Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


cannot establish connection - EXP/CVE-2008-5353.BX exploit

  • This topic is locked This topic is locked
2 replies to this topic

#1 bigbluetundra


  • Members
  • 1 posts
  • Local time:01:48 PM

Posted 17 December 2010 - 02:55 PM

Hello, I decided to do a full system scan with Avira and a virus was found EXP/CVE-2008-5353.BX exploit. After scanning, I quarrantined the file and thought nothing more about it. To my suprise, I can't connect to the internet now and I think the virus has something to do with it. I also have a laptop and wireless router and the laptop will not connect wirelessly either. I have to plug my network cable directly into the laptop to get a connection. No other issues, just will not connect.

So I read about how to get rid of this issue and I've tried suggestions from others who have had the same virus but nothing has helped. I downloaded Malwarebytes and it found two Trojan.Agents and a Malware.Trace. Thought that would fix the issue, but still- nothing! My computer works fine other than it will not connect to the internet and I'm going through withdrawls! : ) I have attached the log files from DDS and gmer in hopes that you can help me out. Thank you for your help!



DDS (Ver_10-12-12.02) - NTFSx86
Run by Neil at 10:48:23.90 on Fri 12/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1584 [GMT -5:00]

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\MSI\DigiCell\DigiCell.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Gadwin PrintScreen] c:\program files\gadwin systems\printscreen\PrintScreen.exe /nosplash
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\corece~1.lnk - c:\program files\msi\core center\CoreCenter.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digicell.lnk - c:\program files\msi\digicell\DigiCell.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\neil\applic~1\mozilla\firefox\profiles\a60ssr23.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.startskins.com/6591603965/
FF - plugin: c:\documents and settings\neil\application data\mozilla\firefox\profiles\a60ssr23.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Adobe DLM (powered by getPlus®): {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - %profile%\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
FF - Ext: Coupon Manager: {0C7E3F01-99E9-4095-9BDC-F84724960B57} - %profile%\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-26 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-10-12 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-26 108289]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-26 56816]
R3 DigiCellDriver;DigiCellDriver;c:\program files\msi\digicell\NTGLM7X.sys [2006-6-7 28672]
R3 PCAlertDriver;PCAlertDriver;c:\program files\msi\core center\NTGLM7X.sys [2008-4-24 28160]
R3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-26 185089]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;c:\windows\system\regsrv.exe --> c:\windows\system\regsrv.exe [?]
S2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-1-15 204800]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-5-11 12672]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-17 05:36:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-17 04:40:39 -------- d-----w- c:\documents and settings\neil\DoctorWeb
2010-12-17 04:38:00 -------- d-----w- C:\Rooter$
2010-12-17 04:23:27 98816 ----a-w- c:\windows\sed.exe
2010-12-17 04:23:27 77312 ----a-w- c:\windows\MBR.exe
2010-12-17 04:23:27 267264 ----a-w- c:\windows\PEV.exe
2010-12-17 04:23:27 161792 ----a-w- c:\windows\SWREG.exe
2010-12-17 03:26:55 -------- d-----w- c:\docume~1\neil\applic~1\Malwarebytes
2010-12-17 03:26:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-17 03:26:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-17 03:26:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-17 03:26:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-17 02:21:23 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-17 02:21:23 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-17 02:19:04 -------- d-----w- c:\docume~1\neil\locals~1\applic~1\AskToolbar
2010-12-15 12:41:56 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 12:41:18 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-08 23:03:32 -------- d-----w- c:\docume~1\neil\locals~1\applic~1\Geckofx
2010-12-08 23:02:35 -------- d-----w- c:\program files\AviSynth 2.5
2010-11-18 18:12:44 81920 -c----w- c:\windows\system32\dllcache\isign32.dll

==================== Find3M ====================

2010-12-17 05:36:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd(2).dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2004-10-01 20:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe

============= FINISH: 10:48:56.93 ===============


GMER - http://www.gmer.net
Rootkit scan 2010-12-17 14:15:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 WDC_WD2500KS-00MJB0 rev.02.01C03
Running: gmer.exe; Driver: C:\DOCUME~1\Neil\LOCALS~1\Temp\kxloqpod.sys

---- System - GMER 1.0.15 ----

SSDT B86BC2C6 ZwCreateKey
SSDT B86BC2BC ZwCreateThread
SSDT B86BC2CB ZwDeleteKey
SSDT B86BC2D5 ZwDeleteValueKey
SSDT splw.sys ZwEnumerateKey [0xB7EC6CA2]
SSDT splw.sys ZwEnumerateValueKey [0xB7EC7030]
SSDT splw.sys ZwOpenKey [0xB7EA80C0]
SSDT B86BC2A8 ZwOpenProcess
SSDT B86BC2AD ZwOpenThread
SSDT splw.sys ZwQueryKey [0xB7EC7108]
SSDT splw.sys ZwQueryValueKey [0xB7EC6F88]
SSDT B86BC2E4 ZwReplaceKey
SSDT B86BC2DF ZwRestoreKey
SSDT B86BC2D0 ZwSetValueKey
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB4157620]

INT 0x63 ? 8A3E7F00
INT 0x73 ? 8A562BF8
INT 0x73 ? 8A562BF8
INT 0x73 ? 8A562BF8
INT 0x83 ? 8A562BF8
INT 0x83 ? 8A562BF8
INT 0x83 ? 8A562BF8
INT 0xB4 ? 8A3E7F00

---- Kernel code sections - GMER 1.0.15 ----

? splw.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B756D8AC 5 Bytes JMP 8A3E74E0
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB691B360, 0x3D46A5, 0xE8000020]
.text akzoi3jp.SYS B66D8386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text akzoi3jp.SYS B66D83AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text akzoi3jp.SYS B66D83C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text akzoi3jp.SYS B66D83C9 1 Byte [2E]
.text akzoi3jp.SYS B66D83C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
? C:\DOCUME~1\Neil\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A5611F8
Device \FileSystem\Fastfat \FatCdrom 8A2AF1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D12B6E2A-A7A1-4E0E-8275-E3C30832D021} 8A24B500
Device \Driver\usbohci \Device\USBPDO-0 8A3EA500
Device \Driver\usbehci \Device\USBPDO-1 8A3D7500
Device \Driver\sptd \Device\3764131876 splw.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A5D31F8
Device \Driver\Cdrom \Device\CdRom0 8A3AB1F8
Device \Driver\atapi \Device\Ide\IdePort0 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8A3AB1F8
Device \Driver\usbstor \Device\00000081 8A249500
Device \Driver\usbstor \Device\00000082 8A249500
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A24B500
Device \Driver\NetBT \Device\NetbiosSmb 8A24B500
Device \Driver\PCI_PNP0626 \Device\0000004c splw.sys
Device \Driver\usbohci \Device\USBFDO-0 8A3EA500
Device \Driver\usbehci \Device\USBFDO-1 8A3D7500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 898681F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 898681F8
Device \Driver\Ftdisk \Device\FtControl 8A5D31F8
Device \Driver\akzoi3jp \Device\Scsi\akzoi3jp1 8A2811F8
Device \Driver\akzoi3jp \Device\Scsi\akzoi3jp1Port6Path0Target0Lun0 8A2811F8
Device \FileSystem\Fastfat \Fat 8A2AF1F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 895DD500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE2 0x88 0x67 0xB1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFC 0x97 0x2E 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF8 0x4B 0xAC 0x9E ...

---- EOF - GMER 1.0.15 ----

Attached Files

BC AdBot (Login to Remove)


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • Gender:Female
  • Local time:09:48 PM

Posted 27 December 2010 - 02:24 PM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro

If I haven't replied in 48 hours, please feel free to send me a PM.

Posted Image

#3 thcbytes


  • Malware Response Team
  • 14,790 posts
  • Gender:Male
  • Local time:01:48 PM

Posted 05 January 2011 - 05:26 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users