Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 search redirect - csrss.exe, atieclxx.exe, winlogon.exe


  • This topic is locked This topic is locked
9 replies to this topic

#1 gringojosh

gringojosh

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 21 February 2014 - 12:39 PM

This virus was acquired yesterday when my firewall was down (oops). Ran a MBAM scan and removed recommended entries. Solved the redirect issue but PC performance is still slow. Virus launches multiple versions of the same "exe" file for programs I have installed on my PC, although none of those are visible on the desktop (i.e., 6 separate instances of "chrome.exe" running at the same time). Below is the log - many thanks! 

 

----------------------------------

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16798  BrowserJavaVersion: 10.51.2
Run by Morris at 12:29:27 on 2014-02-21
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8184.5357 [GMT -8:00]
.
AV: AVG AntiVirus Business Edition *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Business Edition *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\Kerio\UpdaterService\ktupdaterservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
uRunOnce: [Application Restart #1] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=AppsPanel_BL --appletVersion=1.0 --mode=LBS --helperBridgeName={9E2C007C-3A20-43AD-8E8D-A7EA30B26A70} --helperPath=C:\Users\Morris\AppData\Local\Temp\\Creative Cloud Helper.exe --lbsWorkflowID={FE0E2FB6-3F2F-4071-878B-218568D6D1F2} --inputXmlPath="C:\Users\Morris\AppData\Local\Temp\{46078314-E90A-4A32-B629-FA50885D44A4}"  /RestartByRestartManager:B94F7FE8-4351-4e37-9E18-D68C77FCF98B
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: Interfaces\{8B7AD4D8-1F57-41C5-B1FB-4484DF4BF8EC} : DHCPNameServer = 192.168.1.3 24.92.226.11 24.92.226.12
TCP: Interfaces\{DD0C47A6-5FEA-4AD7-8118-B8DF1D9ECF56} : NameServer = 192.168.1.3,8.8.8.8
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-10-23 45880]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-25 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2014-2-19 65024]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-6 344064]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-19 59648]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2014-2-20 239680]
R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-12-7 202328]
R2 ktupdaterservice;Kerio Updater Service;C:\Program Files (x86)\Kerio\UpdaterService\ktupdaterservice.exe [2013-12-12 950272]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-20 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-20 701512]
R2 monblanking;monblanking;C:\Windows\System32\drivers\monblanking.sys [2014-2-21 34960]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-20 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-29 412776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-19 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-2-13 1255736]
.
=============== Created Last 30 ================
.
2014-02-21 16:31:38 53080 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\GoToPrintProcessor_x64.dll
2014-02-21 16:31:38 131416 ----a-w- C:\Windows\System32\gotomon_x64.dll
2014-02-21 16:31:38 -------- d-----w- C:\ProgramData\CitrixLogs
2014-02-21 16:31:35 34960 ----a-w- C:\Windows\System32\drivers\monblanking.sys
2014-02-21 16:31:34 -------- d-----w- C:\Program Files (x86)\Citrix
2014-02-21 16:29:56 -------- d-----w- C:\ProgramData\Oracle
2014-02-21 16:27:43 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-21 04:55:06 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-02-21 04:55:06 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-02-21 04:55:06 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-02-21 04:55:05 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-02-21 04:26:47 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-02-21 03:48:24 388096 ----a-r- C:\Users\Morris\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-02-21 03:48:24 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-02-21 02:37:31 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-02-21 02:37:31 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2014-02-21 01:47:36 -------- d-----w- C:\Users\Morris\AppData\Roaming\Malwarebytes
2014-02-21 01:47:32 -------- d-----w- C:\ProgramData\Malwarebytes
2014-02-21 01:47:31 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-21 01:47:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-21 00:06:16 335360 ----a-w- C:\Windows\System32\msieftp.dll
2014-02-21 00:06:16 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2014-02-21 00:06:15 633856 ----a-w- C:\Windows\System32\comctl32.dll
2014-02-21 00:06:15 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2014-02-21 00:06:11 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2014-02-21 00:06:10 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2014-02-21 00:06:10 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2014-02-21 00:06:10 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2014-02-21 00:06:05 224256 ----a-w- C:\Windows\System32\wintrust.dll
2014-02-21 00:06:05 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2014-02-21 00:04:59 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2014-02-20 23:54:47 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2014-02-20 23:54:30 -------- d-----w- C:\Users\Morris\AppData\Roaming\Softland
2014-02-20 23:54:29 25920 ----a-w- C:\Windows\System32\dopdfmn7.dll
2014-02-20 23:54:29 21312 ----a-w- C:\Windows\System32\dopdfmi7.dll
2014-02-20 23:54:28 1700352 ----a-w- C:\Windows\System32\GdiPlus.dll
2014-02-20 23:54:28 -------- d-----w- C:\Program Files\Softland
2014-02-20 23:28:39 -------- d-----w- C:\Users\Morris\AppData\Local\SearchProtect
2014-02-20 23:27:36 -------- d-----w- C:\Users\Morris\AppData\Roaming\Foxit Software
2014-02-20 23:27:18 -------- d-----w- C:\Program Files (x86)\Foxit Software
2014-02-20 23:13:25 -------- d-----w- C:\Users\Morris\AppData\Local\PDF Writer
2014-02-20 23:13:04 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2014-02-20 23:11:46 -------- d-----w- C:\Users\Morris\AppData\Local\Programs
2014-02-20 22:40:57 -------- d-----w- C:\ProgramData\firebird
2014-02-20 22:40:10 -------- d-----w- C:\Users\Morris\AppData\Local\Kerio
2014-02-20 22:34:22 -------- d-----w- C:\ProgramData\Kerio
2014-02-20 22:34:18 -------- d-----w- C:\Program Files (x86)\Kerio
2014-02-20 22:24:00 -------- d-----w- C:\Users\Morris\AppData\Local\ElevatedDiagnostics
2014-02-20 19:39:09 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2014-02-20 11:06:22 -------- d-----w- C:\Windows\System32\SPReview
2014-02-20 11:05:40 -------- d-----w- C:\Windows\System32\EventProviders
2014-02-20 02:43:29 -------- d-----w- C:\Users\Morris\AppData\Local\Adobe
2014-02-20 00:41:08 -------- d-----w- C:\Users\Morris\AppData\Roaming\Xerox
2014-02-20 00:39:42 -------- d-----w- C:\ProgramData\Xerox
2014-02-19 23:47:58 -------- d-----w- C:\Users\Morris\AppData\Roaming\AVG2013
2014-02-19 23:46:29 -------- d--h--w- C:\$AVG
2014-02-19 23:46:29 -------- d-----w- C:\ProgramData\AVG2013
2014-02-19 23:45:04 -------- d-----w- C:\Program Files (x86)\AVG
2014-02-19 23:24:48 -------- d--h--w- C:\ProgramData\Common Files
2014-02-19 23:24:48 -------- d-----w- C:\Users\Morris\AppData\Local\MFAData
2014-02-19 23:24:48 -------- d-----w- C:\Users\Morris\AppData\Local\Avg2013
2014-02-19 23:24:48 -------- d-----w- C:\ProgramData\MFAData
2014-02-19 22:51:27 -------- d-----w- C:\Windows\PCHEALTH
2014-02-19 22:49:27 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2014-02-19 22:48:29 -------- d-----w- C:\Users\Morris\AppData\Local\Microsoft Help
2014-02-19 22:41:23 1175552 ----a-w- C:\Windows\SysWow64\O2CPlayer.OCX
2014-02-19 22:41:08 142336 ----a-w- C:\Windows\SysWow64\AECExtension.dll
2014-02-19 22:40:58 -------- d-s---w- C:\DataCAD 12
2014-02-19 22:26:21 -------- d-----w- C:\Users\Morris\AppData\Local\AMD
2014-02-19 22:25:37 -------- d-----w- C:\Users\Morris\AppData\Local\ATI
2014-02-19 22:24:55 0 ----a-w- C:\Windows\ativpsrm.bin
2014-02-19 21:57:34 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-02-19 21:57:31 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2014-02-19 21:56:25 -------- d-----w- C:\ProgramData\AMD
2014-02-19 21:55:36 -------- d-----w- C:\Program Files\AMD
2014-02-19 21:54:51 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2014-02-19 21:54:44 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2014-02-19 21:52:57 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
2014-02-19 21:51:59 625664 ----a-w- C:\Windows\System32\mscms.dll
2014-02-19 21:50:51 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2014-02-19 21:50:51 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2014-02-19 21:50:51 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2014-02-19 21:50:32 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2014-02-19 21:50:32 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2014-02-19 21:50:31 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2014-02-19 21:48:19 -------- d-----w- C:\ProgramData\Package Cache
2014-02-19 21:47:56 -------- d-----w- C:\Program Files\ATI Technologies
2014-02-19 21:47:54 -------- d-----w- C:\Program Files\ATI
2014-02-19 21:47:15 -------- d-----w- C:\AMD
2014-02-19 21:39:59 -------- d-----w- C:\Users\Morris\AppData\Roaming\library_dir
2014-02-19 21:36:02 -------- d-sh--w- C:\Windows\Installer
2014-02-19 21:31:47 -------- d-----w- C:\Users\Morris\AppData\Local\Google
2014-02-19 21:31:31 -------- d-----w- C:\Users\Morris\AppData\Local\Apps
2014-02-19 21:31:30 -------- d-----w- C:\Users\Morris\AppData\Local\Deployment
2014-02-19 20:52:23 -------- d-----w- C:\Users\Morris\AppData\Local\Diagnostics
2014-02-15 04:36:04 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2014-02-15 04:36:04 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2014-02-15 04:36:04 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-02-15 04:35:09 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-02-15 04:35:09 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-02-15 04:35:09 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-02-15 04:35:09 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-02-15 04:35:09 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-02-15 04:35:09 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-02-15 04:35:09 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-02-14 17:03:57 96768 ----a-w- C:\Windows\System32\fsutil.exe
2014-02-14 17:03:57 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2014-02-14 17:03:57 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2014-02-14 17:03:57 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2014-02-14 17:03:57 2565632 ----a-w- C:\Windows\System32\esent.dll
2014-02-14 17:03:57 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-02-14 17:03:57 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2014-02-14 17:03:57 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2014-02-14 17:03:57 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2014-02-14 17:03:57 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2014-02-14 13:12:58 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-02-14 13:12:55 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C1C21D52-4DA5-4919-BD40-7E5A23B78CC1}\mpengine.dll
2014-02-14 11:04:50 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-02-14 11:03:50 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2014-02-14 11:03:50 31232 ----a-w- C:\Windows\System32\prevhost.exe
2014-02-14 11:03:49 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-02-14 11:03:49 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-02-14 11:03:49 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-02-14 11:03:49 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2014-02-14 00:25:35 -------- d-----w- C:\Windows\SysWow64\Wat
2014-02-14 00:25:34 -------- d-----w- C:\Windows\System32\Wat
2014-02-13 23:51:29 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-02-13 23:51:29 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-02-13 23:51:29 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-02-13 23:19:03 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-02-13 23:18:48 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2014-02-13 23:18:48 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-02-13 23:18:47 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2014-02-13 23:18:47 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2014-02-13 23:18:47 158720 ----a-w- C:\Windows\System32\aaclient.dll
2014-02-13 23:18:47 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-02-13 23:16:42 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2014-02-13 23:16:14 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-02-13 23:13:59 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-02-13 23:13:59 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-02-13 23:12:19 478208 ----a-w- C:\Windows\System32\dpnet.dll
2014-02-13 23:12:19 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2014-02-13 23:12:19 3072 ----a-w- C:\Windows\System32\dpnaddr.dll
2014-02-13 23:12:19 2560 ----a-w- C:\Windows\SysWow64\dpnaddr.dll
2014-02-13 23:11:51 95744 ----a-w- C:\Windows\System32\synceng.dll
2014-02-13 23:11:51 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2014-02-13 23:10:51 715776 ----a-w- C:\Windows\System32\kerberos.dll
2014-02-13 23:10:51 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-02-13 23:10:08 59392 ----a-w- C:\Windows\System32\browcli.dll
2014-02-13 23:10:08 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2014-02-13 23:10:08 136704 ----a-w- C:\Windows\System32\browser.dll
2014-02-13 23:08:46 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2014-02-13 23:08:46 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2014-02-13 23:08:46 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2014-02-13 23:08:37 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2014-02-13 23:08:28 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2014-02-13 23:07:42 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe
2014-02-13 23:04:40 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2014-02-13 23:04:40 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2014-02-13 23:04:15 395776 ----a-w- C:\Windows\System32\webio.dll
2014-02-13 23:04:15 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2014-02-13 23:04:01 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-02-13 23:04:01 366592 ----a-w- C:\Windows\System32\qdvd.dll
2014-02-13 23:04:01 1572864 ----a-w- C:\Windows\System32\quartz.dll
2014-02-13 23:04:01 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2014-02-13 23:03:50 77312 ----a-w- C:\Windows\System32\packager.dll
2014-02-13 23:03:50 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-02-13 22:57:49 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2014-02-13 22:55:53 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2014-02-13 22:55:53 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2014-02-13 22:55:53 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2014-02-13 22:55:53 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2014-02-13 22:55:53 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2014-02-13 22:55:53 1118720 ----a-w- C:\Windows\System32\sbe.dll
2014-02-13 22:31:36 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-02-13 22:29:35 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-02-13 22:21:00 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-02-13 22:21:00 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2014-02-13 22:20:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-02-13 22:14:23 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2014-02-13 22:14:19 99840 ----a-w- C:\Windows\System32\wudriver.dll
2014-02-13 22:12:53 -------- d-sh--w- C:\Recovery
2014-02-13 20:57:14 -------- d-----w- C:\Windows\Panther
.
==================== Find3M  ====================
.
2014-02-21 04:26:47 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-02-20 11:14:50 175616 ----a-w- C:\Windows\System32\msclmd.dll
2014-02-20 11:14:50 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2014-02-17 13:41:42 147456 ----a-w- C:\Windows\SysWow64\bzpdfc.dll
2013-12-07 00:49:18 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2013-12-07 00:44:26 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-12-06 22:04:10 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-12-06 22:03:46 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-12-06 22:03:00 115512 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-12-06 22:02:38 98496 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-12-06 22:01:52 1318552 ----a-w- C:\Windows\System32\aticfx64.dll
2013-12-06 22:01:04 1100216 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-12-06 22:00:16 9753752 ----a-w- C:\Windows\System32\atidxx64.dll
2013-12-06 21:59:50 8406024 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-12-06 21:59:00 8287008 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-12-06 21:58:10 6630232 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-12-06 21:57:20 8927704 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-12-06 21:56:54 7751920 ----a-w- C:\Windows\System32\atiumd64.dll
2013-12-06 21:52:14 13207552 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-12-06 21:38:52 230912 ----a-w- C:\Windows\System32\clinfo.exe
2013-12-06 21:38:40 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2013-12-06 21:38:40 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2013-12-06 21:38:38 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2013-12-06 21:38:38 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2013-12-06 21:38:34 99840 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-12-06 21:38:28 83968 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-12-06 21:38:22 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-12-06 21:38:18 73728 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-12-06 21:37:58 29382144 ----a-w- C:\Windows\System32\amdocl64.dll
2013-12-06 21:35:36 24860160 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-12-06 21:33:28 63488 ----a-w- C:\Windows\System32\OpenCL.dll
2013-12-06 21:33:24 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-12-06 21:26:44 129536 ----a-w- C:\Windows\System32\coinst_13.251.dll
2013-12-06 21:16:40 26352128 ----a-w- C:\Windows\System32\atio6axx.dll
2013-12-06 21:13:02 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-12-06 21:12:52 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-12-06 21:12:50 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-12-06 21:12:42 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-12-06 21:12:40 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-12-06 21:12:26 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-12-06 21:09:18 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-12-06 20:58:50 22157824 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-12-06 20:53:18 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-12-06 20:53:10 31232 ----a-w- C:\Windows\System32\atimuixx.dll
2013-12-06 20:53:04 588288 ----a-w- C:\Windows\System32\atieclxx.exe
2013-12-06 20:52:10 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-12-06 20:50:36 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2013-12-06 20:22:42 1144320 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-12-06 20:22:28 825344 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-12-06 20:22:12 74752 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-12-06 20:22:08 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-12-06 20:22:08 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2013-12-06 20:22:04 100352 ----a-w- C:\Windows\System32\atig6txx.dll
2013-12-06 20:21:54 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2013-12-06 20:21:44 626176 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2013-12-06 20:18:12 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-25 09:48:36 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
.
============= FINISH: 12:30:05.59 ===============
 


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:54 AM

Posted 21 February 2014 - 12:51 PM



Hello gringojosh

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringojosh

gringojosh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 21 February 2014 - 05:10 PM

Hi, thanks for responding. Here are the logs. I followed the advice of another MRT member in the "I've been infected..." forum before I saw your response. I think the removal programs have pretty much got it off the PC.

 

# AdwCleaner v3.019 - Report created 21/02/2014 at 16:56:32
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Morris - MORRIS-PC
# Running from : C:\Users\Morris\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16798
 
 
-\\ Google Chrome v33.0.1750.117
 
[ File : C:\Users\Morris\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
 
*************************
 
AdwCleaner[R0].txt - [1141 octets] - [21/02/2014 12:55:37]
AdwCleaner[R1].txt - [945 octets] - [21/02/2014 16:54:08]
AdwCleaner[S0].txt - [1062 octets] - [21/02/2014 12:56:56]
AdwCleaner[S1].txt - [833 octets] - [21/02/2014 16:56:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [892 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x64
Ran by Morris on Fri 02/21/2014 at 17:03:35.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/21/2014 at 17:08:38.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:54 AM

Posted 21 February 2014 - 09:06 PM


Hello gringojosh

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:54 AM

Posted 27 February 2014 - 08:50 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringojosh

gringojosh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 27 February 2014 - 02:13 PM

Hi,

I am not at the computer but will try running Combo fix remotely.

Many thanks,

Josh

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:54 AM

Posted 28 February 2014 - 07:45 AM

I will check on you later and just so you know - combofix will stop the internet connection while it is running


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:54 AM

Posted 03 March 2014 - 07:20 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:54 AM

Posted 06 March 2014 - 08:42 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:54 AM

Posted 09 March 2014 - 01:44 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users