Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Personal Shield Pro


  • This topic is locked This topic is locked
13 replies to this topic

#1 Daniel89

Daniel89

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 23 July 2011 - 06:24 AM

Hello everyone my computer is infected by Personal Shield Pro since last week and download spybot-search & destroy it gone right after that but today it back again and I did try the guide to remove it which is here http://www.bleepingcomputer.com/virus-removal/personal-shield-pro and downloaded Malwarebytes Anti-Malware while scanning time elapsed 9 minutes 37 seconds it became not responding the last scanning before it became not responding is C:\\WINDOWS\system32\drivers\nvnetbus.sys. I really hope you guys could help me as even I did try to use combofix to make a log and combofix just stuck forever in completed stage 2 and never continue to run no matter how long you wait

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:47 PM

Posted 23 July 2011 - 11:18 AM

Welcome aboard Posted Image

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe


* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Then try running Malwarebytes right away.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Daniel89

Daniel89
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 23 July 2011 - 09:22 PM

Hello Broni

I can run the Rkill but sadly after I run Malwarebytes it became not responding after 14 minutes 58 seconds.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:47 PM

Posted 23 July 2011 - 10:10 PM

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Daniel89

Daniel89
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 23 July 2011 - 11:06 PM

Hello Broni

Here is the gmer log
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-24 12:04:20
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\00000074 WDC_WD800JD-00LSA0 rev.06.01D06
Running: w8mshyze.exe; Driver: C:\DOCUME~1\Daniel\LOCALS~1\Temp\kfkcykog.sys


---- System - GMER 1.0.15 ----

SSDT A9D691A4 ZwClose
SSDT A9D6915E ZwCreateKey
SSDT A9D691AE ZwCreateSection
SSDT A9D69154 ZwCreateThread
SSDT A9D69163 ZwDeleteKey
SSDT A9D6916D ZwDeleteValueKey
SSDT A9D6919F ZwDuplicateObject
SSDT spas.sys ZwEnumerateKey [0xF737ACA2]
SSDT spas.sys ZwEnumerateValueKey [0xF737B030]
SSDT A9D69172 ZwLoadKey
SSDT spas.sys ZwOpenKey [0xF735C0C0]
SSDT A9D69140 ZwOpenProcess
SSDT A9D69145 ZwOpenThread
SSDT spas.sys ZwQueryKey [0xF737B108]
SSDT spas.sys ZwQueryValueKey [0xF737AF88]
SSDT A9D6917C ZwReplaceKey
SSDT A9D69177 ZwRestoreKey
SSDT A9D691B3 ZwSetContextThread
SSDT A9D69168 ZwSetValueKey
SSDT A9D6914F ZwTerminateProcess

INT 0x62 ? 86F6CBF8
INT 0x63 ? 86E03BF8
INT 0x73 ? 86F6CBF8
INT 0x82 ? 86F6CBF8
INT 0x83 ? 86F6CBF8
INT 0xB4 ? 86E03BF8

---- Kernel code sections - GMER 1.0.15 ----

? spas.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F62B880C 5 Bytes JMP 86E031D8
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF5AD0000, 0x1B85E6, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3612] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F735D040] spas.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F735D13C] spas.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F735D0BE] spas.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F735D7FC] spas.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F735D6D2] spas.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F736D048] spas.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\winlogon.exe[684] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtLockProductActivationKeys] [0500073E] C:\WINDOWS\system32\antiwpa.dll
IAT C:\WINDOWS\system32\winlogon.exe[684] @ C:\WINDOWS\system32\winlogon.exe [USER32.dll!GetSystemMetrics] [05000756] C:\WINDOWS\system32\antiwpa.dll

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \FatCdrom 86ADC500
Device \Driver\Beep \Device\Beep 85D6B360
Device \Driver\usbohci \Device\USBPDO-0 86E041F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F6D1F8
Device \Driver\dmio \Device\DmControl\DmConfig 86F6D1F8
Device \Driver\dmio \Device\DmControl\DmPnP 86F6D1F8
Device \Driver\dmio \Device\DmControl\DmInfo 86F6D1F8
Device \Driver\usbehci \Device\USBPDO-1 86DFA500

AttachedDevice \Driver\Tcpip \Device\Tcp 85D6A070

Device \Driver\Ftdisk \Device\HarddiskVolume1 86FDB1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86FDB1F8
Device \Driver\Cdrom \Device\CdRom0 86D9D4D8
Device \Driver\nvata \Device\00000072 86F6C1F8
Device \Driver\nvata \Device\00000074 86F6C1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 85F611F8
Device \Driver\NetBT \Device\NetbiosSmb 85F611F8
Device \Driver\usbohci \Device\USBFDO-0 86E041F8
Device \Driver\usbehci \Device\USBFDO-1 86DFA500
Device \Driver\nvata \Device\NvAta0 86F6C1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85F4C1F8
Device \Driver\nvata \Device\NvAta1 86F6C1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85F4C1F8
Device \Driver\nvata \Device\NvAta2 86F6C1F8
Device \Driver\Ftdisk \Device\FtControl 86FDB1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C1B18373-8C39-4805-9EAB-4F2E8A01F1C3} 85F611F8
Device \FileSystem\Fastfat \Fat 86ADC500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 86AB64D8

---- Threads - GMER 1.0.15 ----

Thread System [4:896] 85D6DBA0
Thread System [4:900] 85D6A0E0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x96 0x9B 0x6E 0x92 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:47 PM

Posted 23 July 2011 - 11:08 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Daniel89

Daniel89
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 24 July 2011 - 03:30 AM

Multi Post

Edited by Daniel89, 24 July 2011 - 05:57 AM.


#8 Daniel89

Daniel89
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 24 July 2011 - 03:32 AM

Multi Post

Edited by Daniel89, 24 July 2011 - 05:57 AM.


#9 Daniel89

Daniel89
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 24 July 2011 - 05:56 AM

Hello Broni

Sorry to tell you that I had wasted time on waiting the TDSSKiller and it didn't run after it scanned 60 objects here is the uncompleted log just to give you any idea what is going on :mellow:

2011/07/24 14:49:18.0000 3100 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/24 14:49:19.0546 3100 ================================================================================
2011/07/24 14:49:19.0546 3100 SystemInfo:
2011/07/24 14:49:19.0546 3100
2011/07/24 14:49:19.0546 3100 OS Version: 5.1.2600 ServicePack: 2.0
2011/07/24 14:49:19.0546 3100 Product type: Workstation
2011/07/24 14:49:19.0546 3100 ComputerName: LIEW-AAE13A239F
2011/07/24 14:49:19.0546 3100 UserName: Daniel
2011/07/24 14:49:19.0546 3100 Windows directory: C:\WINDOWS
2011/07/24 14:49:19.0546 3100 System windows directory: C:\WINDOWS
2011/07/24 14:49:19.0546 3100 Processor architecture: Intel x86
2011/07/24 14:49:19.0546 3100 Number of processors: 1
2011/07/24 14:49:19.0546 3100 Page size: 0x1000
2011/07/24 14:49:19.0546 3100 Boot type: Normal boot
2011/07/24 14:49:19.0546 3100 ================================================================================
2011/07/24 14:49:20.0218 3100 Initialize success
2011/07/24 14:49:22.0656 3144 ================================================================================
2011/07/24 14:49:22.0656 3144 Scan started
2011/07/24 14:49:22.0656 3144 Mode: Manual;
2011/07/24 14:49:22.0656 3144 ================================================================================
2011/07/24 14:49:22.0875 3144 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/24 14:49:22.0937 3144 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/24 14:49:23.0015 3144 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/07/24 14:49:23.0062 3144 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/07/24 14:49:23.0265 3144 ALCXWDM (2c6322e8ff56f624033e7642c49044f3) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/07/24 14:49:23.0453 3144 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/07/24 14:49:23.0531 3144 apf001 (7b4beb577c5d0171f9b66f390ec29284) C:\WINDOWS\system32\apf001.sys
2011/07/24 14:49:23.0656 3144 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/24 14:49:23.0687 3144 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/24 14:49:23.0859 3144 ati2mtag (1db0e5f78a67307f9c68d777873c1164) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/07/24 14:49:23.0921 3144 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/24 14:49:23.0953 3144 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/24 14:49:24.0031 3144 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/07/24 14:49:24.0093 3144 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/07/24 14:49:24.0140 3144 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/07/24 14:49:24.0171 3144 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/24 14:49:24.0328 3144 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/24 14:49:24.0359 3144 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/24 14:49:24.0421 3144 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/24 14:49:24.0437 3144 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/24 14:49:24.0484 3144 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/24 14:49:24.0609 3144 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
2011/07/24 14:49:24.0703 3144 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/24 14:49:24.0781 3144 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/24 14:49:24.0843 3144 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/24 14:49:24.0875 3144 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/24 14:49:24.0921 3144 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/24 14:49:25.0187 3144 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/24 14:49:25.0437 3144 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/24 14:49:25.0484 3144 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/24 14:49:25.0531 3144 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/24 14:49:25.0562 3144 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/24 14:49:25.0593 3144 FltMgr (5a85cd3d07273e3f6fe72ee9c6431632) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/24 14:49:25.0656 3144 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
2011/07/24 14:49:25.0687 3144 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/24 14:49:25.0734 3144 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/24 14:49:25.0812 3144 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/24 14:49:25.0859 3144 gxbdkncm (1219d37a795770cdb5522087e9833cb7) C:\WINDOWS\system32\drivers\gxbdkncm.sys
2011/07/24 16:28:16.0375 3096 Deinitialize success

Sorry for the multi post the server was lag just now

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:47 PM

Posted 24 July 2011 - 12:37 PM

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Daniel89

Daniel89
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 25 July 2011 - 05:48 AM

Hello Broni

Sorry for the late reply just got back from work. And I let the computer scanned for an hour plus yet the same thing happen it stucked on the same file just like yesterday which is

C:\WINDOWS\system32\drivers\gxbdkncm.sys

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:47 PM

Posted 25 July 2011 - 07:05 PM

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 Daniel89

Daniel89
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:47 AM

Posted 26 July 2011 - 05:27 AM

Hello Broni

Thanks for your help appreciate that a lot hope it could be solved though :mellow:

#14 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:12:47 PM

Posted 26 July 2011 - 01:10 PM

Now that your log is properly posted, here, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the logs you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users