Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Results5.google.com


  • Please log in to reply
6 replies to this topic

#1 uareanoob

uareanoob

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 24 June 2010 - 04:50 PM

I believe I'm infected with malware because results5.google.com always appear when I google search anything. I followed the insturctiosn on this thread but it didn't get me anywhere can any one help me to remove this? Here is the TDSSKiller.txt log:

13:40:01:062 2216 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
13:40:01:062 2216 ================================================================================
13:40:01:062 2216 SystemInfo:

13:40:01:062 2216 OS Version: 5.1.2600 ServicePack: 2.0
13:40:01:062 2216 Product type: Workstation
13:40:01:062 2216 ComputerName: LastXP17
13:40:01:062 2216 UserName: Administrator
13:40:01:062 2216 Windows directory: C:\WINDOWS
13:40:01:062 2216 Processor architecture: Intel x86
13:40:01:062 2216 Number of processors: 2
13:40:01:062 2216 Page size: 0x1000
13:40:01:062 2216 Boot type: Normal boot
13:40:01:062 2216 ================================================================================
13:40:01:843 2216 Initialize success
13:40:01:843 2216
13:40:01:843 2216 Scanning Services ...
13:40:02:046 2216 Raw services enum returned 355 services
13:40:02:046 2216
13:40:02:046 2216 Scanning Drivers ...
13:40:02:843 2216 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:40:02:906 2216 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:40:02:984 2216 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
13:40:03:015 2216 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
13:40:03:250 2216 ALCXWDM (35045a23957a71ba649740741e69408c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
13:40:03:375 2216 Alpham (7a4aedb2d0c25ab8b95683c2944891c6) C:\WINDOWS\system32\DRIVERS\Alpham.sys
13:40:03:437 2216 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
13:40:03:546 2216 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
13:40:03:593 2216 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:40:03:640 2216 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:40:03:703 2216 ATI Remote Wonder II (368be3db3a6b9621df51216d323cda23) C:\WINDOWS\system32\drivers\ATIRWVD.SYS
13:40:03:781 2216 ATICXCAP (d6a47cb03443b7134a6db79323806a9f) C:\WINDOWS\system32\drivers\aticxcap.sys
13:40:03:796 2216 ATICXTUN (f2b71f004005d68278a29d9c30f51ae9) C:\WINDOWS\system32\drivers\aticxtun.sys
13:40:03:812 2216 ATICXXBR (75775820348ccfe8a16380af68c8e303) C:\WINDOWS\system32\drivers\aticxxbr.sys
13:40:03:828 2216 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:40:03:906 2216 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:40:03:921 2216 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:40:03:968 2216 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:40:04:062 2216 CCCP106 (77696f95fd093735eff58e0461af5ec5) C:\WINDOWS\system32\DRIVERS\cccp106.sys
13:40:04:093 2216 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:40:04:171 2216 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:40:04:265 2216 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
13:40:04:312 2216 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:40:04:406 2216 cmipci (8dd59b449e8939c05a7bbfe05f1d1e99) C:\WINDOWS\system32\drivers\cmipci.sys
13:40:04:578 2216 cmuda3 (e02e0ebbed23d6efbf1300d08d57d7aa) C:\WINDOWS\system32\drivers\cmuda3.sys
13:40:04:703 2216 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
13:40:04:765 2216 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
13:40:04:828 2216 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
13:40:04:890 2216 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:40:04:937 2216 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
13:40:04:984 2216 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
13:40:05:109 2216 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
13:40:05:140 2216 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:40:05:234 2216 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
13:40:05:390 2216 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:40:05:484 2216 FltMgr (6cc5181f718820861eeadae38f764b75) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:40:05:531 2216 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:40:05:593 2216 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:40:05:734 2216 GarenaPEngine (97590bdd20e90546045982f6ea24eb1e) C:\Windows\Temp\BSU6B.tmp
13:40:05:812 2216 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:40:05:890 2216 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
13:40:05:953 2216 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:40:06:078 2216 HTTP (909d110c9634b0f1487eaaea837317d9) C:\WINDOWS\system32\Drivers\HTTP.sys
13:40:06:156 2216 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:40:06:203 2216 Imapi (12c59b8929121ace2f55acc86682cf12) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:40:06:265 2216 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:40:06:312 2216 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:40:06:343 2216 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:40:06:390 2216 IpNat (472c75f85e631f8aa87d21c9fee6238d) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:40:06:406 2216 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:40:06:437 2216 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:40:06:515 2216 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:40:06:578 2216 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:40:06:593 2216 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:40:06:640 2216 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
13:40:06:671 2216 kmixer (8531438246ce9474e41ee1599904c0c7) C:\WINDOWS\system32\drivers\kmixer.sys
13:40:06:812 2216 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
13:40:06:968 2216 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:40:07:015 2216 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
13:40:07:078 2216 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:40:07:125 2216 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:40:07:156 2216 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
13:40:07:187 2216 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:40:07:234 2216 MRxSmb (83691c30b248034bdddb76b0d6593449) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:40:07:312 2216 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
13:40:07:343 2216 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:40:07:375 2216 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:40:07:421 2216 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
13:40:07:437 2216 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:40:07:468 2216 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
13:40:07:500 2216 Mup (79a9c030299e8cc04f18d0765155d902) C:\WINDOWS\system32\drivers\Mup.sys
13:40:07:531 2216 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:40:07:609 2216 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
13:40:07:656 2216 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:40:07:703 2216 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:40:07:718 2216 Ndisuio (77d9bf86b912104c229d4f0d25be3c12) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:40:07:750 2216 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:40:07:765 2216 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
13:40:07:781 2216 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:40:07:859 2216 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:40:07:984 2216 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
13:40:08:062 2216 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
13:40:08:109 2216 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
13:40:08:156 2216 Ntfs (7179ac3f4258aec9627590a842fda1d6) C:\WINDOWS\system32\drivers\Ntfs.sys
13:40:08:343 2216 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:40:08:703 2216 nv (4f15e1e56703f59c0ac00022162e5308) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:40:09:140 2216 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
13:40:09:187 2216 nvatabus (83f0275a21d9772b51cef57e35afae61) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
13:40:09:203 2216 nvcchflt (fb7213bc5279c1af5e4e9ca05d944f2c) C:\WINDOWS\system32\DRIVERS\nvcchflt.sys
13:40:09:250 2216 NVENETFD (468e839f0f7aff5c9baa4717b82cdd11) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
13:40:09:281 2216 nvnetbus (7a6444c5f0d53c7e6e7f500bc4c930f7) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13:40:09:328 2216 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:40:09:343 2216 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:40:09:390 2216 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
13:40:09:421 2216 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
13:40:09:437 2216 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:40:09:453 2216 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
13:40:09:500 2216 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
13:40:09:609 2216 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:40:09:843 2216 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:40:09:859 2216 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
13:40:09:890 2216 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:40:09:968 2216 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:40:10:187 2216 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:40:10:312 2216 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:40:10:343 2216 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:40:10:390 2216 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:40:10:468 2216 Rdbss (b48441a6dc703ee4c36db14ee51a189c) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:40:10:484 2216 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:40:10:562 2216 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:40:10:609 2216 RDPWD (047bea21274c8a4a233674a76c958c2c) C:\WINDOWS\system32\drivers\RDPWD.sys
13:40:10:656 2216 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:40:10:765 2216 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
13:40:10:843 2216 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
13:40:10:921 2216 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:40:10:937 2216 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:40:11:000 2216 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:40:11:062 2216 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:40:11:078 2216 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
13:40:11:125 2216 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:40:11:203 2216 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:40:11:234 2216 SndTAudio (dcd434af5366d5b130bea23d695edeb9) C:\WINDOWS\system32\drivers\SndTAudio.sys
13:40:11:296 2216 snpstd (a2e9caef31863cab5486267a65fe322c) C:\WINDOWS\system32\DRIVERS\snpstd.sys
13:40:11:437 2216 splitter (9bb1dd670cb7505a90fc4e61d4aa8227) C:\WINDOWS\system32\drivers\splitter.sys
13:40:11:531 2216 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
13:40:11:531 2216 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
13:40:11:562 2216 Sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
13:40:11:671 2216 Srv (5230953c21c811b5fc1ff31ae2b48097) C:\WINDOWS\system32\DRIVERS\srv.sys
13:40:11:734 2216 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:40:11:750 2216 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:40:11:781 2216 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
13:40:11:953 2216 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
13:40:12:015 2216 Tcpip (03738e4b4aae1dfdf246c36a6b9709d6) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:40:12:046 2216 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:40:12:125 2216 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
13:40:12:156 2216 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:40:12:203 2216 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
13:40:12:265 2216 Update (a4815a4884898f355a3513e60843a4fd) C:\WINDOWS\system32\DRIVERS\update.sys
13:40:12:375 2216 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
13:40:12:453 2216 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:40:12:500 2216 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
13:40:12:531 2216 usbehci (35e69410d5a2f1de386b37f4fc17aeb7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:40:12:578 2216 usbhub (db53e336c44cb0975d7dcb35bac0ecda) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:40:12:593 2216 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
13:40:12:609 2216 usbohci (981b6e325290ba318653f58bd7f217c2) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:40:12:671 2216 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:40:12:718 2216 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:40:12:781 2216 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:40:12:875 2216 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
13:40:12:921 2216 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
13:40:12:953 2216 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:40:13:015 2216 wdmaud (0bfa8203b8148fb4e54bc212c41ce497) C:\WINDOWS\system32\drivers\wdmaud.sys
13:40:13:109 2216 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:40:13:171 2216 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:40:13:218 2216 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:40:13:265 2216 WudfPf (1d720e8ada37ab927168d5a75726b80e) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:40:13:265 2216 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\WudfPf.sys. Real md5: 1d720e8ada37ab927168d5a75726b80e, Fake md5: f15feafffbb3644ccc80c5da584e6311
13:40:13:265 2216 File "C:\WINDOWS\system32\DRIVERS\WudfPf.sys" infected by TDSS rootkit ... 13:40:14:078 2216 Backup copy found, using it..
13:40:14:093 2216 will be cured on next reboot
13:40:14:203 2216 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:40:14:281 2216 XUIF (9bac86dcd67f9b791915d5824c79e51e) C:\WINDOWS\system32\Drivers\x10ufx2.sys
13:40:14:296 2216 Reboot required for cure complete..
13:40:14:390 2216 Cure on reboot scheduled successfully
13:40:14:390 2216
13:40:14:390 2216 Completed
13:40:14:390 2216
13:40:14:390 2216 Results:
13:40:14:390 2216 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
13:40:14:390 2216 File objects infected / cured / cured on reboot: 1 / 0 / 1
13:40:14:390 2216
13:40:14:390 2216 KLMD(ARK) unloaded successfully

And here is the MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4225

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/24/2010 2:48:34 PM
mbam-log-2010-06-24 (14-48-34).txt

Scan type: Full scan (C:\|)
Objects scanned: 198869
Time elapsed: 33 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 31
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 10
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4deaf90-a27e-4816-8b44-6edb0d91bcf8} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{a4deaf90-a27e-4816-8b44-6edb0d91bcf8} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a4deaf90-a27e-4816-8b44-6edb0d91bcf8} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4deaf90-a27e-4816-8b44-6edb0d91bcf8} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{12181d92-8b8c-4621-96fb-88adc792cd36} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{12181d92-8b8c-4621-96fb-88adc792cd36} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{12181d92-8b8c-4621-96fb-88adc792cd36} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12181d92-8b8c-4621-96fb-88adc792cd36} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ffreptwktz (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallWTF1012$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96d33085-4e30-31d0-f1a1-c79fcb9bdb5f} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{96d33085-4e30-31d0-f1a1-c79fcb9bdb5f} (Adware.Adrotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mchk (Adware.Adshot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\skb (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kyuhdkbi (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kyuhdkbi (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\$NtUninstallWTF1012$ (Adware.EZLife) -> Quarantined and deleted successfully.
C:\Users\Administrator\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\Administrator\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\LocalService\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\LocalService\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\Administrator\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\Administrator\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\LocalService\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\LocalService\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\yrbkv.exe (Adware.Adshot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lrbkv.dll (Adware.EZlife) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hrbkv.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ffreptwktz.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\paaud.exe (Adware.Adshot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\paauh.exe (Adware.Adshot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ymnnuczr.exe (Adware.Lifze) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\NSrcvr\skb_rcvr_1876.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\NSrcvr\sta_rcvr_1876.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\$NtUninstallWTF1012$\elUninstall.exe (Adware.EZLife) -> Quarantined and deleted successfully.
C:\Users\Administrator\Application Data\Sky-Banners\skb\log.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\LocalService\Application Data\Sky-Banners\skb\log.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\Administrator\Local Settings\Application Data\wvnkafilw\tswvylntssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\MSWD-e5df46ac.job (Trojan.DNSChanger) -> Quarantined and deleted successfully.



BC AdBot (Login to Remove)

 


#2 uareanoob

uareanoob
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 24 June 2010 - 08:11 PM

I'm new to these forums so I don't know if this is allowed. Bump

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:50 PM

Posted 24 June 2010 - 11:28 PM

Not allowed now you're banned!! :thumbsup:
Downside of multiple posts and bumps is when the staff go down the list they look for 0 replies first. Ysually psots with 2 or 3 replies mean someone is already helping. So it's not till we get the the 0's that we start in on the others.

You did have aTDDS infection here and cleaned it

C:\WINDOWS\system32\DRIVERS\WudfPf.sys


You had a lot more in mbam so let's do this next,

Please read and follow all these instructions.
  • Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe to run it.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware

, Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you

should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.



Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post Goored,SAS and MBAM logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 uareanoob

uareanoob
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 25 June 2010 - 01:45 AM

It appears that results5.google is still redirecting my google searches.
Thank you for your help. =]
It seems as though I can't access safe mode for SAS.
GooredFix:

GooredFix by jpshortstuff (08.01.10.1)
Log created at 23:42 on 24/06/2010 (Administrator)
Firefox version 3.5.10 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [04:58 14/07/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [18:27 15/07/2009]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [00:40 13/09/2009]

C:\Users\Administrator\Application Data\Mozilla\Firefox\Profiles\ivvdocke.default\extensions\
define@sogame.cat [20:42 14/03/2010]
dictionary@adarsh.tp [00:55 26/01/2010]
firebug@software.joehewitt.com [05:08 24/06/2010]
moveplayer@movenetworks.com [23:51 15/09/2009]
{6AC85730-7D0F-4de0-B3FA-21142DD85326} [04:31 04/05/2010]
{6e764c17-863a-450f-bdd0-6772bd5aaa18} [03:57 30/11/2009]
{888d99e7-e8b5-46a3-851e-1ec45da1e644} [05:43 05/05/2010]
{FBF6D7FB-F305-4445-BB3D-FEF66579A033} [20:42 14/03/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [05:24 03/09/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [18:26 15/07/2009]

-=E.O.F=-

SAS:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/25/2010 at 00:17 AM

Application Version : 4.39.1002

Core Rules Database Version : 5117
Trace Rules Database Version: 2929

Scan type : Complete Scan
Total Scan Time : 00:25:00

Memory items scanned : 480
Memory threats detected : 1
Registry items scanned : 8728
Registry threats detected : 0
File items scanned : 14710
File threats detected : 7

Trojan.Agent/Gen-Fraud[Injector]
C:\WINDOWS\MSV1_0.DLL
C:\WINDOWS\MSV1_0.DLL

Adware.Tracking Cookie
C:\Users\Administrator\Cookies\administrator@at.atwola[1].txt
C:\Users\Administrator\Cookies\administrator@atwola[1].txt
C:\Users\Administrator\Cookies\administrator@cdn.at.atwola[1].txt
C:\Users\Administrator\Cookies\administrator@advertising[2].txt
C:\Users\Administrator\Cookies\administrator@ar.atwola[1].txt
C:\Users\Administrator\Cookies\administrator@tacoda[2].txt


MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4237

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/25/2010 1:18:03 AM
mbam-log-2010-06-25 (01-18-03).txt

Scan type: Full scan (C:\|)
Objects scanned: 202015
Time elapsed: 42 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{524081e4-04e8-b04c-55df-fdf909bb0bf9} (Trojan.PWS) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Administrator\Application Data\Oxvig\uwfac.exe (Trojan.PWS) -> Quarantined and deleted successfully.


Edited by uareanoob, 25 June 2010 - 03:22 AM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:50 PM

Posted 25 June 2010 - 09:51 AM

Hello see if this fixes Safe Mode.
SUPERAntiSypware has a built in "Repairs" feature to fix policy restrictions and certain Windows settings which are sometimes targeted by malware infection. To use this feature, launch SUPERAntiSypware.
  • Click the Repairs tab.
  • Click on (highlight) "Repair broken SafeBoot key" and then click the Repair button.
  • You may be asked to reboot your computer for the changes to take effect.

We'll try one more scan...

ESET
Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Click the green ESET Online Scanner button.
  • Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
  • A new window will appear asking "Do you want to install this software?"".
  • Answer Yes to download and install the ActiveX controls that allows the scan to run.
  • Click Start.
  • Check Remove found threats and Scan potentially unwanted applications.
  • Click Scan to start. (please be patient as the scan could take some time to complete)
  • If offered the option to get information or buy software. Just close the window.
  • When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\ESET\ESET Online Scanner\log.txt
    folder.
  • Click Posted Image > Run..., then copy and paste this command into the open box: C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 uareanoob

uareanoob
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 08 July 2010 - 12:34 AM

ESET LOG:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=52c8f7c01acb3e488a7ad2d25088f0fc
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-06-26 12:09:10
# local_time=2010-06-25 05:09:10 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 3472 3472 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=46141
# found=0
# cleaned=0
# scan_time=2747

It appears that this virus has spread across my router and that's how it is reinfecting me can some one help me with this problem?

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:50 PM

Posted 08 July 2010 - 10:28 AM

Change your DNS Servers:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.
If the above commands did not resolve the problem, the next thing to try is to reset your network settings and Configure TCP/IP to use DNS.
  • Go to Posted Image > Control Panel, and choose Network Connections.
  • Right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
  • Double-click on Internet Protocol (TCP/IP) or highlight it and select Properties.
  • Under the General tab, write down any settings in case you should need to change them back.
  • Select the button that says "Obtain an IP address automatically" or make sure the DNS server IP address is the same as provided by your ISP.
  • Select the button that says "Obtain DNS servers automatically".
  • If unknown Preferred or Alternate DNS servers are listed, uncheck the box that says "Use the following DNS server address".
  • Click OK twice to get out of the properties screen and restart your computer. If not prompted to reboot go ahead and reboot manually.
-- Vista users can refer to How to Change TCP/IP settings

CAUTION: It's possible that your ISP (Internet Service Provider) requires specific DNS settings here. Make sure you know if you need these settings or not BEFORE you make any changes or you may lose your Internet connection. If you're sure you do not need a specific DNS address, then you may proceed.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users