Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

tricky poweliks infection possibly, ie 32bit not working,can't run malware tools


  • This topic is locked This topic is locked
9 replies to this topic

#1 mike1214

mike1214

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 12 January 2015 - 10:20 PM

Hello. I have been trying to run several different malware tools on my machine with no success. There seems to be issues with my ie8 32bit. It does not want to connect to any web pages. I have no issues with ie8 64bit. I am running on windows 7 64bit. I also have no issues with firefox. However, i am experiencing a very slow web browser. I also receive a powershell service error upon start up. I have tried running several malware tools after doing some research, but most did not work. I tried using the poweliks cleaner by ESET in both safe mode and normal, but it won't start. I was also told earlier to run RKILL and MBAR, but again both fail to run both in safe and normal mode. Sometimes, i click and they appear like they are going to start, but then nothing happens. I was able to run cc cleaner and adwcleaner with no issues, but problems continue. Other programs i tried were JRT and tdsskiller, but can't get these to run either. The last tool i tried was DDS, but it only gave me the attach log (tried safe mode and normal). Any help would be grateful.

Attached Files



BC AdBot (Login to Remove)

 


#2 Bud_91

Bud_91

  • Malware Response Team
  • 438 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 13 January 2015 - 10:35 AM

Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Let's see if FRST will run. If not, we can use the Recovery Environment.

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If I have not responded to your log in 36 hours, feel free to send me a PM.

If you would like to make a thank-you donation, please click here: btn_donate_SM.png

 

A.K.A. Buddierdl @ GeeksToGo.com


#3 mike1214

mike1214
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 13 January 2015 - 07:36 PM

Hi Bud. Thank you for your time. I was able to run FRST in normail mode in windows 7. Below is the FRST log and I have also attached the addition file.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by Owner (administrator) on MININT-ISO07G7 on 13-01-2015 19:27:01
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723112 2011-03-16] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6561384 2010-12-14] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4500640 2011-03-10] (Dell Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [540056 2012-08-08] (Lavasoft)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [103936 2013-06-26] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2346008 2013-10-01] (Sony Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-10-16] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [{631b2f32-44e9-cbb9-035c-fb9ed1c84346}] => C:\ProgramData\Microsoft\{631b2f32-44e9-cbb9-035c-fb9ed1c84346}\{631b2f32-44e9-cbb9-035c-fb9ed1c84346}.exe [269354 2015-01-04] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software\Avast <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer\Run: [{631b2f32-44e9-cbb9-035c-fb9ed1c84346}] => C:\ProgramData\Microsoft\{631b2f32-44e9-cbb9-035c-fb9ed1c84346}\{631b2f32-44e9-cbb9-035c-fb9ed1c84346}.exe [269354 2015-01-04] ( ())
HKU\S-1-5-21-3622887873-254533244-2871853687-1002\...\Run: [MovaLeqqu] => regsvr32.exe "C:\ProgramData\MovaLeqqu\FajelUnuzd.qnf"
HKU\S-1-5-21-3622887873-254533244-2871853687-1002\...\Run: [Udmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Owner\AppData\Local\YbcPack\BinComms.dll
HKU\S-1-5-21-3622887873-254533244-2871853687-1002\...\Run: [Ektion] => regsvr32.exe C:\Users\Owner\AppData\Local\Ektion\BthDev3xx.dll <===== ATTENTION
HKU\S-1-5-21-3622887873-254533244-2871853687-1002\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION
HKU\S-1-5-21-3622887873-254533244-2871853687-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-18\...0c966feabec1\InprocServer32: [Default-shell32] C:\Windows\system32\config\systemprofile\AppData\Local\{f5a933a4-7206-b209-6a11-dece8575d4b0}\n. ATTENTION! ====> ZeroAccess/Alureon?
HKU\S-1-5-18\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-18\$f5a933a47206b2096a11dece8575d4b0\n. ATTENTION! ====> ZeroAccess?
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
ShortcutTarget: WD Quick View.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
HKLM\...\AppCertDlls: [vavkif] -> C:\ProgramData\vavkif.dat
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.dell.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3622887873-254533244-2871853687-1002 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3622887873-254533244-2871853687-1002 -> {7477857C-BE55-441C-8C67-34907763D40E} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKU\S-1-5-21-3622887873-254533244-2871853687-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-3622887873-254533244-2871853687-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://gassl9.vpn.att.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {55963676-2F5E-4BAF-AC28-CF26AA587566} https://gassl10.vpn.att.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {9EF2BA47-C6A7-470D-9DD9-4323B0CB8353} http://65.34.140.86:88/WebClient.exe
DPF: HKLM-x32 {A5A5E1FF-FFEF-3FEF-B592-C6D194F4383F} https://gassl9.vpn.att.com/CACHE/sdesktop/install/binaries/instweb.cab
DPF: HKLM-x32 {CC679CB8-DC4B-458B-B817-D447B3B6AC31} https://gassl9.vpn.att.com/CACHE/stc/2/binaries/vpnweb.cab
DPF: HKLM-x32 {F8FC1530-0608-11DF-2008-0800200C9A66} https://gassl10.vpn.att.com/CACHE/sdesktop/install/binaries/instweb.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5g848j11.default
FF SelectedSearchEngine: Yahoo!
FF Homepage: www.google.com
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=903578&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_32 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-13]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U32) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [901184 2010-12-14] (Intel Corporation) [File not signed]
S3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-12-14] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [974912 2010-12-14] (Intel Corporation) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7391232 2013-06-26] (LeapFrog Enterprises, Inc.) [File not signed]
S2 NvUpdSrv; C:\Program Files (x86)\NVIDIA Corporation\Updates\NvdUpd.exe [159744 2015-01-05] () [File not signed]
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-10-01] (Sony Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [311296 2011-08-01] (WDC) [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-01] ()
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2012-09-28] (LeapFrog)
S3 PTHDRBUS; C:\Windows\System32\DRIVERS\PTHDRBUS.sys [69264 2009-12-15] (DEVGURU Co., LTD.)
S3 PTHDRMDM; C:\Windows\System32\DRIVERS\PTHDRMDM.sys [176912 2009-12-15] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTHDRVSP; C:\Windows\System32\DRIVERS\PTHDRVSP.sys [176912 2009-12-15] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
S3 BS685459432; \??\C:\Users\Owner\AppData\Local\Temp\NTFS.sys [X]
S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 19:27 - 2015-01-13 19:27 - 00019977 _____ () C:\Users\Owner\Desktop\FRST.txt
2015-01-13 19:26 - 2015-01-13 19:27 - 00000000 ____D () C:\FRST
2015-01-13 19:26 - 2015-01-13 19:26 - 02124288 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-01-13 19:14 - 2015-01-13 19:14 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2015-01-12 21:59 - 2015-01-12 22:04 - 00003265 _____ () C:\Users\Owner\Desktop\attach.txt
2015-01-12 21:57 - 2015-01-12 21:57 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
2015-01-12 21:53 - 2015-01-12 21:53 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-01-11 21:47 - 2015-01-11 21:47 - 02747488 _____ (Symantec Corporation) C:\Users\Owner\Desktop\FixPoweliks64.exe
2015-01-11 21:43 - 2015-01-11 21:43 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Owner\Desktop\mbar-1.08.2.1001.exe
2015-01-11 21:38 - 2015-01-11 21:38 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe
2015-01-11 21:37 - 2015-01-11 21:37 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-11 21:37 - 2015-01-11 21:37 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2015-01-11 21:32 - 2015-01-11 21:32 - 00534608 _____ (InstallX, LLC) C:\Users\Owner\Desktop\7zip_14243_ST_CI_2.exe
2015-01-11 18:00 - 2015-01-11 18:00 - 00000310 _____ () C:\Windows\PFRO.log
2015-01-11 17:58 - 2015-01-11 17:58 - 00000000 ____D () C:\Users\Owner\Downloads\tdsskiller
2015-01-11 17:57 - 2015-01-11 17:57 - 00034493 _____ () C:\Users\Owner\Downloads\Result.txt
2015-01-11 17:56 - 2015-01-11 17:56 - 04166770 _____ () C:\Users\Owner\Downloads\tdsskiller.zip
2015-01-11 17:55 - 2015-01-11 17:55 - 00401920 _____ (Farbar) C:\Users\Owner\Downloads\MiniToolBox.exe
2015-01-11 16:56 - 2015-01-11 17:00 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-11 16:56 - 2015-01-11 16:56 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-11 16:56 - 2015-01-11 16:56 - 00001385 _____ () C:\Users\Owner\Downloads\Spybot-S&D Start Center.lnk
2015-01-11 16:56 - 2015-01-11 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-11 16:56 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-01-11 16:54 - 2015-01-11 16:54 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Owner\Downloads\spybot-2.4.exe
2015-01-11 16:49 - 2015-01-11 16:49 - 00272576 _____ () C:\Windows\Minidump\011115-9016-01.dmp
2015-01-11 16:48 - 2015-01-11 16:49 - 374233284 _____ () C:\Windows\MEMORY.DMP
2015-01-11 16:48 - 2015-01-11 16:48 - 00262144 _____ () C:\Windows\Minidump\011115-14274-01.dmp
2015-01-11 16:39 - 2015-01-13 19:13 - 00000392 _____ () C:\Windows\setupact.log
2015-01-11 16:39 - 2015-01-11 16:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-11 16:20 - 2015-01-11 18:00 - 00000000 ____D () C:\AdwCleaner
2015-01-11 16:20 - 2015-01-11 16:20 - 00000000 ____D () C:\Windows\ERUNT
2015-01-11 16:19 - 2015-01-11 16:19 - 02191360 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2015-01-11 16:18 - 2015-01-11 16:18 - 01707939 _____ (Thisisu) C:\Users\Owner\Downloads\JRT.exe
2015-01-11 15:58 - 2015-01-11 15:58 - 00186568 _____ (ESET) C:\Users\Owner\Downloads\ESETPoweliksCleaner.exe
2015-01-11 15:55 - 2015-01-11 15:56 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-11 15:43 - 2015-01-11 15:43 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\iExplore.exe
2015-01-11 15:39 - 2015-01-11 15:39 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller.exe
2015-01-11 15:07 - 2015-01-11 15:07 - 00015496 _____ () C:\Users\Owner\Documents\cc_20150111_150731.reg
2015-01-10 22:13 - 2015-01-10 22:13 - 00001449 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-10 22:13 - 2015-01-10 22:13 - 00001375 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-01-10 15:43 - 2015-01-10 15:43 - 00000000 ____D () C:\Users\Owner\AppData\Local\Ektion
2015-01-10 15:39 - 2015-01-10 16:27 - 00000248 _____ () C:\Windows\SysWOW64\0-G
2015-01-10 15:39 - 2015-01-10 15:40 - 00000000 ____D () C:\Users\Owner\AppData\Local\YbcPack
2015-01-07 16:33 - 2015-01-12 21:48 - 01348460 _____ () C:\Windows\system32\CFG685459432
2015-01-06 01:15 - 2015-01-06 01:15 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-01-04 14:38 - 2015-01-04 14:38 - 00000000 ____D () C:\ProgramData\MovaLeqqu
2014-12-31 07:25 - 2014-12-31 07:32 - 00000000 ____D () C:\Users\Owner\Desktop\New folder (4)
2014-12-22 15:25 - 2014-12-22 15:25 - 00000000 ____D () C:\Users\Owner\Documents\Fax
2014-12-15 20:30 - 2014-12-15 20:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-15 09:26 - 2014-12-15 09:34 - 00000000 ____D () C:\Users\Owner\Desktop\New folder (3)
2014-12-15 09:21 - 2014-12-15 17:41 - 00000000 ____D () C:\Users\Owner\Desktop\12-11-14 Yoli Visit

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 19:21 - 2009-07-14 00:13 - 00744416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-13 19:21 - 2009-07-13 23:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-13 19:21 - 2009-07-13 23:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 19:14 - 2012-11-18 14:25 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2015-01-13 19:13 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-11 17:27 - 2012-08-14 18:59 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-11 16:51 - 2012-08-14 18:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2015-01-11 16:49 - 2012-08-17 19:43 - 00000000 ____D () C:\Windows\Minidump
2015-01-11 15:37 - 2011-08-05 08:03 - 00000000 ____D () C:\ProgramData\Sonic
2015-01-11 15:06 - 2011-08-05 10:28 - 00000000 ____D () C:\Windows\Panther
2015-01-10 15:42 - 2012-05-05 08:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SoftGrid Client
2015-01-09 19:45 - 2012-03-18 22:09 - 00002042 ____H () C:\Users\Owner\Documents\Default.rdp
2015-01-09 18:10 - 2009-07-14 00:08 - 00032646 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-07 16:08 - 2013-12-13 21:08 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-04 15:13 - 2012-02-10 12:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-12-29 15:55 - 2014-05-10 19:27 - 00000000 ____D () C:\Users\Owner\Desktop\New folder
2014-12-22 15:10 - 2014-09-06 08:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
2014-12-22 07:26 - 2013-01-21 11:49 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-12-19 14:34 - 2014-03-22 10:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-15 21:03 - 2012-12-23 00:12 - 00006144 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-14 14:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF

ZeroAccess:
C:\Windows\Installer\{f5a933a4-7206-b209-6a11-dece8575d4b0}
C:\Windows\Installer\{f5a933a4-7206-b209-6a11-dece8575d4b0}\@
C:\Windows\Installer\{f5a933a4-7206-b209-6a11-dece8575d4b0}\L\00000004.@
C:\Windows\Installer\{f5a933a4-7206-b209-6a11-dece8575d4b0}\L\201d3dde

ZeroAccess:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{f5a933a4-7206-b209-6a11-dece8575d4b0}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{f5a933a4-7206-b209-6a11-dece8575d4b0}\@

Files to move or delete:
====================
C:\ProgramData\a27hbe.pff
C:\ProgramData\amqh7t28z.odd
C:\ProgramData\rjlftlj64.fee
C:\ProgramData\rjlftlj64.odd
C:\ProgramData\rjlftlj64.reg
C:\Users\Owner\jqs.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-04 17:39

==================== End Of Log ============================

Attached Files



#4 Bud_91

Bud_91

  • Malware Response Team
  • 438 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 14 January 2015 - 06:59 PM

Hi,

Your computer is quite severely infected, so I wanted to give you this warning before we start:

Note: You have a backdoor infection.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of its backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. There is no way for us to know exactly what the malware has done to your machine to give itself access, nor how it may have damaged critical files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. Many experts in the security community believe that once infected with this type of trojan, the best and safest course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

That being said, I can still help you clean out the malware as best as I can without going that route (though there is no guarantee that it will work right or be totally safe after disinfection), so if you decide that you don't want to do a format and reinstall of Windows, then please let me know and we will continue.

If I have not responded to your log in 36 hours, feel free to send me a PM.

If you would like to make a thank-you donation, please click here: btn_donate_SM.png

 

A.K.A. Buddierdl @ GeeksToGo.com


#5 mike1214

mike1214
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 14 January 2015 - 08:19 PM

Hi Bud. For the meantime, i would like to attempt to clean out the malware. I have read the warning you posted and understand the consequences. Just out of curiosity, what details lead you to determine there is backdoor infection with the system?



#6 Bud_91

Bud_91

  • Malware Response Team
  • 438 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 15 January 2015 - 09:53 AM

Hi Bud. For the meantime, i would like to attempt to clean out the malware. I have read the warning you posted and understand the consequences. Just out of curiosity, what details lead you to determine there is backdoor infection with the system?


I mainly gave the warning because you have the ZeroAccess trojan. But you also have another infection with random names, as well as Poweliks, which is a downloader. The main thing here is if you use the computer for online banking or other sensitive transactions, you should change your online passwords from a clean computer. Also, you should keep an eye on your bank accounts.

Since poweliks will download other malware, I would recommend you keep this computer turned off or at least disconnected from the internet (except to download tools) while we clean it. I have heard of some crypto ransomeware coming through poweliks, and we definitely don't want that.

I will prepare a fix for you.

If I have not responded to your log in 36 hours, feel free to send me a PM.

If you would like to make a thank-you donation, please click here: btn_donate_SM.png

 

A.K.A. Buddierdl @ GeeksToGo.com


#7 Bud_91

Bud_91

  • Malware Response Team
  • 438 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 15 January 2015 - 10:43 AM

Please don't miss my other reply above this one.

Let's get started.

Please download the attached fixlist.txt to your desktop. Then run FRST again and select "Fix" this time. Post the resulting fixlog.txt. Attached File  fixlist.txt   3.39KB   10 downloads

Now, see if you can download and run TDSSKiller. Please download a new version, even if you already have the program on your computer.

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
common_viruses_5350_0113-187993.png
  • Then click on Change parameters in TDSSKiller.
  • Another window will appear.
  • Check all boxes, except Loaded Modules then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Edited by Bud_91, 15 January 2015 - 10:44 AM.

If I have not responded to your log in 36 hours, feel free to send me a PM.

If you would like to make a thank-you donation, please click here: btn_donate_SM.png

 

A.K.A. Buddierdl @ GeeksToGo.com


#8 mike1214

mike1214
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:01 AM

Posted 19 January 2015 - 09:29 PM

Hi bud. I was able to run first again no problem. Still can't run Tdskiller. I decided I am going to do a fresh install of windows. I backed up my files. I did notice some of my folders on my desktop got infected with crptowall3.0. Anyway, two questions. Can some of these files infect other folders on another clean PC? Any insight before I wipe my PC assuming I want to get these files back.

#9 Bud_91

Bud_91

  • Malware Response Team
  • 438 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 20 January 2015 - 10:28 AM

Probably a good idea. Powelinks probably downloaded the CryptoWall. It will encrypt all of your personal files, so if it is running you want to stop it ASAP. The help guide for CryptoWall here should give you any information you need. It will encrypt any files on your computer as well as network shares that have been assigned a drive letter. You can download a tool that will list the encrypted files on your computer from the link in the help guide above.

Don't backup any executables files and you should be fine. Just backup pictures, documents, movies, etc. Watch out for zip/rar files that may contain executables.

Please feel free to ask any questions. If you need more specific help, just ask.

If I have not responded to your log in 36 hours, feel free to send me a PM.

If you would like to make a thank-you donation, please click here: btn_donate_SM.png

 

A.K.A. Buddierdl @ GeeksToGo.com


#10 Bud_91

Bud_91

  • Malware Response Team
  • 438 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:01 AM

Posted 29 January 2015 - 10:26 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

If I have not responded to your log in 36 hours, feel free to send me a PM.

If you would like to make a thank-you donation, please click here: btn_donate_SM.png

 

A.K.A. Buddierdl @ GeeksToGo.com





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users