Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

www_getwindowinfo virus


  • This topic is locked This topic is locked
9 replies to this topic

#1 searls03

searls03

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 03 May 2014 - 11:47 PM

Sorry, this is a duplicate post, but I am new here and when I read the rules I missed the point of how topics are qued until I went back and read them again.  I had posted a couple replies (to myself, not others) making it look like someone was helping me.  someone may remove my old post if you wish.  I would like to go with this one.  Hope there are no hard feelings.  I just want to make sure I have a good chance of being helped.  thanks for understanding :)  OK, now onto my issue.

 

 

 

 

 

HELP!  I can't seem to get the http://www_getwindowinfo virus off my computer.  I have followed many guides on the internet and nothing seems to be working!  as soon as I close it from task manager, it opens back up.  I also can't seem to find any programs, files, or registry entries that are associated with it.  Any body have any help they can give me?  It would be much appreciated

 
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16428
Run by test at 13:15:29 on 2014-05-03
#Option MBR scan  is disabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2013.527 [GMT -5:00]
.
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Program Files\iSafe\iSafeSvc.exe
C:\Program Files\iSafe\iSafeSvc2.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\lxbccoms.exe
C:\Windows\system32\lxcycoms.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Flash Update\winclient32.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iSafe\iSafeTray.exe
C:\Program Files\Internet Explorer\IExplore.exe
C:\Program Files\Internet Explorer\IExplore.exe
C:\Program Files\iSafe\dup.exe
C:\Program Files\iSafe\dup.exe
C:\Program Files\iSafe\dup.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = google.com
uSearch Bar = Preserve
uDefault_Page_URL = google.com
mStart Page = google.com
mDefault_Page_URL = google.com
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [RegWork] c:\program files\regwork\RegWork.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Autodesk Sync] c:\program files\autodesk\autodesk sync\AdSync.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Windows Client Manager] c:\program files\flash update\winclient32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe -logon
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{F3799656-A2C8-4A0E-8F22-B54DCFEC5638} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.131\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2014-3-27 150296]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2014-3-27 238872]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2014-3-31 108312]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2014-3-27 28440]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2014-3-27 123160]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2013-9-26 47928]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2014-4-18 199960]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-3-27 22296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2014-3-27 193304]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-3-31 211224]
R1 iSafeKrnlKit;iSafeKrnl Kit Driver;c:\program files\isafe\iSafeKrnlKit.sys [2014-5-2 59392]
R1 iSafeNetFilter;iSafeNetFilter;c:\program files\isafe\iSafeNetFilter.sys [2014-5-2 42496]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-12-4 81920]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2012-1-31 19232]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-3-27 291912]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
R2 iSafeService;iSafeService;c:\program files\isafe\iSafeSvc.exe [2014-5-2 118056]
R2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe -service --> c:\windows\system32\lxbccoms.exe -service [?]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-4-7 1809720]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-5-1 1738200]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-5-1 2081752]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-5-1 171928]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2013-6-26 523944]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2014-1-9 770432]
R3 iSafeKrnl;iSafeKrnl;c:\program files\isafe\iSafeKrnl.sys [2014-5-2 202240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-4-7 23256]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2013-6-26 583848]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2013-6-26 197800]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2013-6-26 24232]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2013-6-26 20136]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2013-6-26 207528]
S2 avgfws;AVG Firewall;c:\program files\avg\avg2014\avgfws.exe [2014-4-3 1473280]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-4-18 3645456]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-4-7 857912]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-9 1025352]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2014-1-7 15384]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2012-6-22 19984]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-5-2 108032]
S3 iSafeKrnlBoot;iSafeKrnl Boot Driver;c:\windows\system32\drivers\iSafeKrnlBoot.sys [2014-5-2 38912]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-4-7 51416]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-4-4 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-3-19 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-10 1343400]
.
=============== Created Last 30 ================
.
2014-05-03 11:22:32 0 ----a-w- c:\windows\system32\sho7E64.tmp
2014-05-03 00:03:06 -------- d-----w- c:\users\test\appdata\roaming\eCyber
2014-05-03 00:01:49 38912 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys
2014-05-03 00:00:54 -------- d-----w- c:\program files\iSafe
2014-05-03 00:00:48 -------- d-----w- c:\users\test\appdata\roaming\iSafe
2014-05-02 02:19:26 -------- d-----w- C:\SUPERDelete
2014-05-02 02:17:42 -------- d-----w- c:\users\test\appdata\roaming\SUPERAntiSpyware.com
2014-05-02 02:17:32 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-05-02 02:17:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-05-02 02:09:00 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-05-02 02:08:59 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-05-02 02:08:54 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-05-02 01:29:04 110080 ----a-r- c:\users\test\appdata\roaming\microsoft\installer\{455f074c-814e-4520-b69b-5584bd90400c}\IconF7A21AF7.exe
2014-05-02 01:29:04 110080 ----a-r- c:\users\test\appdata\roaming\microsoft\installer\{455f074c-814e-4520-b69b-5584bd90400c}\IconD7F16134.exe
2014-05-02 01:29:04 110080 ----a-r- c:\users\test\appdata\roaming\microsoft\installer\{455f074c-814e-4520-b69b-5584bd90400c}\IconCF33A0CE.exe
2014-05-02 01:29:03 -------- d-----w- C:\sh4ldr
2014-05-01 19:52:19 -------- d-----w- c:\users\test\appdata\local\ElevatedDiagnostics
2014-04-30 19:19:51 -------- d-----w- C:\mount
2014-04-26 20:10:54 -------- d-----w- c:\users\test\appdata\local\Diagnostics
2014-04-26 20:05:24 -------- d-----w- c:\users\test\appdata\local\MFAData
2014-04-26 19:39:24 -------- d-----w- c:\users\test\appdata\local\Adobe
2014-04-26 03:32:17 -------- d-sh--w- c:\users\test\appdata\local\EmieUserList
2014-04-26 03:32:17 -------- d-sh--w- c:\users\test\appdata\local\EmieSiteList
2014-04-23 08:04:30 215552 ----a-w- c:\program files\internet explorer\DiagnosticsHub.ScriptedSandboxPlugin.dll
2014-04-18 20:02:04 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-04-10 02:35:26 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-10 02:35:25 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-10 02:35:25 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-10 02:35:24 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-10 02:35:09 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-07 18:58:06 -------- d-----w- c:\users\test\appdata\roaming\HpUpdate
2014-04-07 14:58:33 -------- d-----w- c:\users\test\appdata\local\Apple
2014-04-07 14:55:32 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-07 14:55:03 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-07 14:55:03 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-07 14:55:03 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-07 14:55:02 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-07 14:54:41 -------- d-----w- c:\users\test\appdata\local\Programs
2014-04-07 12:44:34 -------- d-sh--w- C:\found.001
2014-04-07 02:45:45 -------- d-----w- c:\program files\Enigma Software Group
2014-04-07 02:44:51 -------- d-----w- c:\windows\455F074C814E4520B69B5584BD90400C.TMP
2014-04-07 02:44:49 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2014-04-05 04:12:16 -------- d-----w- c:\program files\Flash Update
2014-04-04 01:36:23 -------- d-----w- c:\users\test\appdata\local\CrashDumps
2014-04-04 00:34:59 -------- d-----w- c:\users\test\appdata\local\Google
2014-04-04 00:34:27 -------- d-----w- c:\users\test\Tracing
2014-04-04 00:34:04 -------- d-----w- c:\users\test\appdata\local\Autodesk
.
==================== Find3M  ====================
.
2014-04-28 21:30:57 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-28 21:30:57 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-31 21:11:58 211224 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-03-28 03:15:18 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-03-28 03:14:40 123160 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-03-28 03:04:22 150296 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-03-28 03:04:02 238872 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-03-28 03:03:22 28440 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-03-28 03:03:20 22296 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-02-07 01:07:56 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04:22 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- c:\windows\system32\qedit.dll
.
============= FINISH: 13:18:23.37 ===============

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:35 PM

Posted 04 May 2014 - 05:58 AM



Hello searls03

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 searls03

searls03
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 04 May 2014 - 11:47 AM

Now internet explorer continues to open after I close it, like before, but now it keeps popping up saying internet explorer has stopped working, then when I click close program, it opens back up and gives the same error again.  here are the logs.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x86
Ran by test on Sun 05/04/2014 at 11:41:00.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] isafekrnl 
Successfully deleted: [Service] isafekrnl 
 
 
 
~~~ Registry Values
 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\isafe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{806CE4DC-FA99-4500-B7D4-5138CFEA68A7}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\Tasks\regwork.job
Successfully deleted: [File] "C:\Users\Public\Desktop\play more great games!.url"
Successfully deleted: [File] C:\Windows\system32\sho3C02.tmp
Successfully deleted: [File] C:\Windows\system32\sho3E9.tmp
Successfully deleted: [File] C:\Windows\system32\sho6608.tmp
Successfully deleted: [File] C:\Windows\system32\sho7E64.tmp
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\regwork"
Successfully deleted: [Folder] "C:\Program Files\isafe"
Successfully deleted: [Folder] "C:\Program Files\regwork"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/04/2014 at 11:44:12.18
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
 
 
# AdwCleaner v3.206 - Report created 04/05/2014 at 11:34:08
# Updated 04/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : test - STEWARTS-PC
# Running from : C:\Users\test\Desktop\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : iSafeKrnl
Service Deleted : iSafeNetFilter
[#] Service Deleted : iSafeService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\FileCure
[!] Folder Deleted : C:\Program Files\iSafe
Folder Deleted : C:\Users\test\AppData\Local\Temp\FileCure
Folder Deleted : C:\Users\test\AppData\Roaming\eCyber
Folder Deleted : C:\Users\test\AppData\Roaming\iSafe
File Deleted : C:\Users\Stewart Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Stewart Kids\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBE21107-1F08-427D-B3DB-2158D763A94C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\Software\iSafe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
 
-\\ Google Chrome v34.0.1847.131
 
[ File : C:\Users\Mom & Dad\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof
 
[ File : C:\Users\Stewart Kids\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
[ File : C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R1].txt - [4379 octets] - [04/05/2014 11:32:55]
AdwCleaner[S0].txt - [2429 octets] - [04/05/2014 11:34:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2489 octets] ##########
 


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:35 PM

Posted 04 May 2014 - 01:23 PM


Hello searls03

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 searls03

searls03
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 04 May 2014 - 02:14 PM

it seems IE has quit opening....for now.  here are the log reports

 

ComboFix 14-04-30.01 - test 05/04/2014  13:45:44.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2013.1013 [GMT -5:00]
Running from: c:\users\test\Desktop\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL186F.tmp
c:\programdata\SPL1D61.tmp
c:\programdata\SPL2CBB.tmp
c:\programdata\SPL2D8A.tmp
c:\programdata\SPL4A67.tmp
c:\programdata\SPL55FB.tmp
c:\programdata\SPL60D4.tmp
c:\programdata\SPL6872.tmp
c:\programdata\SPL6D.tmp
c:\programdata\SPL7416.tmp
c:\programdata\SPL8B8C.tmp
c:\programdata\SPL8E12.tmp
c:\programdata\SPLB74D.tmp
c:\programdata\SPLE780.tmp
c:\programdata\SPLF6D7.tmp
c:\programdata\SPLFAF7.tmp
c:\users\Mom & Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0F930C2F-23B6-4F61-91A2-E72390FEACFB}.xps
c:\users\Mom & Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{189002FC-9882-48BA-B8CC-B287815FDBB9}.xps
c:\users\Mom & Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{27848CA4-5A9B-41D3-9800-CDFAAB85178A}.xps
c:\users\Mom & Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{350EF67D-76DA-4DD2-8A32-D0957A6BB67E}.xps
c:\users\Mom & Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3C2EED78-8B68-47F9-A83A-D7F23E9AF477}.xps
c:\users\Mom & Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{51305E9D-3F9B-4885-8B4B-8DB83C0213DD}.xps
c:\users\Mom & Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9A267A9A-F2D9-4354-B365-D96D2EC42FD9}.xps
c:\users\Stewart Kids\AppData\Roaming\Smart Engine
c:\users\Stewart Kids\AppData\Roaming\Smart Engine\Instructions.ini
c:\users\Stewarts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Jotzey_iels
c:\users\Stewarts\Desktop\Internet Explorer.lnk
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\272512937d9e61a4__exp__1396044225
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\28bc8f716fd76a47__exp__1396044224
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\2cf12b4814e28bf1.fb
c:\windows\system32\Cache\2cf12b4814e28bf1__exp__1372895059
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\32c84fe32bb74d60__exp__1396044225
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\39255c517e2be1f7.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\590ba23ce359fd0c__exp__1396044225
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1__exp__1396044224
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0__exp__1396044225
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\6d03dad1035885d3__exp__1396044227
c:\windows\system32\Cache\935ee77178548e84.fb
c:\windows\system32\Cache\935ee77178548e84__exp__1372895059
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\ad10a52aff5e038d__exp__1396044224
c:\windows\system32\Cache\b2b1945c0dcd0b54.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c1fa887b03019701__exp__1396044226
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\c4d28dca2e7648be__exp__1396044224
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d201ef9910cd39de__exp__1396044224
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\d80066fbc1c5cd24.fb
c:\windows\system32\Cache\f1c1e28944ad3b36.fb
c:\windows\system32\Cache\f1c1e28944ad3b36__exp__1396044223
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Cache\f998975c9cc711ee__exp__1396044226
c:\windows\system32\tmp32C4.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-04 to 2014-05-04  )))))))))))))))))))))))))))))))
.
.
2014-05-04 19:04 . 2014-05-04 19:04 -------- d-----w- c:\users\Stewarts\AppData\Local\temp
2014-05-04 19:04 . 2014-05-04 19:04 -------- d-----w- c:\users\Mom & Dad\AppData\Local\temp
2014-05-04 19:03 . 2014-05-04 19:10 -------- d-----w- c:\users\test\AppData\Local\temp
2014-05-04 19:03 . 2014-05-04 19:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-04 19:03 . 2014-05-04 19:03 -------- d-----w- c:\users\Stewart Kids\AppData\Local\temp
2014-05-04 16:38 . 2014-05-04 16:38 -------- d-----w- c:\windows\ERUNT
2014-05-04 16:33 . 2010-08-30 13:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-04 16:32 . 2014-05-04 16:34 -------- d-----w- C:\AdwCleaner
2014-05-04 02:35 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-05-04 02:35 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-03 18:25 . 2014-05-03 18:27 -------- d-----w- C:\FRST
2014-05-03 00:01 . 2014-04-23 10:20 38912 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys
2014-05-02 02:19 . 2014-05-02 08:19 -------- d-----w- C:\SUPERDelete
2014-05-02 02:17 . 2014-05-02 02:17 -------- d-----w- c:\users\test\AppData\Roaming\SUPERAntiSpyware.com
2014-05-02 02:17 . 2014-05-02 02:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-05-02 02:17 . 2014-05-02 02:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-05-02 02:08 . 2014-05-04 18:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-05-02 02:08 . 2014-05-04 18:41 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-05-02 01:29 . 2014-05-02 01:29 110080 ----a-r- c:\users\test\AppData\Roaming\Microsoft\Installer\{455F074C-814E-4520-B69B-5584BD90400C}\IconF7A21AF7.exe
2014-05-02 01:29 . 2014-05-02 01:29 110080 ----a-r- c:\users\test\AppData\Roaming\Microsoft\Installer\{455F074C-814E-4520-B69B-5584BD90400C}\IconD7F16134.exe
2014-05-02 01:29 . 2014-05-02 01:29 110080 ----a-r- c:\users\test\AppData\Roaming\Microsoft\Installer\{455F074C-814E-4520-B69B-5584BD90400C}\IconCF33A0CE.exe
2014-05-02 01:29 . 2014-05-02 01:29 -------- d-----w- C:\sh4ldr
2014-05-01 19:52 . 2014-05-01 19:52 -------- d-----w- c:\users\test\AppData\Local\ElevatedDiagnostics
2014-05-01 03:20 . 2014-05-01 03:21 -------- d-----w- c:\users\kids 2
2014-04-30 19:19 . 2014-04-30 19:19 -------- d-----w- C:\mount
2014-04-26 20:10 . 2014-05-01 20:14 -------- d-----w- c:\users\test\AppData\Local\Diagnostics
2014-04-26 20:05 . 2014-04-26 20:05 -------- d-----w- c:\users\test\AppData\Local\MFAData
2014-04-26 19:39 . 2014-04-26 19:41 -------- d-----w- c:\users\test\AppData\Local\Adobe
2014-04-26 03:32 . 2014-04-26 03:32 -------- d-sh--w- c:\users\test\AppData\Local\EmieUserList
2014-04-26 03:32 . 2014-04-26 03:32 -------- d-sh--w- c:\users\test\AppData\Local\EmieSiteList
2014-04-25 02:34 . 2014-04-25 02:34 -------- d-----w- c:\users\Stewart Kids\AppData\Roaming\CBS Interactive
2014-04-25 02:15 . 2014-04-25 02:15 -------- d-sh--w- c:\users\Mom & Dad\AppData\Local\EmieUserList
2014-04-25 02:15 . 2014-04-25 02:15 -------- d-sh--w- c:\users\Mom & Dad\AppData\Local\EmieSiteList
2014-04-24 00:59 . 2014-04-25 02:18 -------- d-sh--w- c:\users\Stewart Kids\AppData\Local\EmieSiteList
2014-04-24 00:59 . 2014-04-24 00:59 -------- d-sh--w- c:\users\Stewart Kids\AppData\Local\EmieUserList
2014-04-23 08:04 . 2014-03-06 07:16 215552 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub.ScriptedSandboxPlugin.dll
2014-04-18 20:02 . 2014-04-18 20:02 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-04-10 02:35 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-10 02:35 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-10 02:35 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-10 02:35 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-10 02:35 . 2014-01-24 02:18 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-07 18:58 . 2014-04-07 18:58 -------- d-----w- c:\users\test\AppData\Roaming\HpUpdate
2014-04-07 14:58 . 2014-04-07 14:58 -------- d-----w- c:\users\test\AppData\Local\Apple
2014-04-07 14:55 . 2014-05-04 19:00 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-07 14:55 . 2014-04-03 14:51 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-07 14:55 . 2014-04-03 14:51 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-07 14:55 . 2014-04-03 14:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-07 14:55 . 2014-04-07 14:55 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-04-07 14:54 . 2014-04-07 14:54 -------- d-----w- c:\users\test\AppData\Local\Programs
2014-04-07 12:44 . 2014-04-07 12:44 -------- d-----w- C:\found.001
2014-04-07 02:45 . 2014-04-07 02:45 -------- d-----w- c:\program files\Enigma Software Group
2014-04-07 02:44 . 2014-05-02 01:29 -------- d-----w- c:\windows\455F074C814E4520B69B5584BD90400C.TMP
2014-04-07 02:44 . 2014-04-07 02:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2014-04-05 04:12 . 2014-04-05 04:12 -------- d-----w- c:\users\Stewart Kids\AppData\Local\Programs
2014-04-05 04:12 . 2014-04-05 04:12 -------- d-----w- c:\program files\Flash Update
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-28 21:30 . 2012-04-02 00:34 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-28 21:30 . 2011-06-28 03:13 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-31 21:11 . 2014-03-31 21:11 211224 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-03-31 21:11 . 2014-03-31 21:11 108312 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-03-28 03:15 . 2014-03-28 03:15 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-03-28 03:14 . 2014-03-28 03:14 123160 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-03-28 03:04 . 2014-03-28 03:04 150296 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-03-28 03:04 . 2014-03-28 03:04 238872 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-03-28 03:03 . 2014-03-28 03:03 28440 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-03-28 03:03 . 2014-03-28 03:03 22296 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-02-07 01:07 . 2014-03-12 17:25 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:04 . 2014-03-12 17:25 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-12 17:27 509440 ----a-w- c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-23 7514656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-01-07 140520]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 383424]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Windows Client Manager"="c:\program files\Flash Update\winclient32.exe" [2014-03-18 639488]
.
c:\users\Stewarts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Download App.lnk - c:\users\Stewart Kids\AppData\Roaming\CBS Interactive\Download App\CBSI.AppStore.Main.exe /HIDEWINDOW [2014-3-5 1505928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 07:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI]
2014-04-07 02:21 5180432 ----a-w- c:\program files\AVG\AVG2014\avgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-02-12 01:26 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-02-12 01:26 137752 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 07:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCYCATS]
2006-11-21 19:27 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcytime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2014-01-06 21:37 5625624 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
R1 iSafeKrnlKit;iSafeKrnl Kit Driver;c:\program files\iSafe\iSafeKrnlKit.sys [x]
R1 iSafeNetFilter;iSafeNetFilter;c:\program files\iSafe\iSafeNetFilter.sys [x]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2014\avgfws.exe [2014-04-04 1473280]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2014-04-18 3645456]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-04-03 857912]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2014-01-07 15384]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2012-06-22 19984]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 iSafeKrnlBoot;iSafeKrnl Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys [2014-04-23 38912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-04-03 51416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-10 1343400]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-03-28 150296]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-03-28 238872]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-03-28 28440]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-03-28 123160]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2013-09-26 47928]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-04-18 199960]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-03-28 22296]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-03-28 193304]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-03-31 211224]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-10-10 120088]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2014-03-28 291912]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
S2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe [2007-03-16 537520]
S2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe [2006-11-29 537520]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-04-03 1809720]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2013-06-27 523944]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2013-03-25 65200]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-04-03 23256]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2013-06-27 583848]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2013-06-27 197800]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2013-06-27 24232]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2013-06-27 20136]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-27 207528]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-29 22:17 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-07-14 01:14 126464 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 21:30]
.
2014-05-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3419123820-99313462-1774278572-1004Core.job
- c:\users\Mom & Dad\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-28 22:08]
.
2014-05-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3419123820-99313462-1774278572-1004UA.job
- c:\users\Mom & Dad\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-28 22:08]
.
2014-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-12 03:29]
.
2014-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-12 03:29]
.
2014-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3419123820-99313462-1774278572-1003Core.job
- c:\users\Stewart Kids\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-14 17:01]
.
2014-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3419123820-99313462-1774278572-1003UA.job
- c:\users\Stewart Kids\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-14 17:01]
.
2014-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3419123820-99313462-1774278572-1004Core.job
- c:\users\Mom & Dad\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-14 03:03]
.
2014-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3419123820-99313462-1774278572-1004UA.job
- c:\users\Mom & Dad\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-14 03:03]
.
2014-05-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 66cc2caa-5e63-4b51-a657-072785ca7761.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2014-05-03 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e462fc20-bf99-4ddf-bef3-c5b94ac4be8b.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
------- Supplementary Scan -------
.
uStart Page = google.com
mStart Page = google.com
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe -logon
MSConfigStartUp-EzPrint - c:\program files\Lexmark 3400 Series\ezprint.exe
MSConfigStartUp-lxcymon - c:\program files\Lexmark 3400 Series\lxcymon.exe
MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
AddRemove-RegWork - c:\program files\RegWork\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-04  14:11:25
ComboFix-quarantined-files.txt  2014-05-04 19:11
.
Pre-Run: 41,401,970,688 bytes free
Post-Run: 48,572,448,768 bytes free
.
- - End Of File - - 2B9FE93BAE29AA4ADC4B769AC06BB219
CDB4DE4BBD714F152979DA2DCBEF57EB


#6 searls03

searls03
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:35 PM

Posted 04 May 2014 - 02:22 PM

and it's back to opening again



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:35 PM

Posted 05 May 2014 - 07:01 AM


Hello searls03

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\iSafe

File::
c:\windows\system32\drivers\iSafeKrnlBoot.sys

Driver::
iSafeKrnlKit;
iSafeNetFilter
iSafeKrnlBoot
 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:35 PM

Posted 13 May 2014 - 07:50 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:35 PM

Posted 16 May 2014 - 06:35 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:35 PM

Posted 22 May 2014 - 07:39 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users