Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Find-Fast-Answers redirect virus is killing me!!


  • This topic is locked This topic is locked
7 replies to this topic

#1 satchmo!

satchmo!

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 20 October 2011 - 08:51 AM

I have ran McAffee and MalwareBytes and not found any suspect files. However, I still find this redirect in IE and Firefox.


I have loaded the GMER 1.0 and could not get it to scan. I get a pop that states "GMER hasn't found any system modifcations." I am only checking the services, and registry. I have also added the options for IRP hooks and NTAPI register scan.


Do you have any recommendations to proceed?

Edited by Orange Blossom, 20 October 2011 - 09:52 AM.
Moved from XP to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:37 PM

Posted 20 October 2011 - 11:49 AM

Hello,please run these also.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 satchmo!

satchmo!
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 20 October 2011 - 01:15 PM

MiniToolBox by Farbar
Ran by jquade (administrator) on 20-10-2011 at 13:07:00
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=static addr=10.244.192.141 mask=255.255.254.0
set address name="Local Area Connection 3" gateway=10.244.192.141 gwmetric=1
set dns name="Local Area Connection 3" source=static addr=161.36.126.12 register=PRIMARY
add dns name="Local Area Connection 3" addr=161.36.36.188 index=2
set wins name="Local Area Connection 3" source=static addr=161.36.38.87


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : MADJQUADE1010

Primary Dns Suffix . . . . . . . : emhartna.com

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : emhartna.com

americas.swk.pri

naptg.com

eur.swk.pri

asia.swk.pri

bdkroot.com

efteurind.com

eftjpnpr.com



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : Quade's

Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card

Physical Address. . . . . . . . . : 1C-65-9D-2A-7D-E1

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.11

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Thursday, October 20, 2011 12:53:30 PM

Lease Expires . . . . . . . . . . : Thursday, October 20, 2011 1:53:30 PM



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® 82567LM Gigabit Network Connection

Physical Address. . . . . . . . . : 5C-26-0A-10-6A-38

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Autoconfiguration IP Address. . . : 169.254.101.122

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . :



Ethernet adapter Local Area Connection 3:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Cisco Systems VPN Adapter

Physical Address. . . . . . . . . : 00-05-9A-3C-78-00

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.244.192.141

Subnet Mask . . . . . . . . . . . : 255.255.254.0

Default Gateway . . . . . . . . . : 10.244.192.141

DNS Servers . . . . . . . . . . . : 161.36.126.12

161.36.36.188

Primary WINS Server . . . . . . . : 161.36.38.87

Server: cheins-vip.corpbdk.com
Address: 161.36.126.12

Name: google.com
Addresses: 72.14.204.147, 72.14.204.99, 72.14.204.103, 72.14.204.104
72.14.204.105



Pinging google.com [72.14.204.99] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 72.14.204.99:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Server: cheins-vip.corpbdk.com
Address: 161.36.126.12

Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 67.195.160.76, 72.30.2.43
98.137.149.56



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...1c 65 9d 2a 7d e1 ...... Dell Wireless 1397 WLAN Mini-Card - Packet Scheduler Miniport
0x3 ...5c 26 0a 10 6a 38 ...... Intel® 82567LM Gigabit Network Connection - Packet Scheduler Miniport
0x10005 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.244.192.141 10.244.192.141 1
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.11 25
10.244.192.0 255.255.254.0 10.244.192.141 10.244.192.141 25
10.244.192.141 255.255.255.255 127.0.0.1 127.0.0.1 25
10.255.255.255 255.255.255.255 10.244.192.141 10.244.192.141 25
12.159.35.125 255.255.255.255 192.168.0.1 192.168.0.11 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 169.254.101.122 169.254.101.122 10
169.254.0.0 255.255.0.0 10.244.192.141 10.244.192.141 10
169.254.101.122 255.255.255.255 127.0.0.1 127.0.0.1 10
169.254.255.255 255.255.255.255 169.254.101.122 169.254.101.122 10
192.168.0.0 255.255.255.0 192.168.0.11 192.168.0.11 25
192.168.0.0 255.255.255.0 10.244.192.141 10.244.192.141 25
192.168.0.1 255.255.255.255 192.168.0.11 192.168.0.11 1
192.168.0.11 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.0.255 255.255.255.255 192.168.0.11 192.168.0.11 25
224.0.0.0 240.0.0.0 10.244.192.141 10.244.192.141 25
224.0.0.0 240.0.0.0 169.254.101.122 169.254.101.122 10
224.0.0.0 240.0.0.0 192.168.0.11 192.168.0.11 25
255.255.255.255 255.255.255.255 10.244.192.141 10.244.192.141 1
255.255.255.255 255.255.255.255 169.254.101.122 169.254.101.122 1
255.255.255.255 255.255.255.255 192.168.0.11 192.168.0.11 1
Default Gateway: 10.244.192.141
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/20/2011 01:04:51 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: The scan found detections. Scan engine version 5400.1158 DAT version 6504.

Error: (10/20/2011 00:10:08 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: The Group Policy client-side extension Group Policy Printers failed to execute. Please look for any errors reported earlier by that extension.

Error: (10/20/2011 00:10:08 PM) (Source: Group Policy Printers) (User: SYSTEM)SYSTEM
Description: The client-side extension could not remove user policy settings for ' ' because it failed with error code '0x8007000d The data is invalid.'%remove00790275

Error: (10/20/2011 11:03:37 AM) (Source: SLXDBLogging) (User: )
Description: Error writing to Logfile: WriteToLog - LogAttachment - FileName must contain a value.

Error: (10/20/2011 10:11:00 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: The Group Policy client-side extension Group Policy Printers failed to execute. Please look for any errors reported earlier by that extension.

Error: (10/20/2011 10:11:00 AM) (Source: Group Policy Printers) (User: SYSTEM)SYSTEM
Description: The client-side extension could not remove user policy settings for ' ' because it failed with error code '0x8007000d The data is invalid.'%remove00790275

Error: (10/20/2011 09:47:43 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x014a280e.
Processing media-specific event for [explorer.exe!ws!]

Error: (10/20/2011 09:28:52 AM) (Source: Application Hang) (User: )
Description: Hanging application IEXPLORE.EXE, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/20/2011 08:42:00 AM) (Source: Application Hang) (User: )
Description: Fault bucket 724398357.

Error: (10/20/2011 08:41:56 AM) (Source: Application Hang) (User: )
Description: Hanging application IEXPLORE.EXE, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (10/20/2011 08:23:36 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (10/20/2011 08:23:24 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (10/20/2011 08:23:21 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (10/20/2011 08:19:25 AM) (Source: DCOM) (User: SYSTEM)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

Error: (10/20/2011 08:17:31 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (10/20/2011 08:17:31 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Error: (10/20/2011 08:17:27 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain EMHARTNA due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (10/19/2011 03:15:10 PM) (Source: Service Control Manager) (User: )
Description: The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).

Error: (10/19/2011 02:53:34 PM) (Source: 0) (User: )
Description: \Device\LanmanServer

Error: (10/19/2011 02:53:34 PM) (Source: 0) (User: )
Description: \Device\LanmanServer


Microsoft Office Sessions:
=========================
Error: (10/20/2011 01:04:51 PM) (Source: McLogEvent)(User: SYSTEM)SYSTEM
Description: The scan found detections. Scan engine version 5400.1158 DAT version 6504.

Error: (10/20/2011 00:10:08 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: Group Policy Printers

Error: (10/20/2011 00:10:08 PM) (Source: Group Policy Printers)(User: SYSTEM)SYSTEM
Description: removeuser 0x8007000d The data is invalid.

Error: (10/20/2011 11:03:37 AM) (Source: SLXDBLogging)(User: )
Description: Error writing to Logfile: WriteToLog - LogAttachment - FileName must contain a value.

Error: (10/20/2011 10:11:00 AM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: Group Policy Printers

Error: (10/20/2011 10:11:00 AM) (Source: Group Policy Printers)(User: SYSTEM)SYSTEM
Description: removeuser 0x8007000d The data is invalid.

Error: (10/20/2011 09:47:43 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.0014a280e

Error: (10/20/2011 09:28:52 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE6.0.2900.5512hungapp0.0.0.000000000

Error: (10/20/2011 08:42:00 AM) (Source: Application Hang)(User: )
Description: 724398357

Error: (10/20/2011 08:41:56 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE6.0.2900.5512hungapp0.0.0.000000000


=========================== Installed Programs ============================

Adobe Acrobat 6.0 Standard (Version: 006.000.000)
Adobe Flash Player 10 ActiveX (Version: 10.1.85.3)
Adobe Flash Player 10 Plugin (Version: 10.2.152.32)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
BioAPI Framework (Version: 1.0.1)
BlackBerry Desktop Software 6.0.1 (Version: 6.0.1.18)
Brother MFL-Pro Suite MFC-490CW (Version: 1.0.0.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Configuration Manager Client (Version: 4.00.6487.2000)
CutePDF Writer 2.5
Dell ControlVault Host Components Installer (Version: 1.7.459.360)
Dell Security Device Driver Pack (Version: 1.4.055)
Dell Wireless WLAN Card Utility (Version: 4.170.77.13)
IDT Audio (Version: 1.0.6017.1)
Intel AppUp(SM) center (Version: 19079)
Intel® Graphics Media Accelerator Driver
Intel® Network Connections Drivers (Version: 14.5)
J2SE Runtime Environment 5.0 Update 11 (Version: 1.5.0.110)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (Version: 6.0.220)
Logitech Harmony Remote Software (Version: 0.6.0201)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
McAfee Agent (Version: 4.5.0.1270)
McAfee AntiSpyware Enterprise Module (Version: 8.7.0.129)
McAfee VirusScan Enterprise (Version: 8.7.00004)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Conferencing Add-in for Microsoft Office Outlook (Version: 8.0.6362.114)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft MapPoint North America 2006 (Version: 13.00.15.2800)
Microsoft Office Communicator 2007 R2 (Version: 3.5.6907.206)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.202)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Organization Chart 2.0 (Version: 11.0.5614.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server Desktop Engine (SalesLogix) (Version: 8.00.2039)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSN
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
PANTECH UM175 Driver (Version: 3.3.3524.918)
PaperPort Image Printer (Version: 1.00.0000)
PatchLink Update Agent for Windows (Version: 6.4.0.405)
RDC
RICOH R5C83x/84x Media Driver Ver.3.53.02 (Version: 3.53.02)
SalesLogix Client (Version: 7.52.3211)
ScanSoft PaperPort 11 (Version: 11.1.0000)
Skype™ 5.1 (Version: 5.1.104)
TomTom HOME 2.8.2.2264 (Version: 2.8.2.2264)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
UPEK TouchChip Fingerprint Reader (Version: 1.2.0)
VPN Client
VZAccess Manager (Version: 7.2.1.2)
WebEx
WebFldrs XP (Version: 9.50.7523)
WIMGAPI (Version: 1.0.0.0)
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Rights Management Client with Service Pack 2 (Version: 5.2.95)
WinVNC 3.3.3
WinZip (Version: 8.1 SR-1 (5266))
Wisdom-soft Set up ScreenHunter 5.1 Free

========================= Memory info: ===================================

Percentage of memory in use: 86%
Total physical RAM: 1999.83 MB
Available physical RAM: 262.41 MB
Total Pagefile: 3892.05 MB
Available Pagefile: 1527.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 2003.48 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:119.23 GB) (Free:92.91 GB) NTFS
3 Drive l: (Storage) (Network) (Total:253.64 GB) (Free:39.8 GB) NTFS
4 Drive n: (Storage) (Network) (Total:253.64 GB) (Free:39.8 GB) NTFS
5 Drive q: (Storage) (Network) (Total:253.64 GB) (Free:39.8 GB) NTFS
6 Drive z: (Storage) (Network) (Total:253.64 GB) (Free:39.8 GB) NTFS

========================= Users: ========================================

User accounts for \\MADJQUADE1010

#BDKAdmin #BDKGuest admin
carabao HelpAssistant PCAdmin
SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini022011-01.dmp
C:\WINDOWS\Minidump\Mini022211-01.dmp

**** End of log ****


Cannot run aswMBR.exe for some reason. I will try a reboot. Thanx!!

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:37 PM

Posted 20 October 2011 - 02:06 PM

OK< if it fails again then we need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include a link back to this topic.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 satchmo!

satchmo!
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 20 October 2011 - 02:57 PM

Thanks again, boopme!

Here is the dds.txt report:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Run by jquade at 14:34:15 on 2011-10-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2000.1102 [GMT -5:00]
.
AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SALESLOGIX\Binn\sqlservr.exe
C:\Program Files\SalesLogix\SLXServer.exe
C:\Program Files\SalesLogix\SLXLoggingServer.exe
C:\Program Files\SalesLogix\SLXSystem.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\SalesLogix\SpeedSearch\Bin\SLXSearchService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\PatchLink\Update Agent\pddm.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\Intel\IntelAppStore\bin\serviceManager.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ecentral.stanleyblackanddecker.com/
mDefault_Page_URL = hxxp://ecentral.stanleyblackanddecker.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [WinVNC] "c:\program files\orl\vnc\WinVNC.exe" -servicehelper
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PDDM] c:\program files\patchlink\update agent\pddm.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [Intel AppUp(SM) center] "c:\program files\intel\intelappstore\bin\serviceManager.lnk"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: Wallpaper = %windir%\temp\corplogo\CorpLogo-Blank-201109.bmp
uPolicies-system: WallpaperStyle = 0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: authoria-test.com
Trusted Zone: authoria.com
Trusted Zone: ezbdk.com
Trusted Zone: authoria-test.com
Trusted Zone: authoria.com
Trusted Zone: ezbdk.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285277592250
DPF: {8161DA4A-CF2C-4926-8D29-C3F138FA7FA1} - hxxp://cheas400.emhartna.com:91/jde/axctls/jdewebctls.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://blackanddecker.webex.com/client/T27L10NSP11EP14/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{016D9C7B-9A99-45DA-8CB5-CD220DB6EDAF} : DhcpNameServer = 209.18.47.61 209.18.47.62
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-29 344712]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-3-23 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-3-23 27040]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-8-25 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-9-25 120128]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-8-25 147984]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-8-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-9-29 69192]
R2 MSSQL$SALESLOGIX;MSSQL$SALESLOGIX;c:\program files\microsoft sql server\mssql$saleslogix\binn\sqlservr.exe [2005-5-4 9150464]
R2 SalesLogix Server Service;SalesLogix Server;c:\program files\saleslogix\SLXServer.exe [2010-5-20 729088]
R2 SalesLogix System;SalesLogix System Service;c:\program files\saleslogix\SLXSystem.exe [2010-5-20 385024]
R2 SlxSearch;SalesLogix SpeedSearch;c:\program files\saleslogix\speedsearch\bin\SLXSearchService.exe [2009-11-19 977568]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-9-29 108160]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-9-29 33832]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2010-9-23 240344]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-9-29 110080]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-29 91896]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-29 43192]
R3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-9-29 280344]
S0 cerc6;cerc6; [x]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-29 66536]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2011-2-16 54416]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2011-2-16 160272]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2011-2-16 160272]
S3 PTDUWFLT;PTDUWWAN Filter Driver;c:\windows\system32\drivers\PTDUWFLT.sys [2011-2-16 11920]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2011-2-16 113680]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S3 SQLAgent$SALESLOGIX;SQLAgent$SALESLOGIX;c:\program files\microsoft sql server\mssql$saleslogix\binn\sqlagent.EXE [2005-5-3 323584]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S4 PLServiceMonitor;PatchLink Service Monitor;c:\program files\patchlink\update agent\PLServiceMonitor.exe [2010-11-3 204800]
.
=============== Created Last 30 ================
.
2011-10-19 20:36:24 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2011-10-19 20:36:24 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2011-10-19 20:36:24 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2011-10-19 20:36:24 8192 ----a-w- c:\windows\system32\kbdkor.dll
2011-10-19 20:36:24 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2011-10-19 20:36:24 6144 ----a-w- c:\windows\system32\kbd101c.dll
2011-10-19 20:36:24 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2011-10-19 20:36:24 5632 ----a-w- c:\windows\system32\kbd103.dll
2011-10-19 20:36:21 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2011-10-19 20:36:21 6144 ----a-w- c:\windows\system32\kbd101b.dll
2011-10-19 20:36:20 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2011-10-19 20:36:20 6144 ----a-w- c:\windows\system32\kbd106.dll
2011-10-19 20:33:52 -------- d-----w- c:\documents and settings\jquade\local settings\application data\Adobe
2011-10-19 19:52:23 -------- d-----r- c:\documents and settings\jquade\application data\Brother
2011-10-19 16:37:46 -------- d-----w- C:\unzipped
2011-10-19 14:34:22 -------- d-----w- c:\documents and settings\jquade\local settings\application data\Mozilla
2011-10-19 14:34:00 -------- d-----w- c:\documents and settings\jquade\application data\SalesLogix
2011-10-19 14:33:43 -------- d-----w- c:\documents and settings\jquade\local settings\application data\SalesLogix
2011-10-18 20:18:44 -------- d-----w- c:\documents and settings\jquade\application data\Malwarebytes
2011-10-18 20:05:14 -------- d-s---w- c:\documents and settings\jquade\UserData
2011-10-18 20:01:13 -------- d-----w- c:\documents and settings\jquade\Tracing
2011-10-18 20:01:12 -------- d-----w- c:\documents and settings\jquade\local settings\application data\Intel
2011-10-18 20:01:08 -------- d-----w- c:\documents and settings\jquade\local settings\application data\Scansoft
2011-10-18 20:01:08 -------- d-----w- c:\documents and settings\jquade\application data\McAfee
2011-10-04 18:58:54 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-04 18:58:51 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-04 18:58:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-05 13:56:22 667136 ----a-w- c:\windows\system32\wininet.dll
2011-09-05 13:56:22 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-09-05 13:56:21 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-09-05 12:35:09 369664 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 14:40:35.58 ===============

On GMER 1.0 the only options I could check were Services, Registry, FIles C:\, and ADS. Report as follows:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-20 14:54:32
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\jquade\LOCALS~1\Temp\pfrdipod.sys


---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\jquade\Local Settings\Temporary Internet Files\Content.IE5\YTAH0XOD\login_status[1].php 549 bytes
File C:\Documents and Settings\jquade\Local Settings\Temporary Internet Files\Content.IE5\Z14Q4T2C\an-interview-with-duff-mckagan-author-of[1] 73323 bytes

---- EOF - GMER 1.0.15 ----


I do not see the attach file option so I apologize for posting the long reports....

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:37 PM

Posted 20 October 2011 - 03:33 PM

Hi satchmo,just a little more blues for you :)

You need to post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.

Edited by boopme, 20 October 2011 - 03:33 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 satchmo!

satchmo!
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 20 October 2011 - 03:48 PM

Thanks! My bad. Here is the link to my Removal Log for anyone following this topic:

http://www.bleepingcomputer.com/forums/topic424357.html

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:37 PM

Posted 20 October 2011 - 06:07 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 3 - 5 days and ALL logs are amswered.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users