Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Down! Virtumonde/vundo/winfixer Beaten? But Connection Is Gone.


  • Please log in to reply
2 replies to this topic

#1 SlyBleep

SlyBleep

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 26 January 2008 - 09:54 PM

Here's my HiJack log (renamed EXE to Tester)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45, on 2008-01-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Dr. Orrrr\Desktop\tester.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 2232 bytes



Here's my Combofix log


ComboFix 08-01-23.1C - Dr. Orrrr 2008-01-26 21:33:43.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.272 [GMT -5:00]
Running from: C:\Documents and Settings\Dr. Orrrr\Desktop\blue.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-26 21:26 . 2008-01-14 19:33 211 --a------ C:\Boot.bak
2008-01-26 21:25 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-01-21 01:37 . 2007-01-18 07:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-01-20 15:24 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-20 14:14 . 2008-01-24 13:00 2,184 --a------ C:\WINDOWS\system32\wpa.dbl
2008-01-20 13:00 . 2008-01-20 13:10 <DIR> d-------- C:\Program Files\Startup Manager
2008-01-19 08:34 . 2008-01-19 08:34 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-19 08:32 . 2008-01-19 08:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-18 16:58 . 2008-01-18 16:58 <DIR> d-------- C:\Program Files\Avira
2008-01-18 10:58 . 2008-01-20 19:48 497 --a------ C:\WINDOWS\wininit.ini
2008-01-15 07:56 . 2008-01-20 20:33 <DIR> d-------- C:\Program Files\Safer Networking
2008-01-14 22:13 . 2008-01-14 22:13 <DIR> d-------- C:\New Folder
2008-01-14 19:35 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-14 19:35 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-14 19:35 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-14 19:35 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-14 19:35 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-13 22:09 . 2008-01-20 13:20 <DIR> d-------- C:\VundoFix Backups
2008-01-12 21:39 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-01-12 21:38 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-01-12 21:37 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-01-12 21:36 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-01-12 21:35 . 2002-08-29 07:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-01-12 21:34 . 2002-08-29 07:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-01-12 21:33 . 2002-08-29 07:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-01-12 21:32 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-01-12 21:31 . 2002-08-29 07:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-01-12 21:30 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-01-12 21:29 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-01-12 21:28 . 2002-08-29 07:00 94,720 --a--c--- C:\WINDOWS\system32\dllcache\certmap.ocx
2008-01-12 21:02 . 2008-01-12 21:02 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-12 19:16 . 2008-01-12 19:16 180 --a------ C:\Cannot find server.url
2008-01-06 12:03 . 2008-01-06 12:03 0 --a------ C:\WINDOWS\TPTray .INI
2008-01-01 22:08 . 2008-01-01 22:08 0 --a------ C:\WINDOWS\CeEKey .INI
2008-01-01 15:03 . 2008-01-01 15:03 0 --a------ C:\WINDOWS\CePMTray .INI
2008-01-01 00:32 . 2008-01-01 15:04 <DIR> d--hs---- C:\WINDOWS\RHIuIE9ydWNp
2008-01-01 00:31 . 2008-01-01 15:00 <DIR> d-------- C:\WINDOWS\system32\mr9
2008-01-01 00:31 . 2008-01-01 15:00 <DIR> d-------- C:\WINDOWS\system32\ardCo18
2008-01-01 00:31 . 2008-01-01 15:00 <DIR> d-------- C:\WINDOWS\system32\aj2
2008-01-01 00:31 . 2008-01-19 07:33 <DIR> d-------- C:\Temp
2007-12-29 16:01 . 2007-12-29 16:01 <DIR> d-------- C:\Program Files\Western Digital Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 22:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 07:08 --------- d-----w C:\Program Files\TOSHIBA
2008-01-21 02:23 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-20 17:41 --------- d-----w C:\Program Files\iTunes
2008-01-20 17:32 --------- d-----w C:\Program Files\Apoint2K
2008-01-19 12:34 --------- d-----w C:\Program Files\Plaxo
2008-01-19 12:23 --------- d-----w C:\Program Files\SpywareBlaster
2008-01-19 11:50 --------- d-----w C:\Program Files\HP Wireless Keyboard
2008-01-08 06:47 --------- d-----w C:\Program Files\LimeWire
2008-01-01 19:10 246 ----a-w C:\Program Files\Common Files\xuna
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-03 22:59 --------- d-----w C:\Program Files\NCH Swift Sound
2007-11-29 03:56 --------- d-----w C:\Program Files\Foxit Software
2007-11-29 03:51 --------- d-----w C:\Program Files\pdf995
2007-11-29 03:42 51,716 ----a-w C:\WINDOWS\system32\pdf995mon.dll
2007-11-29 03:42 249,856 ----a-w C:\WINDOWS\system32\pdfmona.dll
2007-11-28 21:39 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-22 03:07 2,243,840 ----a-w C:\FoxitReader22_setup.exe
2007-11-19 21:58 30,613,864 ----a-w C:\WINDOWS\aolback.exe
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-08-17 01:27 20,256,064 ----a-w C:\Program Files\QuickTimeInstaller.exe
2004-02-05 07:06 8,798,260 ----a-w C:\Program Files\Winword.exe
2003-03-02 20:29 1,325,068 ----a-w C:\Program Files\Motorola Handset USB_Driver.exe
.
<pre>
----a-w		   249,896 2008-01-19 12:11:00  C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt .exe
----a-w			49,152 2008-01-14 02:16:34  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w		   638,976 2008-01-07 18:21:41  C:\Program Files\TOSHIBA\E-KEY\CeEKey .exe
----a-w		 1,318,912 2008-01-19 11:33:53  C:\RECYCLER\S-1-5-21-1895053199-1668974390-1947432749-1004\Dc1\SUPERAntiSpyware .exe
----a-w		   159,744 2008-01-02 18:50:03  C:\TOSHIBA\Ivp\ISM\pinger .exe
</pre>


((((((((((((((((((((((((((((( snapshot@2008-01-19_ 7.17.20.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-15 01:03:38 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-27 02:22:35 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-15 01:03:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-27 02:22:35 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-15 01:03:38 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-27 02:22:35 6,238,208 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-15 01:03:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-27 02:22:35 184,320 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-15 01:03:38 1,056,768 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-27 02:22:36 1,425,408 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-15 01:03:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-27 02:22:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-19 13:35:12 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2008-01-19 13:35:12 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2008-01-19 13:35:12 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2008-01-19 13:35:12 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
+ 2007-01-31 13:33:46 5,632 ----a-w C:\WINDOWS\system32\drivers\avgarkt.sys
+ 2007-07-11 18:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 17:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 17:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-19 07:42 249896]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
C:\Program Files\AOL 9.1\AOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2008-01-15 08:44 42032 C:\Program Files\Common Files\AOL\1170554815\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--a------ 2003-01-22 16:54 184320 C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-08-01 01:08 4804608 C:\WINDOWS\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-08-01 01:08 323584 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-10 23:37 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-13 01:18 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Updater Servc]
C:\WINDOWS\System32\xpuupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-02-24 11:57 2506752 C:\Program Files\Yahoo!\Messenger\ypager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"C-DillaSrv"=2 (0x2)
"CeEPwrSvc"=2 (0x2)
"AOL ACS"=2 (0x2)
"gusvc"=3 (0x3)
"PackethSvc"=2 (0x2)
"DomainService"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DDC"=C:\WINDOWS\system32\hxmjpmmk.exe
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector
"PlaxoUpdate"=C:\Program Files\Plaxo\2.13.1.2\PlaxoHelper.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"047eb105"=rundll32.exe "C:\WINDOWS\system32\kauscxry.dll",b
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe
"BtcMaestro"="C:\Program Files\HP Wireless Keyboard\KMaestro.exe"
"CeEPOWER"=C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
"CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
"HostManager"=C:\Program Files\Common Files\AOL\1170554815\ee\AOLSoftware.exe
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
"Pinger"=c:\toshiba\ivp\ism\pinger.exe /run
"TPNF"=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

R3 pciSd;pciSd;C:\WINDOWS\system32\DRIVERS\tossdpci.sys [2003-02-12 11:03]
R3 tsdhd;TOSHIBA SD Card Host Controller Driver;C:\WINDOWS\system32\DRIVERS\tsdhd.sys [2003-05-14 19:38]
S3 C-Dilla;C-Dilla;C:\WINDOWS\System32\drivers\CDANT.SYS [2001-09-10 19:09]
S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 13:53]
S4 PackethSvc;Virtual NIC Service;C:\WINDOWS\system32\PackethSvc.exe [2000-12-07 16:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48b9678f-ae55-11db-a9ef-00038a000011}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4a5d9fc-6c45-11db-a9cc-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 19:47:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 21:38:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-26 21:39:45
ComboFix-quarantined-files.txt 2008-01-27 02:39:20
ComboFix2.txt 2008-01-20 20:36:42
ComboFix3.txt 2008-01-19 12:17:56
ComboFix4.txt 2008-01-18 20:56:40
.
2008-01-26 22:10:24 --- E O F ---



I have of course already tried the basic REPAIR function. I have also tried uninstalling the WiFi card, and the LAN devices. I have also used WinsockFix repair tools. None worked.

BC AdBot (Login to Remove)

 


#2 SlyBleep

SlyBleep
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 26 January 2008 - 10:58 PM

Oh, and the connection works for about 2 seconds after a "Repair". It loads for a little bit and then it doesn't work anymore. (maybe 261 packets?)

I also noticed that that it shows an "Internet Gateway" when the connection first starts up.

I tried Firefox and IE.

#3 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:12:05 AM

Posted 09 February 2008 - 05:19 AM

Hello SlyBleep and welcome to BleepingComputer!

Apollogies for the delay. The forum has been very busy lately. Running ComboFix without guided help is not suggested as you can seriously harm your pc if you use this tool incorrectly.

If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log.

Thanks,

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users