Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect.....I have been fighting this for 3 days


  • This topic is locked This topic is locked
2 replies to this topic

#1 ICC_Guru

ICC_Guru

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 22 April 2010 - 01:37 AM

First time poster.
Computer technition
This malware / spyware has been a thorn in my side.

Its on my home personal windows XP computer.
I have Avira (free version), MalwareBytes, PC Tool SpywareDoctor and have run all three multiple times. They continually find and remove temp files here, exe files there....random names in random locations.
I also ran the Microsoft Malicious Software Removal Tool.

I believe its the google redirect that came out on April 9th. I have 5 customers that also got the same thing. It started with the BLUE shield (fake) icon in the sys tray and then came the various fake antiviurs pop ups trying to sell me bogus software.

Below is my DDS.txt and attached is my attatch.zip file.
I tried to run a gmer log, but my computer restarts automatically within 2 minutes of starting it (tried three times)....perhaps a safe mode run of gmer?

I have combofix downloaded and ready to run, but with the warnings on the website, im afraid to run it until prompted by a pro. I look forward to my next steps! Thanks in advanced!!!
Scott Burnett
PS. My system drive is "i", not "C"...C is my data drive. I know this is not common....long story. Thanks for understanding!

____________
DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 22:33:54.58 on Wed 04/21/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - i:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - i:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: i:\program files\skype\toolbars\internet explorer\skypeieplugin.dll: {724d43a9-0d85-11d4-9908-00400523e39a} - i:\program files\siber systems\ai roboform\roboform.dll: Skype add-on (mastermind)
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - i:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - i:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - i:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - i:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - i:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - i:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - i:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - i:\program files\siber systems\ai roboform\roboform.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - i:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [OpenDNS Updater] "i:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [ctfmon.exe] i:\windows\system32\ctfmon.exe
mRun: [LogMeIn GUI] "i:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [hpqSRMon] i:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [OpenDNS Update] "i:\program files\opendns updater\OpenDNS Updater.exe"
mRun: [Carbonite Backup] i:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [IAAnotif] "i:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ISTray] "i:\program files\spyware doctor\pctsTray.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE i:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE i:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ATICCC] "i:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [avgnt] "i:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [RoboForm] "i:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
StartupFolder: i:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - i:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Add to Google Photos Screensa&ver - i:\windows\system32\GPhotos.scr/200
IE: Clear Fields - file://i:\program files\siber systems\ai roboform\RoboFormComClearFields.html
IE: Convert link target to Adobe PDF - i:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - i:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - i:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - i:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - i:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - i:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - i:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - i:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - i:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://i:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Identities Editor - file://i:\program files\siber systems\ai roboform\RoboFormComEditIdent.html
IE: Logoff - file://i:\program files\siber systems\ai roboform\RoboFormComLogoff.html
IE: Passcards Editor - file://i:\program files\siber systems\ai roboform\RoboFormComEditPass.html
IE: RoboForm Toolbar - file://i:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Safenotes Editor - file://i:\program files\siber systems\ai roboform\RoboFormComEditNote.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - i:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - i:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F54} - i:\program files\siber systems\ai roboform\RoboFormComClearFields.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F55} - i:\program files\siber systems\ai roboform\RoboFormComLogoff.html
IE: {45DB34C3-955C-11D3-ABEF-444553540000} - i:\program files\siber systems\ai roboform\RoboFormComEditIdent.html
IE: {45DB34C3-955C-11D3-ABEF-444553540001} - i:\program files\siber systems\ai roboform\RoboFormComEditPass.html
IE: {45DB34C3-955C-11D3-ABEF-444553540002} - i:\program files\siber systems\ai roboform\RoboFormComEditNote.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - i:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - i:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - i:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - i:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - i:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://70.168.97.74:7777/kxhcm10.ocx
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab
DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} - hxxps://secure.logmein.com/activex/RACtrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192397177140
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192426514718
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {24EBD52E-14CC-4119-95B1-E134D3C4E491} = 208.67.222.222,208.67.220.220
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - i:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - i:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - i:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: i:\progra~1\google\google~4\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - i:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - i:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - i:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "i:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - i:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\r2ynmksv.default\
FF - component: i:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: i:\documents and settings\administrator\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: i:\documents and settings\administrator\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: i:\documents and settings\administrator\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: i:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: i:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: i:\program files\google\picasa3\npPicasa3.dll
FF - plugin: i:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: i:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: i:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: i:\program files\microsoft\office live\npOLW.dll
FF - plugin: i:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - i:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-04-21 04:56:19 0 d-----w- i:\docume~1\admini~1\applic~1\Avira
2010-04-21 04:39:29 60936 ----a-w- i:\windows\system32\drivers\avgntflt.sys
2010-04-21 04:39:29 0 d-----w- i:\program files\Avira
2010-04-21 04:39:29 0 d-----w- i:\docume~1\alluse~1\applic~1\Avira
2010-04-21 04:38:44 0 d-----w- I:\61f7c0dc99a06def14b6
2010-04-19 00:37:39 882 ----a-w- i:\windows\RegSDImport.xml
2010-04-19 00:37:39 879 ----a-w- i:\windows\RegISSImport.xml
2010-04-19 00:37:39 165840 ----a-w- i:\windows\PCTBDRes.dll
2010-04-19 00:37:39 1652688 ----a-w- i:\windows\PCTBDCore.dll
2010-04-19 00:37:39 149456 ----a-w- i:\windows\SGDetectionTool.dll
2010-04-19 00:37:39 131 ----a-w- i:\windows\IDB.zip
2010-04-19 00:37:39 1152444 ----a-w- i:\windows\UDB.zip
2010-04-19 00:36:31 7387 ----a-w- i:\windows\system32\drivers\pctgntdi.cat
2010-04-19 00:36:31 233136 ----a-w- i:\windows\system32\drivers\pctgntdi.sys
2010-04-19 00:36:26 88040 ----a-w- i:\windows\system32\drivers\PCTAppEvent.sys
2010-04-19 00:36:26 7412 ----a-w- i:\windows\system32\drivers\PCTAppEvent.cat
2010-04-19 00:36:26 7383 ----a-w- i:\windows\system32\drivers\pctcore.cat
2010-04-19 00:36:26 217032 ----a-w- i:\windows\system32\drivers\PCTCore.sys
2010-04-19 00:36:22 7383 ----a-w- i:\windows\system32\drivers\pctplsg.cat
2010-04-19 00:36:22 70408 ----a-w- i:\windows\system32\drivers\pctplsg.sys
2010-04-19 00:36:16 0 d-----w- i:\program files\common files\PC Tools
2010-04-19 00:36:16 0 d-----w- i:\docume~1\alluse~1\applic~1\PC Tools
2010-04-19 00:36:16 0 d-----w- i:\docume~1\admini~1\applic~1\PC Tools
2010-04-19 00:26:59 0 d-----w- I:\1
2010-04-18 06:36:42 0 d-----w- i:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-04-18 06:36:37 0 d-----w- i:\program files\NVIDIA Corporation
2010-04-18 06:13:08 3558912 -c----w- i:\windows\system32\dllcache\moviemk.exe
2010-04-06 06:05:06 0 ---ha-w- i:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf
2010-04-06 06:04:56 0 ---ha-w- i:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-04-03 19:56:35 0 d-----w- i:\program files\iPod
2010-04-03 19:56:30 0 d-----w- i:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-03 19:50:53 0 d-----w- i:\program files\Bonjour

==================== Find3M ====================

2010-04-19 00:32:04 4456 ----a-w- i:\windows\system32\d3d9caps.dat
2010-03-30 07:46:30 38224 ----a-w- i:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45:52 20824 ----a-w- i:\windows\system32\drivers\mbam.sys
2010-03-22 18:38:00 3600384 ----a-w- i:\windows\system32\GPhotos.scr
2010-03-12 16:21:08 351888 ---ha-w- i:\windows\system32\mlfcache.dat
2010-03-10 06:15:52 420352 ----a-w- i:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- i:\windows\system32\wininet.dll
2010-02-24 17:16:06 181632 ------w- i:\windows\system32\MpSigStub.exe
2010-02-24 13:11:07 455680 ----a-w- i:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08:49 2146304 ----a-w- i:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- i:\windows\system32\ntkrnlpa.exe
2010-02-12 18:46:14 91424 ----a-w- i:\windows\system32\dnssd.dll
2010-02-12 18:46:14 107808 ----a-w- i:\windows\system32\dns-sd.exe
2010-02-12 04:33:11 100864 ----a-w- i:\windows\system32\6to4svc.dll
2010-02-06 20:39:01 77352 ----a-w- i:\windows\hpqins05.dat
2010-01-25 19:58:06 462848 ----a-w- i:\windows\system32\ractrlkeyhook.dll
2002-07-27 01:02:06 153088 ----a-w- i:\program files\UNWISE.EXE
2008-05-10 16:09:22 32768 --sha-w- i:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051020080511\index.dat

============= FINISH: 22:35:02.15 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:18 PM

Posted 27 April 2010 - 05:08 PM

Hello ICC_Guru smile.gif Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.


Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.



After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.






Sorry for the wait but we are fairly well swamped here at BC.


Please let me know if you are still needing assistance.







Thanks,



thewall





If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:18 PM

Posted 03 May 2010 - 07:16 PM

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact my by PM. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users