will list out the available folders, whose names are the date on which the backup was taken in (M)M-DD-YYYY format. Try the most recent dates first.
  • Type without quotes "cd **name of the folder**" followed by Enter.
  • Type without quotes "batch erdnt.con" followed by Enter.
  • Type without quotes "exit" followed by Enter.
  • Remove your CD from the drive and reboot your computer into the restored registry. If you still cannot boot, try again with an earlier restore date.

Create and Run batch script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "quote".

    @Echo off

    If exist "C:\looking.txt" Del /q /s "C:\looking.txt"
    reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\drivers32" >> C:\looking.txt
    Notepad C:\looking.txt

    Exit

    Del %0

  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input peek.bat.
  • Hit OK.
When done properly, the icon should look like Posted Image for the .bat file.

Double click on peek.bat, and Black DOS window shall appear and then notepad will soon open. This is normal please do not panic. Once it's complete copy and paste the contents of notepad in your next reply.

Note: If you closed notepad accidentally, it can also be found at C:\looking.txt

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
  • After the reboot, run Gmer again and click on the Rootkit tab.[list]
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
If GMER doesn't work in Normal Mode try running it in Safe Mode

Important!:Please do not select the Show all checkbox during the scan..

Post back with:
-Combofix report
-Looking log
-GMER log
-New DDS logs


With Regards,
Extremeboy

Edited by extremeboy, 23 February 2009 - 04:44 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 phidelt649

phidelt649
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 25 February 2009 - 09:50 AM

I followed your instructions regarding the GMER program and it replied with "No New System Modifications Found".

ComboFix likewise found nothing.

Every 3rd or 4th link I click on google gets rerouted through clickfraudmanager.com and a couple others. For instance, one result sent me to clorox.com.

Thank you very much for your assistance!!! Besides the Google thing, the rest of my system is running fine except my Adobe Illustrator refuses to close down properly. It just freezes up when I try to close it.

Attached Files



#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 25 February 2009 - 03:51 PM

Hello. :thumbup2:

Every 3rd or 4th link I click on google gets rerouted through clickfraudmanager.com and a couple others. For instance, one result sent me to clorox.com.

That was what I wanted to know. :)

Please run with this tool.

Run GooredFix using Option2 (Removal)

Please download GooredFix and save it to your Desktop.
Alternative Download Mirror #2

Please make sure all instances of Firefox are closed at this point before proceeding.
  • Please double-click Goored.exe on your Desktop to run it.
  • A window will appear, please Select 2. (Fix Goored) by typing 2 and pressing Enter.
  • Type Y at the prompt and press Enter. The removal process will begin
  • A log will open with the file after completion, please post the contents of that log in your next reply
*Note: The log can also be found on your desktop (Goored.txt)

Create and Run batch script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "quote".

    @Echo off

    If Exist "C:\deletelog.txt" del "C:\deletelog.txt"
    For %%a in (
    C:\Windows\system32\wdmaud.sys
    C:\WINDOWS\system32\sysaudio.sys
    ) Do (
    del /q /s /f /a %%a >nul 2>&1
    if exist %%a echo.%%~a>>"C:\deletelog.txt"
    )
    if exist "C:\deletelog.txt" ( start notepad "C:\deletelog.txt"
    ) else echo.Deleted!
    Pause

    Exit

    Del %0

  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input removal.bat.
  • Hit OK.
When done properly, the icon should look like Posted Image for the .bat file.

Double click on removal.bat, and Black DOS window shall appear and then you will see some message in that Black DOS window, please write that message down. Then after you have written the message down you will see a message saying "Press Any Key to Continue..." Please press any key to exit that Black DOS window. This is normal please do not panic. Reply back with the the message in that window in your next reply please.

Post back with:
-The Message in the Black DOS window
-Goored Fix log
-A new pair of DDS logs


How is your computer now? Is there still redirects?

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 phidelt649

phidelt649
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 26 February 2009 - 08:19 AM

Okay, I did everything you said and then went back to Google. After about 4 links clicked, it started rerouting me to websites such as hellolocal.com, elle.com, and womansday.com. I was searching "Saving Private Ryan" as my string. Some of the results work (such as imdb.com and amazon.com) but many others didn't.

The Black DOS window after I ran "removal.bat" popped up with "Deleted....Press any key to continue."


DDS (Ver_09-02-01.01) - NTFSx86
Run by PM Chad at 8:17:35.78 on Thu 02/26/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2628 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe
C:\Documents and Settings\PM Chad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pmchad~1\applic~1\mozilla\firefox\profiles\3gukdl5l.default\

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]

=============== Created Last 30 ================

2009-02-16 13:24 <DIR> --d-h--- c:\windows\PIF
2009-02-13 15:53 <DIR> --d----- c:\docume~1\pmchad~1\applic~1\InfraRecorder
2009-02-13 15:53 <DIR> --d----- c:\program files\InfraRecorder
2009-02-13 15:51 <DIR> --d----- c:\windows\system32\hdined32.nls.{00021401-0000-0000-C000-000000000046}
2009-02-13 15:51 <DIR> --d----- c:\program files\burnatonce
2009-02-10 13:20 <DIR> --d----- c:\docume~1\pmchad~1\applic~1\Free Sound Recorder
2009-02-10 13:20 1,986,560 a------- c:\windows\system32\NCTAudioFile2.dll
2009-02-10 13:20 1,212,416 a------- c:\windows\system32\NCTAudioInformation2.dll
2009-02-10 13:20 880,640 a------- c:\windows\system32\NCTAudioEditor2.dll
2009-02-10 13:20 835,584 a------- c:\windows\system32\NCTAudioCDGrabber2.dll
2009-02-10 13:20 602,112 a------- c:\windows\system32\NCTAudioTransform2.dll
2009-02-10 13:20 479,232 a------- c:\windows\system32\NCTAudioVisualization2.dll
2009-02-10 13:20 458,752 a------- c:\windows\system32\NCTAudioRecord2.dll
2009-02-10 13:20 458,752 a------- c:\windows\system32\NCTAudioPlayer2.dll
2009-02-10 13:20 417,792 a------- c:\windows\system32\NCTTextToAudio2.dll
2009-02-10 13:20 348,160 a------- c:\windows\system32\NCTWMAFile2.dll
2009-02-10 13:20 113,486 a------- c:\windows\system32\NCTWMAProfiles.prx
2009-02-09 08:02 345 a------- c:\windows\gmer.ini
2009-02-06 14:32 <DIR> --d----- c:\windows\pss
2009-02-06 14:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-02-06 14:28 <DIR> --d----- c:\program files\common files\iS3
2009-02-06 14:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-02-06 13:46 <DIR> a-dshr-- C:\cmdcons
2009-02-06 12:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-02-06 12:51 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-02-06 12:51 <DIR> --d----- c:\docume~1\pmchad~1\applic~1\SUPERAntiSpyware.com
2009-02-06 12:51 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-02-06 12:39 <DIR> --d----- c:\program files\Trend Micro
2009-02-06 12:18 <DIR> --d----- c:\docume~1\pmchad~1\applic~1\Malwarebytes
2009-02-06 12:18 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-06 12:18 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-06 12:18 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-06 12:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-06 12:11 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-02-06 12:11 <DIR> --d----- c:\documents and settings\pm chad\.housecall6.6
2009-02-06 12:10 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-06 12:10 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-06 09:00 2,204 a------- c:\windows\yekeunnb

==================== Find3M ====================

2009-01-21 16:45 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-21 09:31 3,981 a------- c:\program files\uninstal.log
2009-01-20 16:13 124,796 a------- c:\windows\HPHins12.dat
2009-01-20 16:01 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-01-20 16:01 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-01-20 16:01 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-20 15:47 16,376 a------- c:\windows\gdrv.sys
2009-01-20 15:46 315,392 a------- c:\windows\HideWin.exe
2009-01-20 14:48 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-04-03 18:17 221,303 a------- c:\program files\CDLabelCheck.dll

============= FINISH: 8:17:42.09 ===============

Attached Files



#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 26 February 2009 - 03:51 PM

Hello.

Those look fine. Please remove this manually: c:\windows\yekeunnb<- This one

Reboot Your Computer Now and see if that file is indeed gone.

Please run an online scan next.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Post back with:
-Kaspersky log
-New DDS logs
-How's everything going? Any problems still?


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 phidelt649

phidelt649
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 27 February 2009 - 01:54 PM

Kaspersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, February 27, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, February 27, 2009 17:50:00
Records in database: 1853117
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\
K:\

Scan statistics:
Files scanned: 158217
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:01:37

No malware has been detected. The scan area is clean.

The selected area was scanned.


Updated DDS:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/20/2009 2:53:08 PM
System Uptime: 2/27/2009 12:24:43 PM (1 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | P35-DS3L
Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 2666/333mhz
Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 2666/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 453.434 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable
K: is FIXED (NTFS) - 466 GiB total, 352.711 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 2/27/2009 1:21:12 PM - System Checkpoint

==== Installed Programs ======================

Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Mobile Device Support
Apple Software Update
BitLord 1.1
Bonjour
BufferChm
burnatonce
Canon ScanGear Starter
CDDRV_Installer
D5100
D5100_Help
DeviceManagementQFolder
ERUNT 1.1j
EVGA Display Driver
FontLab Studio 5
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
hph_ProductContext
hph_readme
hph_software
hph_software_req
HPPhotoSmartExpress
InfraRecorder
InstantShareDevicesMFC
iTunes
Java™ 6 Update 11
KhalInstallWrapper
Logitech Registration
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Mimaki FineCut7 for Illustrator
Mozilla Firefox (3.0.6)
PanoStandAlone
PDF Settings
Pen Tablet
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Software Update for Web Folders
Status
SUPERAntiSpyware Professional
Toolbox
TrayApp
Unload
VLC media player 0.9.8a
WebReg
WinRAR archiver

==== Event Viewer Messages From Past Week ========

2/27/2009 12:25:15 PM, error: SRService [104] - The System Restore initialization process failed.
2/27/2009 12:25:21 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
2/26/2009 8:17:20 AM, information: Windows File Protection [64004] - The protected system file wdmaud.sys could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0x000006b5 [The interface is unknown. ].
2/26/2009 8:17:20 AM, information: Windows File Protection [64004] - The protected system file sysaudio.sys could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0x000006b5 [The interface is unknown. ].

==== End Of File ===========================


I made it through 3 whole pages of Google results before it started rerouting me again. I have no idea why it is doing this.

Attached Files


Edited by phidelt649, 27 February 2009 - 01:58 PM.


#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 27 February 2009 - 04:10 PM

Hello.

The logs are now clean it seems. Perhaps it's only some pages you get redirect not all.

You may wish to reset your rotuor and also might want to use OpenDNS and see if that changes anything: https://www.opendns.com/start/device/windows-xp

Also, some windows file were modified so you might want to run SFC /Scannow if you have your OS disk still. Let me know if you have any problems before we wrap everything up. http://www.bleepingcomputer.com/forums/t/43051/how-to-use-sfcexe-to-repair-system-files/

Also, the DDS.txt is what I needed to see not the Attach.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 01 March 2009 - 09:43 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 01 March 2009 - 09:43 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 01 March 2009 - 09:43 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 01 March 2009 - 09:43 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 01 March 2009 - 09:44 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users