Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan that cannot be cleaned


  • This topic is locked This topic is locked
4 replies to this topic

#1 angierivercity

angierivercity

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 11 January 2012 - 03:49 PM

Link to original post if it helps: http://www.bleepingcomputer.com/forums/topic437487.html/page__pid__2549161#entry2549161

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Eliana at 14:14:35 on 2012-01-11
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2005.563 [GMT -6:00]
.
AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\GFI Software\VIPRE\SBPIMSvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\GFI Software\VIPRE\SBAMSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\UPS\WSTD\UPSNA1Msgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\GFI Software\VIPRE\SBAMTray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\UPS\WSTD\WSTDMessaging.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Intuit\QuickBooks 2011\qbw32.exe
C:\TimeCard Manager 8\TCM.exe
C:\windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\windows\system32\conhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp:\\www.altex.com\
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [CorelDRAW Graphics Suite 11b] c:\program files\corel\corel graphics 12\languages\en\programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=011811 serial=DR12CCF-5811167-HLK lang=EN
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NA1Messenger] c:\ups\wstd\UPSNA1Msgr.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SBAMTray] "c:\program files\gfi software\vipre\SBAMTray.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\upswor~2.lnk - c:\ups\wstd\WSTDMessaging.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\upswor~1.lnk - c:\ups\wstd\wstdPldReminder.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9952315D-4AB8-4378-9870-2ED17DC786F6} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C08459D3-495B-4168-9259-069B11C16A37} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{FD194921-411D-426C-A9A1-41456B21B0E6} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-30 652872]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
R2 SBAMSvc;VIPRE Antivirus;c:\program files\gfi software\vipre\SBAMSvc.exe [2011-11-1 3287472]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-9-9 77816]
R2 SBPIMSvc;SB Recovery Service;c:\program files\gfi software\vipre\SBPIMSvc.exe [2011-11-1 173424]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-7-13 265088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSIb.sys [2009-7-13 11904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-9 20464]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-24 278560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\ae1000va.sys [2011-1-1 836384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-11-1 72312]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-24 1343400]
.
=============== Created Last 30 ================
.
2012-01-10 15:31:32 90 ----a-w- c:\users\eliana\appdata\roaming\netstat.bat
2011-12-30 15:37:00 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-12-30 15:29:50 -------- d-----w- c:\users\eliana\appdata\local\ElevatedDiagnostics
2011-12-13 20:13:40 2340352 ----a-w- c:\windows\system32\win32k.sys
2011-12-13 20:13:36 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-13 20:13:33 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-13 20:13:32 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-13 20:13:30 3901808 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-13 20:13:29 3957104 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
==================== Find3M ====================
.
2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-05 04:35:50 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 04:34:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-05 03:28:41 386048 ----a-w- c:\windows\system32\html.iec
2011-11-05 02:55:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-01 06:42:10 11632 ----a-w- c:\windows\system32\drivers\vdd\apvdd.dll
2011-11-01 06:42:02 42864 ----a-w- c:\windows\system32\sbbd.exe
2011-11-01 06:08:14 72312 ----a-w- c:\windows\system32\drivers\sbwtis.sys
2011-10-26 21:40:02 101112 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-12-09 22:03:30 342016 ----a-w- c:\program files\Setup.exe
.
============= FINISH: 14:15:23.30 ===============



=======================================================================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-11 14:43:12
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD5000AAKS-22V1A0 rev.05.01D05
Running: gmer.exe; Driver: C:\Users\Eliana\AppData\Local\Temp\awliypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C5F5D9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C84092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Users\Eliana\AppData\Local\Temp\aswMBR.sys The system cannot find the file specified. !
? C:\Users\Eliana\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\windows\system32\svchost.exe[1020] ntdll.dll!NtProtectVirtualMemory 771751C0 5 Bytes JMP 0059000A
.text C:\windows\system32\svchost.exe[1020] ntdll.dll!NtWriteVirtualMemory 77175D40 5 Bytes JMP 009F000A
.text C:\windows\system32\svchost.exe[1020] ntdll.dll!KiUserExceptionDispatcher 77176298 5 Bytes JMP 0035000A
.text C:\windows\System32\ping.exe[2356] ntdll.dll!NtCreateProcess 77174940 5 Bytes JMP 0059000A
.text C:\windows\System32\ping.exe[2356] ntdll.dll!NtCreateProcessEx 77174950 5 Bytes JMP 005A000A
.text C:\windows\System32\ping.exe[2356] ntdll.dll!NtCreateUserProcess 77174A20 5 Bytes JMP 0089000A
.text C:\windows\System32\ping.exe[2356] ntdll.dll!NtProtectVirtualMemory 771751C0 5 Bytes JMP 0054000A
.text C:\windows\System32\ping.exe[2356] ntdll.dll!NtWriteVirtualMemory 77175D40 5 Bytes JMP 0055000A
.text C:\windows\System32\ping.exe[2356] ntdll.dll!KiUserExceptionDispatcher 77176298 5 Bytes JMP 0053000A
.text C:\windows\System32\ping.exe[2356] USER32.dll!GetCursorPos 758EC198 5 Bytes JMP 0090000A
.text C:\windows\System32\ping.exe[2356] USER32.dll!GetForegroundWindow 758F565D 5 Bytes JMP 0092000A
.text C:\windows\System32\ping.exe[2356] USER32.dll!WindowFromPoint 75916D0C 5 Bytes JMP 0091000A
.text C:\windows\System32\ping.exe[2356] ole32.dll!CoCreateInstance 7610590C 5 Bytes JMP 008F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!CreateWindowExW 758F0E51 5 Bytes JMP 68D5810F C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!DialogBoxIndirectParamW 75914AA7 5 Bytes JMP 68E800C8 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!DialogBoxParamW 7591564A 5 Bytes JMP 68C74B87 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!DialogBoxParamA 7592CF6A 5 Bytes JMP 68E80065 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!DialogBoxIndirectParamA 7592D29C 5 Bytes JMP 68E8012B C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!MessageBoxIndirectA 7593E8C9 5 Bytes JMP 68E7FFFA C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!MessageBoxIndirectW 7593E9C3 5 Bytes JMP 68E7FF8F C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!MessageBoxExA 7593EA29 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!MessageBoxExA 7593EA29 5 Bytes JMP 68E7FF2D C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5020] USER32.dll!MessageBoxExW 7593EA4D 5 Bytes JMP 68E7FECB C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!CreateDialogParamW 758E9BFF 5 Bytes JMP 68CAC590 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!EnableWindow 758EA72E 5 Bytes JMP 68CAC50B C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!GetAsyncKeyState 758EC09A 5 Bytes JMP 68C6D6D1 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!UnhookWindowsHookEx 758ECC7B 5 Bytes JMP 68D68345 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!CallNextHookEx 758ECC8F 5 Bytes JMP 68D49D1C C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!CreateWindowExW 758F0E51 5 Bytes JMP 68D5810F C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!SetWindowsHookExW 758F210A 5 Bytes JMP 68D0460B C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!GetKeyState 758F4FDA 5 Bytes JMP 68CAD782 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!IsDialogMessageW 758F6F06 5 Bytes JMP 68C74264 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!CreateDialogParamA 75903E79 5 Bytes JMP 68E80CBE C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!IsDialogMessage 7590407A 5 Bytes JMP 68E8055F C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!CreateDialogIndirectParamA 75909110 5 Bytes JMP 68E80CF5 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!CreateDialogIndirectParamW 759108AD 5 Bytes JMP 68E80D2C C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!DialogBoxIndirectParamW 75914AA7 5 Bytes JMP 68E800C8 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!EndDialog 7591555C 5 Bytes JMP 68C75AC9 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!DialogBoxParamW 7591564A 5 Bytes JMP 68C74B87 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!SetKeyboardState 75916B52 5 Bytes JMP 68E808C4 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!SendInput 75917055 5 Bytes JMP 68E81488 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!SetCursorPos 7592C1D8 5 Bytes JMP 68E814E0 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!DialogBoxParamA 7592CF6A 5 Bytes JMP 68E80065 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!DialogBoxIndirectParamA 7592D29C 5 Bytes JMP 68E8012B C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!MessageBoxIndirectA 7593E8C9 5 Bytes JMP 68E7FFFA C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!MessageBoxIndirectW 7593E9C3 5 Bytes JMP 68E7FF8F C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!MessageBoxExA 7593EA29 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!MessageBoxExA 7593EA29 5 Bytes JMP 68E7FF2D C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!MessageBoxExW 7593EA4D 5 Bytes JMP 68E7FECB C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] USER32.dll!keybd_event 7593EC9B 5 Bytes JMP 68E81813 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] SHELL32.dll!SHChangeNotification_Lock + 45BA 764EB440 4 Bytes [11, 36, B1, 6A] {ADC [ESI], ESI; MOV CL, 0x6a}
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] SHELL32.dll!SHChangeNotification_Lock + 45C2 764EB448 8 Bytes [5F, 35, B1, 6A, D0, 73, B0, ...] {POP EDI; XOR EAX, 0x73d06ab1; MOV AL, 0x6a}
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] ole32.dll!OleLoadFromStream 760B5BF6 5 Bytes JMP 68E8041B C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5116] ole32.dll!CoCreateInstance 7610590C 5 Bytes JMP 68D58BFD C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5612] kernel32.dll!SetUnhandledExceptionFilter 760230E2 5 Bytes JMP 5D2C6376 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[5612] ole32.dll!OleLoadFromStream 760B5BF6 5 Bytes JMP 5DB85530 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000043 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\tdx \Device\Tcp [8E68CEBA] \SystemRoot\system32\DRIVERS\tdx.sys[.data]

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\tdx \Device\Udp [8E68CEBA] \SystemRoot\system32\DRIVERS\tdx.sys[.data]
Device \Driver\tdx \Device\RawIp [8E68CEBA] \SystemRoot\system32\DRIVERS\tdx.sys[.data]

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 8E668000-8E681000 (102400 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\windows\System32\ping.exe (*** hidden *** ) 2356

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB63081$\1120075325 0 bytes
File C:\Windows\$NtUninstallKB63081$\1792580785 0 bytes
File C:\Windows\$NtUninstallKB63081$\1792580785\@ 2048 bytes
File C:\Windows\$NtUninstallKB63081$\1792580785\bckfg.tmp 862 bytes
File C:\Windows\$NtUninstallKB63081$\1792580785\cfg.ini 207 bytes
File C:\Windows\$NtUninstallKB63081$\1792580785\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB63081$\1792580785\keywords 209 bytes
File C:\Windows\$NtUninstallKB63081$\1792580785\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB63081$\1792580785\L 0 bytes
File C:\Windows\$NtUninstallKB63081$\1792580785\L\xadqgnnk 74240 bytes
File C:\Windows\$NtUninstallKB63081$\1792580785\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB63081$\1792580785\U 0 bytes
File C:\Windows\$NtUninstallKB63081$\1792580785\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB63081$\1792580785\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB63081$\1792580785\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB63081$\1792580785\U\80000000.@ 11264 bytes
File C:\Windows\$NtUninstallKB63081$\1792580785\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB63081$\1792580785\U\80000032.@ 77312 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\T3VAizjiVhwNjITswVKC_g==[2].xml 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\530dee22-e3c1-4e9f-bf62-c31d510d9656[1].woff 57020 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\5Ywdce7XEbTSbxs__4X1_HgYs3kXQQUQo8uxnUKxt_Q[2].eot 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\ae1656aa-5f8f-4905-aed0-93e667bd6e4a[1].eot 127326 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\tabs_gradient_light[1].png 388 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\shop-all-sets[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\expansion_embed[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\ExtLibInPlay_177[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\beyonce_knowles407[1].jpg 7132 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\dre[1].jpg 3962 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\search_eclickz_com[1].htm 12033 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\4105hN-5p8L._SS200_[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\411%2BzhoJX7L._SS200_[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\41urM4pnRwL._SS200_[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\4a0a9cea50fa4b4afe171bcecb30acb6[1].swf 19614 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\4aaa867c71f6e153517e6c2e65483433[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\styles[1].css 19865 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\d=1[2] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\new[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\render_ads[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\Opus-Regular-webfont[1].eot 38766 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\icon-facebook[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\icon18_edit_allbkg[1].gif 162 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\iframe[2].txt 74 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\lgl[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\get[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\murbia-webfont[1].eot 121452 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\in[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\i_5_1[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSJNTOIQ\javascript[1].js 24375 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\41I6sSH7HlL[1].js 31919 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\41NLbRdDzbL._SS200_[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\5027476461311652033[1].gif 37633 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\51Fr72Du4HL._SS200_[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\5451588783_345f3873fe[2].jpeg 27876 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\ad_choices_en[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\ad_choices_i[2].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\ag-logo[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\ads[2].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\csgather[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\css[1].txt 576 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\418lmEJTfFL._SS200_[1].jpg 5845 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\ation=site_below_player;dcopt=ist;campaign=;page=category;kw=blinkx;pid=18;sz=468x62,300x251;;source=site;t=;tile=2;ord=8240933904872955[1] 244 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\authorization[1].css 1 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\background[1].gif 47602 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\;adlocation=site_above_results;dcopt=ist;campaign=;page=category;kw=blinkx;pid=18;sz=300x250;;source=site;t=;tile=3;ord=8240933904872955[1] 245 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\abg[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\iframe[2] 43 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\9311bb5dc6e26ac84f2e0843d82c9c91[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\yellowdailynews_com[2].txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\zw08b_300x250_1009[1].swf 22502 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\p[1].txt 56671 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\Q3-2011_45Plan_300x250[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\show_ads_impl[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\webfont[1].js 17305 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\categories-home-bottom[1].jpg 662 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\its_love_for_an406[1].jpg 6827 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\icon18_email[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\arrow-grey[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\ga[2].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\120911_CXT_22_19.95_hsia_only_FAST_160x600_SWF[2].swf 32875 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\dropdown.vertical[1].css 152 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\dropdown[1].css 881 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\search[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\shop-all-assortments[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\go[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\header11-back-933[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\lgl[2].htm 132 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTP9D6XE\lgl[3].htm 0 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:07 PM

Posted 16 January 2012 - 12:26 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 angierivercity

angierivercity
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 17 January 2012 - 10:02 AM

Thank you for responding. My company has brough someone in to fix all of our computer issues, if for some reason he cannot resolve this one I will post back. Thank you.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:07 PM

Posted 17 January 2012 - 10:15 AM

OK thank you for letting me know and if it gets closed and you need it open just give me a PM




gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:07 PM

Posted 20 January 2012 - 02:34 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users