Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Multiple problems - browser redirect, trojans

  • This topic is locked This topic is locked
2 replies to this topic

#1 bclown90


  • Members
  • 7 posts
  • Local time:03:19 AM

Posted 07 June 2010 - 12:02 AM

Hello, I've found some very useful information on this site that's helped me solve many of my problems before, but I've never gotten to the point where I couldn't find a solution in a previously solved issue, so I'm hoping that someone can help me out with this one.

First off, I'm using Windows Vista, SP2. My computer was infected a few days ago. I realized pretty quickly when Spybot asked me to confirm registry changes by a series of random letters. I didn't let any of them occur, but some other things were definitely installed.

The first problem that I've been having is a browser redirect. Almost any time I click a link from Google, Yahoo, Bing, Lycos etc, I am redirected to an ad for something. The only way I can get to sites is by typing their address in the address bar, or by saving the link as a bookmark then reaching it through the bookmark menu. I'm using Firefox 3.6.3 by the way.

I went to the connection options in Firefox, and made sure that Firefox is not connecting through a proxy server. I ran Malwarebytes and found 3 infections, a trojan and two others, and removed and restarted, but it did fix the browser redirect issue. About a day later, Antispyware Soft showed up in my taskbar, and after running Malwarebytes and having nothing show up, I restarted into safe mode and ran it from there. It found the Antispyware Soft rogue malware, as well as two trojans, which I removed. However, the browser redirect still has not been fixed. In addition, whenever I restart my computer, I receive an error that says that says that "Host Process for Windows Services has stopped working".

On another note, not sure if this is a direct attempt by the virus or just a side effect, whenever I type in a search string in the windows start menu, my explorer.exe process stops working. Even after ending the process in task manager and restarting it, it reappears in task manager, but the task bar does not come back. Sometimes after a long period of time, it will start working again, but this is rare.

These problems have been getting steadily worse over the past few days, and my computer has slowed to a crawl, even when I have killed all non-essential tasks through task manager. I've run MalwareBytes AntiMalware several times over the past several days, and it has identified and quarantined several problems, including a Trojan.Downloader (file), two Trojan.Fraudpack (registry key), two Rogue.AntivirusSuite (registry key), a Trojan.Dropper.Gen (file), a Trojan.Agent.U (Registry Value), and a Trojan.Agent.U (file).

I'm obtaining a HijackThis log right now and will post it in the proper place if anyone needs to look at it. The DDS logs are attached. I was able to run GMER, but was never able to have it totally finish without crashing. The ark log that I was able to save from the longest running GMER scan is also attached. Oh, and ran DeFogger to disable Disk Emulators.

Thanks in advance for anything that you might be able to help with.


GMER - http://www.gmer.net
Rootkit scan 2010-06-06 22:46:15
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\bayed\AppData\Local\Temp\axldqpow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0xC67811CC]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0xC6781206]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0xC678151A]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0xC67813F6]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0xC6781292]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0xC678118E]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0xC678164E]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0xC6781316]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0xC678134E]

INT 0x51 ? BAE297D0
INT 0x52 ? B71102D0
INT 0x62 ? B7110050
INT 0x72 ? B7110550
INT 0x81 ? BAE29A50
INT 0x82 ? B98097D0
INT 0x91 ? BAE29CD0
INT 0x92 ? B71107D0
INT 0xA2 ? B9809A50
INT 0xB0 ? B97E8A50
INT 0xB1 ? B7110CD0
INT 0xB2 ? B7110A50

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 191 E28E58F4 4 Bytes [CC, 11, 78, C6] {INT 3 ; ADC [EAX-0x3a], EDI}
.text ntkrnlpa.exe!KeSetEvent + 221 E28E5984 4 Bytes [06, 12, 78, C6] {PUSH ES; ADC BH, [EAX-0x3a]}
.text ntkrnlpa.exe!KeSetEvent + 3F1 E28E5B54 4 Bytes [1A, 15, 78, C6]
.text ntkrnlpa.exe!KeSetEvent + 40D E28E5B70 4 Bytes [F6, 13, 78, C6] {NOT BYTE [EBX]; JS 0xffffffffffffffca}
.text ntkrnlpa.exe!KeSetEvent + 431 E28E5B94 4 Bytes [92, 12, 78, C6] {XCHG EDX, EAX; ADC BH, [EAX-0x3a]}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[392] ntdll.dll!NtProtectVirtualMemory 773F4D34 5 Bytes JMP 0082000A
.text C:\Windows\Explorer.EXE[392] ntdll.dll!NtWriteVirtualMemory 773F5674 5 Bytes JMP 0083000A
.text C:\Windows\Explorer.EXE[392] ntdll.dll!KiUserExceptionDispatcher 773F5DC8 5 Bytes JMP 0081000A
.text C:\Packages\MozillaFirefox\firefox.exe[5144] ntdll.dll!NtProtectVirtualMemory 773F4D34 5 Bytes JMP 008E000A
.text C:\Packages\MozillaFirefox\firefox.exe[5144] ntdll.dll!NtWriteVirtualMemory 773F5674 5 Bytes JMP 008F000A
.text C:\Packages\MozillaFirefox\firefox.exe[5144] ntdll.dll!KiUserExceptionDispatcher 773F5DC8 5 Bytes JMP 008D000A
.text C:\Windows\explorer.exe[5576] ntdll.dll!NtProtectVirtualMemory 773F4D34 5 Bytes JMP 0036000A
.text C:\Windows\explorer.exe[5576] ntdll.dll!NtWriteVirtualMemory 773F5674 5 Bytes JMP 0083000A
.text C:\Windows\explorer.exe[5576] ntdll.dll!KiUserExceptionDispatcher 773F5DC8 5 Bytes JMP 0035000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp pxrts.sys (Prevx Realtime Security/Prevx)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1dcb4ac
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1dcb4ac@001a75783961 0x5A 0x05 0xE6 0x66 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1dcb4ac@0021d134d4eb 0xA2 0xE6 0x7B 0xC7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1dcb4ac@0022980b7780 0x3B 0x5E 0xEA 0x1D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1dcb4ac@001b98dba488 0x59 0xF8 0xEB 0xE3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x23 0xE0 0xDC 0x42 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x00 0xF8 0x2F 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8A 0xBE 0xEF 0x65 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x83 0x1D 0xAC 0x3A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAA 0x7B 0x0C 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0x25 0xF9 0xF1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE6 0x25 0xF9 0xF1 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001fe1dcb4ac (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001fe1dcb4ac@001a75783961 0x5A 0x05 0xE6 0x66 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001fe1dcb4ac@0021d134d4eb 0xA2 0xE6 0x7B 0xC7 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001fe1dcb4ac@0022980b7780 0x3B 0x5E 0xEA 0x1D ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001fe1dcb4ac@001b98dba488 0x59 0xF8 0xEB 0xE3 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x23 0xE0 0xDC 0x42 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x00 0xF8 0x2F 0xF2 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8A 0xBE 0xEF 0x65 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x83 0x1D 0xAC 0x3A ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xAA 0x7B 0x0C 0x5F ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0x25 0xF9 0xF1 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE6 0x25 0xF9 0xF1 ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- Files - GMER 1.0.15 ----

File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\07F95DFEd01 20928 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\D263859Ed01 18575 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\6C934428d01 135628 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\6E72786Bd01 21982 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\7576EB69d01 45867 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\AEABCCCEd01 105408 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\49B70B96d01 41179 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\4B8F1252d01 51032 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\F6D7DF00d01 41438 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\FA1FCE39d01 21744 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\83F56D4Ed01 118853 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\80324EFFd01 43642 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\5A7CD159d01 56612 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\5BC5C33Ad01 16557 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\6201948Fd01 24552 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\6464AB75d01 23043 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\17B86AA8d01 17573 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\BBE5D80Bd01 25907 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\BC7C478Ed01 16790 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\901DF082d01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\990AB139d01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\E6638C7Ed01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\9D5878DEd01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\9FEDE01Ad01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\78E99D5Fd01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\0F6319E6d01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\1573AC11d01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\15D52BDDd01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\68655223d01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\53FE1B6Cd01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\5610C9F9d01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\5758DC94d01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\583273E8d01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\59CEA861d01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\89591829d01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\897B654Bd01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\286AA881d01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\293F3C14d01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\311E629Fd01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\C41782BBd01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\C7E4292Fd01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\E1C7D813d01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\B11AAEC5d01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\B219170Fd01 0 bytes
File C:\Users\bayed\AppData\Local\Mozilla\Firefox\Profiles\gxdhyveo.default\Cache\B70B37CCd01 0 bytes

Attached Files

BC AdBot (Login to Remove)


#2 pwgib


  • Malware Response Team
  • 2,958 posts
  • Gender:Male
  • Location:God's Country
  • Local time:03:19 AM

Posted 10 June 2010 - 06:13 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


#3 thcbytes


  • Malware Response Team
  • 14,790 posts
  • Gender:Male
  • Local time:04:19 AM

Posted 21 June 2010 - 10:27 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users