Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Asklots redirect


  • Please log in to reply
22 replies to this topic

#1 pskr

pskr

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 07 July 2010 - 12:09 AM

Hi,
I have read several other posts where users seem to be having similar problems as mine: clicking links in Google search results will redirect to random other sites. Once one of the search result link is clicked, the request is going to asklots.com and then the redirects are happening and the most frequent redirects are to luckyresults, freshdeals, monstermarketplace, (all dot com) and random others. BTW this behaviours is not happening everytime when i click the google search results. It's happening often though. Please help me

thanks,
s

Edited by Budapest, 07 July 2010 - 12:11 AM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,212 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:20 PM

Posted 07 July 2010 - 03:29 PM

Hello, please run these,poist the scan logs and update me on how it's running.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.
Before you save it rename it to say zztoy.exe


alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 pskr

pskr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 28 July 2010 - 07:53 AM

Thank you so much. here are the results when i ran the softwares.

1. Can't run the update on MBAM as it throws an errror(MBAM_ERROR_UPDATING(12007,0.WinHttpSendrequest)

Here are the logs

MBAM
-----------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/27/2010 10:37:25 PM
mbam-log-2010-07-27 (22-37-25).txt

Scan type: Quick scan
Objects scanned: 134963
Time elapsed: 11 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SuperAntiSpyware
----------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/28/2010 at 00:40 AM

Application Version : 4.41.1000

Core Rules Database Version : 5057
Trace Rules Database Version: 2869

Scan type : Complete Scan
Total Scan Time : 01:50:17

Memory items scanned : 250
Memory threats detected : 0
Registry items scanned : 8335
Registry threats detected : 0
File items scanned : 24254
File threats detected : 36

Adware.Tracking Cookie
.statcounter.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.xiti.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.shinystat.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
counter.relmaxtop.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.yadro.ru [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
s03.flagcounter.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.pro-market.net [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.pro-market.net [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.pro-market.net [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.dodtracker.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.dodtracker.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.2o7.net [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
in.getclicky.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.vonage.122.2o7.net [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.webreports.digitalinsight.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.webreports.digitalinsight.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.webreports.digitalinsight.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.webreports.digitalinsight.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.digitalinsight.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.linksynergy.walmart.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.linksynergy.walmart.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.linksynergy.walmart.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
.walmart.112.2o7.net [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]
stats.gamestop.com [ C:\Documents and Settings\elaselva\Application Data\Mozilla\Firefox\Profiles\8bkgqn0y.default\cookies.sqlite ]

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,212 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:20 PM

Posted 28 July 2010 - 10:30 AM

Manually Downloading Updates:
Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 pskr

pskr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 28 July 2010 - 01:06 PM

I have downloaded the mbam-rules.exe update from another pc and tried to run it on the infected computer. But it never ran and gave me the following error
"the setup files are corrupted. Please obtain a copy of the new program".

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,212 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:20 PM

Posted 28 July 2010 - 01:35 PM

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 pskr

pskr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 29 July 2010 - 10:39 PM

I have ran mbam clean which uninstalled the MBAM. I did reinstall the software with your link and it didn't ask me for license key during installation so i guess it's a free version. But once it tries to update once installation is complete, it throws the same error(MBAM_ERROR_UPDATING(12007,0.WinHttpSendrequest)
Please help..

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,212 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:20 PM

Posted 29 July 2010 - 11:08 PM

Please ensure these items are excluded from your Antivirus AND your Firewall - 12007 error usually means that the download is being blocked -

Exclude Malwarebytes' Anti-Malware's Files and Folders From Other Active Security Programs:

For Windows XP:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
C:\Windows\System32\drivers\mbam.sys
C:\Windows\System32\drivers\mbamswissarmy.sys
{Credit,noknojohn}


The FAQ contains examples of setting file exclusions for some known AV products


Would also like an online scan with ESET
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Export to text file... to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Eset Smart Installer icon on your desktop.
  • Check the "YES, I accept the Terms of Use"
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push "List of found threats"
  • Push "Export to text file", and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the "<<Back" button.
  • Push Finish
In your next reply, please include the following:
  • Eset Scan Log

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 pskr

pskr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 01 August 2010 - 10:21 PM

Finally am able to run the update on mbam successfuly on windows "save with networking" mode. It found out 94 infections and cleaned it out. But i believe still that virus exists on my pc. The ESET online scan didnot found any infections and came empty after the scan.
MBAM LOG
===========
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4374

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/1/2010 1:02:27 AM
mbam-log-2010-08-01 (01-02-27).txt

Scan type: Full scan (C:\|)
Objects scanned: 337720
Time elapsed: 5 hour(s), 52 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 94

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\EWABQAF7KL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\UBC5AB1IDP (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{DC13B678-FBF5-462C-B905-F1265298B5AD}\RP40\A0013528.exe (Backdoor.RBot) -> Quarantined and deleted successfully.
C:\minint\system32\kbdcr.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdhe319.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdir.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdsl1.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbduzb.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbda1.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbda2.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbda3.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\KBDAL.DLL (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdarme.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdarmw.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdaze.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdazel.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdbe.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdblr.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdbr.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdbu.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdca.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdcz.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdcz1.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdcz2.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdda.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbddiv1.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbddiv2.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbddv.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdes.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdfa.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdfc.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdfi.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdfr.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdgae.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdgeo.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdgkl.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdgr.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdgr1.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdhe.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdhe220.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdheb.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdhela2.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdhela3.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdhept.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdhu.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdhu1.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdic.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdindev.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdinguj.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdinhin.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdinkan.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdinmar.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdinpun.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdintam.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdintel.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdit.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdit142.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdkaz.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdkyr.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdla.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdmac.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdmon.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdne.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdnec.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdno.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdpl.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdpl1.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdpo.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdro.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdru.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdru1.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdsf.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdsg.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdsl.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdsp.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdsw.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdsyr1.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdsyr2.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdtat.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdth0.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdth1.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdth2.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdth3.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdtuf.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdtuq.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbduk.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdur.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdurdu.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdus.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdusa.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdusl.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdusr.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdusx.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdvntc.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdycc.dll (Trojan.Dropper) -> Delete on reboot.
C:\minint\system32\kbdycl.dll (Trojan.Dropper) -> Delete on reboot.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,212 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:20 PM

Posted 01 August 2010 - 11:08 PM

Hello again, The backdoor bot found means your passwords have been stolen and need changing after we do this.
Also you DID rebootafter that??

please run the tool here How to remove Google Redirects

When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 pskr

pskr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 02 August 2010 - 09:12 PM

Thanks for your support. I did reboot my machine on the previous mbam scan. But there are couple of things happened after the reboot. 1. The systems is very very slow on normal mode 2. The internet setup is not working and i cannot connect to internet no matter normal or save mode. The above happens though when the system restore is turned off. If i turn it on and restart the system everything is working ok but the browser redirect reappears. here are the logs

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4379

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/2/2010 4:08:57 AM
mbam-log-2010-08-02 (04-08-57).txt

Scan type: Full scan (C:\|)
Objects scanned: 331285
Time elapsed: 3 hour(s), 28 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
TDSKILLLER

============

2010/08/02 00:18:02.0265 TDSS rootkit removing tool 2.4.0.0 Jul 22 2010 16:09:49
2010/08/02 00:18:02.0265 ================================================================================
2010/08/02 00:18:02.0265 SystemInfo:
2010/08/02 00:18:02.0265
2010/08/02 00:18:02.0265 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/02 00:18:02.0265 Product type: Workstation
2010/08/02 00:18:02.0265 ComputerName: ELASELVA
2010/08/02 00:18:02.0265 UserName: elaselva
2010/08/02 00:18:02.0265 Windows directory: C:\WINDOWS
2010/08/02 00:18:02.0265 System windows directory: C:\WINDOWS
2010/08/02 00:18:02.0265 Processor architecture: Intel x86
2010/08/02 00:18:02.0265 Number of processors: 2
2010/08/02 00:18:02.0265 Page size: 0x1000
2010/08/02 00:18:02.0265 Boot type: Safe boot with network
2010/08/02 00:18:02.0265 ================================================================================
2010/08/02 00:18:02.0765 Initialize success
2010/08/02 00:18:05.0156 ================================================================================
2010/08/02 00:18:05.0156 Scan started
2010/08/02 00:18:05.0156 Mode: Manual;
2010/08/02 00:18:05.0156 ================================================================================
2010/08/02 00:18:10.0671 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/02 00:18:10.0687 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/08/02 00:18:10.0734 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/02 00:18:10.0765 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/02 00:18:10.0875 AgereSoftModem (9c7b1314d5e1212bd3d654177c06e24d) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/08/02 00:18:11.0406 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/02 00:18:11.0562 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/02 00:18:11.0593 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
2010/08/02 00:18:11.0656 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/02 00:18:11.0734 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/02 00:18:11.0843 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2010/08/02 00:18:11.0984 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2010/08/02 00:18:12.0046 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
2010/08/02 00:18:12.0156 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/08/02 00:18:12.0296 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/02 00:18:12.0515 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/02 00:18:12.0562 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/02 00:18:12.0640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/02 00:18:12.0656 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/02 00:18:12.0718 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/02 00:18:12.0843 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2010/08/02 00:18:12.0968 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/08/02 00:18:12.0984 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/02 00:18:13.0031 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
2010/08/02 00:18:13.0093 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/02 00:18:13.0187 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/02 00:18:13.0343 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/02 00:18:13.0343 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/02 00:18:13.0421 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/02 00:18:13.0500 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/02 00:18:13.0546 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/02 00:18:13.0578 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/02 00:18:13.0593 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/02 00:18:13.0609 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/02 00:18:13.0671 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/02 00:18:13.0796 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2010/08/02 00:18:13.0875 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/02 00:18:13.0953 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/02 00:18:14.0031 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/02 00:18:14.0093 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/02 00:18:14.0125 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/02 00:18:14.0187 HssDrv (6e38ac4eae059412b80af2263c004fd0) C:\WINDOWS\system32\DRIVERS\HssDrv.sys
2010/08/02 00:18:14.0343 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/02 00:18:14.0406 hwdatacard (4a77f036f7234ed24351ac486d2a29b9) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2010/08/02 00:18:14.0546 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/02 00:18:14.0656 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/08/02 00:18:14.0796 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/02 00:18:15.0109 IntcAzAudAddService (b29781b9a90cd55fc5d859c0b1c243bc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/08/02 00:18:15.0328 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/02 00:18:15.0375 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/02 00:18:15.0421 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/02 00:18:15.0453 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/02 00:18:15.0500 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/02 00:18:15.0531 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/02 00:18:15.0546 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/02 00:18:15.0687 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/02 00:18:15.0718 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/02 00:18:15.0781 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
2010/08/02 00:18:15.0796 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\drivers\klbg.sys
2010/08/02 00:18:15.0875 KLIF (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\DRIVERS\klif.sys
2010/08/02 00:18:15.0937 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys
2010/08/02 00:18:16.0062 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/08/02 00:18:16.0234 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2010/08/02 00:18:16.0296 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/02 00:18:16.0359 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/02 00:18:16.0484 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
2010/08/02 00:18:16.0578 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/02 00:18:16.0781 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/02 00:18:16.0937 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/02 00:18:17.0000 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/02 00:18:17.0046 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/02 00:18:17.0078 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/02 00:18:17.0156 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/02 00:18:17.0250 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/02 00:18:17.0312 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/02 00:18:17.0343 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/02 00:18:17.0390 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/02 00:18:17.0500 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/02 00:18:17.0546 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/02 00:18:17.0578 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/02 00:18:17.0625 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/02 00:18:17.0812 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/02 00:18:17.0859 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/02 00:18:17.0906 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/02 00:18:17.0937 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/02 00:18:17.0968 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/02 00:18:18.0000 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/02 00:18:18.0046 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/02 00:18:18.0125 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/02 00:18:18.0281 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/02 00:18:18.0328 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/08/02 00:18:18.0406 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/02 00:18:18.0468 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/02 00:18:18.0578 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/02 00:18:18.0640 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/02 00:18:18.0671 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/02 00:18:18.0687 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/02 00:18:18.0765 paldrv (e41606dfca9099293ef698da13bcb62f) C:\WINDOWS\system32\pal_drv.sys
2010/08/02 00:18:18.0843 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/08/02 00:18:18.0859 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/02 00:18:18.0984 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/02 00:18:19.0046 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/08/02 00:18:19.0078 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/02 00:18:19.0109 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/02 00:18:19.0265 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/08/02 00:18:19.0859 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
2010/08/02 00:18:19.0906 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/02 00:18:19.0937 psadd (aac08defb15aaab00b30341c716efa35) C:\WINDOWS\system32\DRIVERS\psadd.sys
2010/08/02 00:18:19.0953 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/02 00:18:19.0968 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/02 00:18:20.0031 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/02 00:18:20.0093 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/02 00:18:20.0234 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/02 00:18:20.0296 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/02 00:18:20.0406 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/02 00:18:20.0437 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/02 00:18:20.0468 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/02 00:18:20.0578 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/02 00:18:20.0640 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/02 00:18:20.0671 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/02 00:18:20.0828 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/08/02 00:18:20.0890 rimsptsk (1e6047d4184ccf52e31da2f4f3e3eb27) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/08/02 00:18:21.0000 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/08/02 00:18:21.0031 RTL8023xp (8e34400ffc7d647946d9c820678775af) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2010/08/02 00:18:21.0078 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/08/02 00:18:21.0203 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/08/02 00:18:21.0250 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/08/02 00:18:21.0343 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/08/02 00:18:21.0484 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/02 00:18:21.0671 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/08/02 00:18:21.0718 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/08/02 00:18:21.0765 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/08/02 00:18:21.0796 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/02 00:18:21.0859 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/02 00:18:22.0078 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/02 00:18:22.0187 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/02 00:18:22.0250 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/02 00:18:22.0312 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2010/08/02 00:18:22.0484 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2010/08/02 00:18:22.0531 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2010/08/02 00:18:22.0593 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/02 00:18:22.0671 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/02 00:18:22.0734 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/02 00:18:22.0875 SynTP (ae4052fc36bd4c390cee45a38ec1199a) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/08/02 00:18:23.0031 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/02 00:18:23.0218 tap0901 (ca1da0c128f84b3dd7e4dc21634ee39e) C:\WINDOWS\system32\DRIVERS\tap0901.sys
2010/08/02 00:18:23.0312 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\WINDOWS\system32\DRIVERS\tapvpn.sys
2010/08/02 00:18:23.0390 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/02 00:18:23.0546 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/02 00:18:23.0593 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/02 00:18:23.0625 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/02 00:18:23.0718 tmcomm (949ef0df929a71d6cc77494dfcb1ddeb) C:\WINDOWS\system32\drivers\tmcomm.sys
2010/08/02 00:18:23.0750 tmpreflt (c7c7959ec0940e0eddfc881fed8ec214) C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
2010/08/02 00:18:23.0796 tmxpflt (3e615f370f0c7db414b6bcd1c18399d4) C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
2010/08/02 00:18:24.0000 TSMAPIP (ea856d91b3c088ce331e7740c72f43a3) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2010/08/02 00:18:24.0109 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
2010/08/02 00:18:24.0203 TVTI2C (8ab24d4b7da715c2c80455137910e792) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
2010/08/02 00:18:24.0312 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/02 00:18:24.0468 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/02 00:18:24.0546 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/02 00:18:24.0578 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/02 00:18:24.0609 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/02 00:18:24.0625 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/02 00:18:24.0687 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/02 00:18:24.0843 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/02 00:18:24.0875 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/02 00:18:24.0937 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/08/02 00:18:25.0000 V0070VID (def5751feeb70f474dd9b586f63ccac1) C:\WINDOWS\system32\DRIVERS\V0070Vid.sys
2010/08/02 00:18:25.0046 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/02 00:18:25.0125 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/02 00:18:25.0343 vsapint (60dfbc34228ca36221b03460789f5d4e) C:\WINDOWS\system32\DRIVERS\vsapint.sys
2010/08/02 00:18:25.0546 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/02 00:18:25.0578 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/02 00:18:25.0718 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/08/02 00:18:25.0765 wqunr (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\akslqm.sys
2010/08/02 00:18:25.0890 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/02 00:18:25.0984 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/02 00:18:26.0046 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/02 00:18:26.0109 ================================================================================
2010/08/02 00:18:26.0109 Scan finished
2010/08/02 00:18:26.0109 ================================================================================
2010/08/02 00:19:09.0281 ================================================================================
2010/08/02 00:19:09.0281 Scan started
2010/08/02 00:19:09.0281 Mode: Manual;
2010/08/02 00:19:09.0281 ================================================================================
2010/08/02 00:19:10.0171 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/02 00:19:10.0187 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/08/02 00:19:10.0281 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/02 00:19:10.0312 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/02 00:19:10.0453 AgereSoftModem (9c7b1314d5e1212bd3d654177c06e24d) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/08/02 00:19:10.0718 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/08/02 00:19:10.0812 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/02 00:19:10.0875 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
2010/08/02 00:19:11.0015 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/02 00:19:11.0062 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/02 00:19:11.0140 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
2010/08/02 00:19:11.0171 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2010/08/02 00:19:11.0218 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
2010/08/02 00:19:11.0312 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/08/02 00:19:11.0453 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/02 00:19:11.0625 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/02 00:19:11.0671 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/02 00:19:11.0750 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/02 00:19:11.0765 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/02 00:19:11.0828 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/02 00:19:11.0875 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2010/08/02 00:19:12.0000 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/08/02 00:19:12.0078 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/08/02 00:19:12.0140 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
2010/08/02 00:19:12.0218 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/02 00:19:12.0281 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/02 00:19:12.0421 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/02 00:19:12.0421 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/02 00:19:12.0484 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/02 00:19:12.0531 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/02 00:19:12.0562 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/02 00:19:12.0593 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/02 00:19:12.0625 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/02 00:19:12.0640 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/02 00:19:12.0671 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/02 00:19:12.0796 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2010/08/02 00:19:12.0859 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/02 00:19:12.0937 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/02 00:19:12.0984 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/02 00:19:13.0046 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/02 00:19:13.0078 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/02 00:19:13.0156 HssDrv (6e38ac4eae059412b80af2263c004fd0) C:\WINDOWS\system32\DRIVERS\HssDrv.sys
2010/08/02 00:19:13.0296 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/02 00:19:13.0359 hwdatacard (4a77f036f7234ed24351ac486d2a29b9) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2010/08/02 00:19:13.0468 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/02 00:19:13.0593 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/08/02 00:19:13.0734 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/02 00:19:14.0093 IntcAzAudAddService (b29781b9a90cd55fc5d859c0b1c243bc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/08/02 00:19:14.0296 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/02 00:19:14.0343 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/02 00:19:14.0437 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/02 00:19:14.0500 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/02 00:19:14.0531 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/02 00:19:14.0562 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/02 00:19:14.0578 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/02 00:19:14.0734 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/02 00:19:14.0750 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/02 00:19:14.0812 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
2010/08/02 00:19:14.0828 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\drivers\klbg.sys
2010/08/02 00:19:14.0906 KLIF (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\DRIVERS\klif.sys
2010/08/02 00:19:14.0937 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys
2010/08/02 00:19:14.0968 klmd24 (6485ad0a17a0d6286b4d44c652adabb2) C:\WINDOWS\system32\drivers\klmd.sys
2010/08/02 00:19:15.0000 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2010/08/02 00:19:15.0140 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/02 00:19:15.0187 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/02 00:19:15.0250 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
2010/08/02 00:19:15.0296 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/02 00:19:15.0328 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/02 00:19:15.0390 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/02 00:19:15.0437 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/02 00:19:15.0562 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/02 00:19:15.0625 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/02 00:19:15.0718 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/02 00:19:15.0734 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/02 00:19:15.0765 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/02 00:19:15.0796 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/02 00:19:15.0828 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/02 00:19:15.0875 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/02 00:19:16.0015 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/02 00:19:16.0031 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/02 00:19:16.0062 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/02 00:19:16.0109 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/02 00:19:16.0140 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/02 00:19:16.0171 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/02 00:19:16.0187 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/02 00:19:16.0203 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/02 00:19:16.0234 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/02 00:19:16.0421 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/02 00:19:16.0515 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/02 00:19:16.0593 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/08/02 00:19:16.0656 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2010/08/02 00:19:16.0671 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/02 00:19:16.0718 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/02 00:19:16.0953 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/02 00:19:17.0031 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/02 00:19:17.0062 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/02 00:19:17.0203 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/08/02 00:19:17.0390 paldrv (e41606dfca9099293ef698da13bcb62f) C:\WINDOWS\system32\pal_drv.sys
2010/08/02 00:19:17.0453 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/08/02 00:19:17.0562 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/02 00:19:17.0609 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/02 00:19:17.0656 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/08/02 00:19:17.0671 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/02 00:19:17.0703 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/02 00:19:17.0734 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/08/02 00:19:17.0859 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
2010/08/02 00:19:17.0875 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/02 00:19:17.0906 psadd (aac08defb15aaab00b30341c716efa35) C:\WINDOWS\system32\DRIVERS\psadd.sys
2010/08/02 00:19:18.0031 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/02 00:19:18.0078 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/02 00:19:18.0140 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/02 00:19:18.0218 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/02 00:19:18.0250 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/02 00:19:18.0265 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/02 00:19:18.0296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/02 00:19:18.0328 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/02 00:19:18.0468 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/02 00:19:18.0546 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/02 00:19:18.0593 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/02 00:19:18.0640 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/02 00:19:18.0703 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/08/02 00:19:18.0718 rimsptsk (1e6047d4184ccf52e31da2f4f3e3eb27) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/08/02 00:19:18.0796 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/08/02 00:19:18.0921 RTL8023xp (8e34400ffc7d647946d9c820678775af) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2010/08/02 00:19:19.0046 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/08/02 00:19:19.0171 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/08/02 00:19:19.0218 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/08/02 00:19:19.0296 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/08/02 00:19:19.0343 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/02 00:19:19.0406 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/08/02 00:19:19.0468 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/08/02 00:19:19.0625 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/08/02 00:19:19.0687 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/02 00:19:19.0718 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/02 00:19:19.0765 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/02 00:19:19.0828 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/02 00:19:19.0875 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/02 00:19:19.0937 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2010/08/02 00:19:20.0078 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2010/08/02 00:19:20.0140 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2010/08/02 00:19:20.0171 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/02 00:19:20.0234 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/02 00:19:20.0312 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/02 00:19:20.0421 SynTP (ae4052fc36bd4c390cee45a38ec1199a) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/08/02 00:19:20.0531 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/02 00:19:20.0593 tap0901 (ca1da0c128f84b3dd7e4dc21634ee39e) C:\WINDOWS\system32\DRIVERS\tap0901.sys
2010/08/02 00:19:20.0656 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\WINDOWS\system32\DRIVERS\tapvpn.sys
2010/08/02 00:19:20.0718 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/02 00:19:20.0781 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/02 00:19:20.0812 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/02 00:19:20.0937 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/02 00:19:21.0015 tmcomm (949ef0df929a71d6cc77494dfcb1ddeb) C:\WINDOWS\system32\drivers\tmcomm.sys
2010/08/02 00:19:21.0031 tmpreflt (c7c7959ec0940e0eddfc881fed8ec214) C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
2010/08/02 00:19:21.0062 tmxpflt (3e615f370f0c7db414b6bcd1c18399d4) C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
2010/08/02 00:19:21.0156 TSMAPIP (ea856d91b3c088ce331e7740c72f43a3) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2010/08/02 00:19:21.0203 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
2010/08/02 00:19:21.0234 TVTI2C (8ab24d4b7da715c2c80455137910e792) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
2010/08/02 00:19:21.0296 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/02 00:19:21.0500 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/02 00:19:21.0546 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/02 00:19:21.0578 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/02 00:19:21.0609 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/02 00:19:21.0625 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/02 00:19:21.0687 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/02 00:19:21.0812 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/02 00:19:21.0875 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/02 00:19:21.0921 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/08/02 00:19:21.0968 V0070VID (def5751feeb70f474dd9b586f63ccac1) C:\WINDOWS\system32\DRIVERS\V0070Vid.sys
2010/08/02 00:19:22.0015 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/02 00:19:22.0078 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/02 00:19:22.0296 vsapint (60dfbc34228ca36221b03460789f5d4e) C:\WINDOWS\system32\DRIVERS\vsapint.sys
2010/08/02 00:19:22.0453 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/02 00:19:22.0515 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/02 00:19:22.0593 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/08/02 00:19:22.0640 wqunr (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\akslqm.sys
2010/08/02 00:19:22.0656 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/02 00:19:22.0718 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/02 00:19:22.0890 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/02 00:19:22.0921 ================================================================================
2010/08/02 00:19:22.0921 Scan finished
2010/08/02 00:19:22.0921 ================================================================================
2010/08/02 00:19:27.0625 Deinitialize success

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,212 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:20 PM

Posted 02 August 2010 - 09:31 PM

Appears we are still infected.
For the connection... Try this--open control, internet options, connections tab, lan settings, uncheck the box next to "use proxy...."
OR
Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.


If you connnect run DrWeb only below, if not use this method.


Reboot into Safe Mode with Networking
How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Then run...

DrWeb
Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the anti-virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 pskr

pskr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 03 August 2010 - 08:30 PM

thanks for the support. I have tried both of the options you have mentioned. While running RKILL i did not got any errors but it killed "explorer.exe" while it's running ( hope it's normal). Also i did ran Dr.Webcure as per your instructions. It took the whole day yesterday but it did not come up with any virus/threats and the'save report list" was disabled."b

After all these steps i did do a reboot and tried to open the open the forum using IE and there it is " the popup" came again. Please help me.

#14 pskr

pskr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 04 August 2010 - 10:14 AM

Just want to some more info/thoughts on my previous reply. Most of time the popups i get is the "http://search-googleanalytics.com and from there it would either go to some different site or just hang in there. Right now it's happening on all of 3 computers which are connected to my wireless network. Does this problem got something to do with wireless router?( got hacked or something)....

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,212 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:20 PM

Posted 04 August 2010 - 11:44 AM

Ok we need to do these 3 steps.

Please read and follow all these instructions.
  • Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe to run it.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
If still occurring then:
The problem is actually based in your router and that in turn is infecting all the other computers on your network.
Here is the entire fix(from the beginning) that you will need to run on each PC.

Please download Malwarebytes' Anti-Malware from Here or Here

Next disconnect your system from the internet, and your router, then

Double Click mbam-setup.exe to install the application.
  • Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you dont know the router's default password, you can look it up HERE

However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users