Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google hijacked


  • Please log in to reply
16 replies to this topic

#1 samaria2

samaria2

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 18 May 2011 - 03:27 PM

I was recently hit with a massive malware attack that gave me a wide range of problems, including fake windows security updates. After running Malware bytes and Super-Anti Spyware, most of the problems were resolved except for one. Google and every other search engine I try are completely hijacked. Clicking on any search result will redirect various other advertisements and different websites. I was going to try system restore, but there does not appear to be any previous restore points available. I am not sure whether this is related to the malware as well. I am running Windows XP with service pack 2 installed. Thank you.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:49 PM

Posted 19 May 2011 - 06:54 AM

Please post the complete results of your MBAM scan for review.

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
  • The log will be named by the date of scan in the following format: mbam-log-date(time).txt
    -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log should automatically open in notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd



Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!
Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.

  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions if you're unsure how to unzip a file.
  • If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.

    Posted Image
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

    Posted Image
  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

    Posted Image
  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 samaria2

samaria2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 19 May 2011 - 11:57 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 6586

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/15/2011 10:55:05 PM
mbam-log-2011-05-15 (22-55-05).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 312431
Time elapsed: 1 hour(s), 38 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("D:\Documents and Settings\Derek\Local Settings\Application Data\xsd.exe" -a "iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("D:\Documents and Settings\Derek\Local Settings\Application Data\xsd.exe" -a "D:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("D:\Documents and Settings\Derek\Local Settings\Application Data\xsd.exe" -a "D:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 samaria2

samaria2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 19 May 2011 - 11:58 AM

2011/05/19 12:53:51.0171 2108 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/19 12:53:53.0171 2108 ================================================================================
2011/05/19 12:53:53.0171 2108 SystemInfo:
2011/05/19 12:53:53.0171 2108
2011/05/19 12:53:53.0171 2108 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/19 12:53:53.0171 2108 Product type: Workstation
2011/05/19 12:53:53.0171 2108 ComputerName: YOUR-AGI7FEDSAM
2011/05/19 12:53:53.0171 2108 UserName: Derek
2011/05/19 12:53:53.0171 2108 Windows directory: D:\WINDOWS
2011/05/19 12:53:53.0171 2108 System windows directory: D:\WINDOWS
2011/05/19 12:53:53.0171 2108 Processor architecture: Intel x86
2011/05/19 12:53:53.0171 2108 Number of processors: 2
2011/05/19 12:53:53.0171 2108 Page size: 0x1000
2011/05/19 12:53:53.0171 2108 Boot type: Normal boot
2011/05/19 12:53:53.0171 2108 ================================================================================
2011/05/19 12:53:53.0500 2108 Initialize success
2011/05/19 12:54:06.0750 0864 ================================================================================
2011/05/19 12:54:06.0750 0864 Scan started
2011/05/19 12:54:06.0750 0864 Mode: Manual;
2011/05/19 12:54:06.0750 0864 ================================================================================
2011/05/19 12:54:07.0125 0864 a347bus (1f61cacacb521215f39061789147968c) D:\WINDOWS\System32\DRIVERS\a347bus.sys
2011/05/19 12:54:07.0140 0864 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) D:\WINDOWS\System32\Drivers\a347scsi.sys
2011/05/19 12:54:07.0218 0864 ACPI (a10c7534f7223f4a73a948967d00e69b) D:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/19 12:54:07.0250 0864 ACPIEC (9859c0f6936e723e4892d7141b1327d5) D:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/19 12:54:07.0296 0864 aec (841f385c6cfaf66b58fbd898722bb4f0) D:\WINDOWS\system32\drivers\aec.sys
2011/05/19 12:54:07.0328 0864 AFD (55e6e1c51b6d30e54335750955453702) D:\WINDOWS\System32\drivers\afd.sys
2011/05/19 12:54:07.0406 0864 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) D:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/19 12:54:07.0468 0864 AsyncMac (02000abf34af4c218c35d257024807d6) D:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/19 12:54:07.0500 0864 atapi (cdfe4411a69c224bd1d11b2da92dac51) D:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/19 12:54:07.0671 0864 ati2mtag (1d99d1b43638e31ea5cf4a8fd199762b) D:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/19 12:54:07.0734 0864 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) D:\WINDOWS\system32\drivers\AtiHdmi.sys
2011/05/19 12:54:07.0750 0864 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) D:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/19 12:54:07.0765 0864 audstub (d9f724aa26c010a217c97606b160ed68) D:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/19 12:54:07.0796 0864 Beep (da1f27d85e0d1525f6621372e7b685e9) D:\WINDOWS\system32\drivers\Beep.sys
2011/05/19 12:54:07.0828 0864 BIOS (be5d50529799b9bab6be879ec768b6cf) D:\WINDOWS\System32\drivers\BIOS.sys
2011/05/19 12:54:07.0875 0864 BS_I2cIo (9383ffa2aad55f6ca4831addd0edf230) D:\WINDOWS\System32\drivers\BS_I2cIo.sys
2011/05/19 12:54:07.0906 0864 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) D:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/05/19 12:54:07.0906 0864 BTHMODEM (9df0adf74ce1d6371ed60cf92eb1d9a6) D:\WINDOWS\system32\DRIVERS\bthmodem.sys
2011/05/19 12:54:07.0921 0864 BthPan (10355270be12641b9764235da39dcf0f) D:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/05/19 12:54:07.0953 0864 BTHPORT (95ef6f3f386d93ee1e4d9ca45a50252a) D:\WINDOWS\system32\Drivers\BTHport.sys
2011/05/19 12:54:07.0984 0864 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) D:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/05/19 12:54:08.0031 0864 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) D:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/19 12:54:08.0062 0864 Cdaudio (c1b486a7658353d33a10cc15211a873b) D:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/19 12:54:08.0078 0864 Cdfs (cd7d5152df32b47f4e36f710b35aae02) D:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/19 12:54:08.0093 0864 Cdrom (af9c19b3100fe010496b1a27181fbf72) D:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/19 12:54:08.0156 0864 cpuz132 (097a0a4899b759a4f032bd464963b4be) D:\WINDOWS\System32\drivers\cpuz132_x32.sys
2011/05/19 12:54:08.0187 0864 Disk (00ca44e4534865f8a3b64f7c0984bff0) D:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/19 12:54:08.0234 0864 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) D:\WINDOWS\system32\drivers\dmboot.sys
2011/05/19 12:54:08.0312 0864 dmio (f5e7b358a732d09f4bcf2824b88b9e28) D:\WINDOWS\system32\drivers\dmio.sys
2011/05/19 12:54:08.0312 0864 dmload (e9317282a63ca4d188c0df5e09c6ac5f) D:\WINDOWS\system32\drivers\dmload.sys
2011/05/19 12:54:08.0343 0864 DMusic (a6f881284ac1150e37d9ae47ff601267) D:\WINDOWS\system32\drivers\DMusic.sys
2011/05/19 12:54:08.0375 0864 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) D:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/19 12:54:08.0406 0864 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) D:\WINDOWS\System32\DRIVERS\ENTECH.sys
2011/05/19 12:54:08.0437 0864 Fastfat (3117f595e9615e04f05a54fc15a03b20) D:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/19 12:54:08.0453 0864 Fdc (ced2e8396a8838e59d8fd529c680e02c) D:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/19 12:54:08.0484 0864 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) D:\WINDOWS\system32\drivers\Fips.sys
2011/05/19 12:54:08.0500 0864 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) D:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/19 12:54:08.0531 0864 FltMgr (157754f0df355a9e0a6f54721914f9c6) D:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/19 12:54:08.0546 0864 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/19 12:54:08.0546 0864 Ftdisk (6ac26732762483366c3969c9e4d2259d) D:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/19 12:54:08.0578 0864 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/19 12:54:08.0609 0864 Gpc (c0f1d4a21de5a415df8170616703debf) D:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/19 12:54:08.0640 0864 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) D:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/19 12:54:08.0687 0864 HidUsb (1de6783b918f540149aa69943bdfeba8) D:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/19 12:54:08.0734 0864 HTTP (9f8b0f4276f618964fd118be4289b7cd) D:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/19 12:54:08.0781 0864 i8042prt (5502b58eef7486ee6f93f3f164dcb808) D:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/19 12:54:08.0796 0864 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) D:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/19 12:54:08.0953 0864 IntcAzAudAddService (c464cf7a58c011a70188602b55c64e99) D:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/19 12:54:09.0015 0864 intelppm (279fb78702454dff2bb445f238c048d2) D:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/19 12:54:09.0046 0864 ip6fw (4448006b6bc60e6c027932cfc38d6855) D:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/19 12:54:09.0062 0864 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/19 12:54:09.0078 0864 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) D:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/19 12:54:09.0093 0864 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) D:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/19 12:54:09.0109 0864 IPSec (64537aa5c003a6afeee1df819062d0d1) D:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/19 12:54:09.0125 0864 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) D:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/19 12:54:09.0140 0864 isapnp (e504f706ccb699c2596e9a3da1596e87) D:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/19 12:54:09.0156 0864 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) D:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/19 12:54:09.0187 0864 kmixer (d93cad07c5683db066b0b2d2d3790ead) D:\WINDOWS\system32\drivers\kmixer.sys
2011/05/19 12:54:09.0218 0864 KSecDD (674d3e5a593475915dc6643317192403) D:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/19 12:54:09.0250 0864 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) D:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/19 12:54:09.0312 0864 Modem (6fc6f9d7acc36dca9b914565a3aeda05) D:\WINDOWS\system32\drivers\Modem.sys
2011/05/19 12:54:09.0328 0864 Mouclass (34e1f0031153e491910e12551400192c) D:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/19 12:54:09.0359 0864 mouhid (b1c303e17fb9d46e87a98e4ba6769685) D:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/19 12:54:09.0375 0864 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) D:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/19 12:54:09.0390 0864 MRxDAV (46edcc8f2db2f322c24f48785cb46366) D:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/19 12:54:09.0453 0864 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/19 12:54:09.0468 0864 Msfs (561b3a4333ca2dbdba28b5b956822519) D:\WINDOWS\system32\drivers\Msfs.sys
2011/05/19 12:54:09.0484 0864 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) D:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/19 12:54:09.0500 0864 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) D:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/19 12:54:09.0500 0864 MSPQM (1988a33ff19242576c3d0ef9ce785da7) D:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/19 12:54:09.0546 0864 mssmbios (469541f8bfd2b32659d5d463a6714bce) D:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/19 12:54:09.0546 0864 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) D:\WINDOWS\system32\drivers\Mup.sys
2011/05/19 12:54:09.0562 0864 NDIS (558635d3af1c7546d26067d5d9b6959e) D:\WINDOWS\system32\drivers\NDIS.sys
2011/05/19 12:54:09.0593 0864 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) D:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/19 12:54:09.0609 0864 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) D:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/19 12:54:09.0625 0864 NdisWan (0b90e255a9490166ab368cd55a529893) D:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/19 12:54:09.0640 0864 NDProxy (59fc3fb44d2669bc144fd87826bb571f) D:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/19 12:54:09.0640 0864 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) D:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/19 12:54:09.0671 0864 NetBT (0c80e410cd2f47134407ee7dd19cc86b) D:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/19 12:54:09.0703 0864 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) D:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/19 12:54:09.0718 0864 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) D:\WINDOWS\system32\drivers\Npfs.sys
2011/05/19 12:54:09.0734 0864 Ntfs (b78be402c3f63dd55521f73876951cdd) D:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/19 12:54:09.0812 0864 NuidFltr (cf7e041663119e09d2e118521ada9300) D:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/05/19 12:54:09.0828 0864 Null (73c1e1f395918bc2c6dd67af7591a3ad) D:\WINDOWS\system32\drivers\Null.sys
2011/05/19 12:54:09.0859 0864 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/19 12:54:09.0875 0864 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/19 12:54:09.0875 0864 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) D:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/19 12:54:09.0906 0864 Parport (29744eb4ce659dfe3b4122deb45bc478) D:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/19 12:54:09.0921 0864 PartMgr (3334430c29dc338092f79c38ef7b4cd0) D:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/19 12:54:09.0953 0864 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) D:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/19 12:54:09.0968 0864 PCI (8086d9979234b603ad5bc2f5d890b234) D:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/19 12:54:10.0000 0864 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) D:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/19 12:54:10.0031 0864 Pcmcia (82a087207decec8456fbe8537947d579) D:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/19 12:54:10.0125 0864 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) D:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/19 12:54:10.0140 0864 Processor (0d97d88720a4087ec93af7dbb303b30a) D:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/19 12:54:10.0156 0864 PSched (48671f327553dcf1d27f6197f622a668) D:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/19 12:54:10.0171 0864 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/19 12:54:10.0234 0864 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) D:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/19 12:54:10.0250 0864 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) D:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/19 12:54:10.0265 0864 RasPppoe (7306eeed8895454cbed4669be9f79faa) D:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/19 12:54:10.0265 0864 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) D:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/19 12:54:10.0312 0864 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) D:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/19 12:54:10.0328 0864 RDPCDD (4912d5b403614ce99c28420f75353332) D:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/19 12:54:10.0375 0864 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) D:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/19 12:54:10.0406 0864 redbook (b31b4588e4086d8d84adbf9845c2402b) D:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/19 12:54:10.0421 0864 RFCOMM (99c4b74981a1413f142a3903130088cb) D:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/05/19 12:54:10.0468 0864 RTLE8023xp (79b4fe884c18dd82d5449f6b6026d092) D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/05/19 12:54:10.0515 0864 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/19 12:54:10.0531 0864 SASKUTIL (61db0d0756a99506207fd724e3692b25) D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/19 12:54:10.0562 0864 Secdrv (d26e26ea516450af9d072635c60387f4) D:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/19 12:54:10.0578 0864 serenum (a2d868aeeff612e70e213c451a70cafb) D:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/19 12:54:10.0593 0864 Serial (cd9404d115a00d249f70a371b46d5a26) D:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/19 12:54:10.0609 0864 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) D:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/19 12:54:10.0656 0864 splitter (8e186b8f23295d1e42c573b82b80d548) D:\WINDOWS\system32\drivers\splitter.sys
2011/05/19 12:54:10.0671 0864 sr (e41b6d037d6cd08461470af04500dc24) D:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/19 12:54:10.0718 0864 Srv (7a4f147cc6b133f905f6e65e2f8669fb) D:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/19 12:54:10.0750 0864 swenum (03c1bae4766e2450219d20b993d6e046) D:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/19 12:54:10.0796 0864 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) D:\WINDOWS\system32\drivers\swmidi.sys
2011/05/19 12:54:10.0859 0864 sysaudio (650ad082d46bac0e64c9c0e0928492fd) D:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/19 12:54:10.0906 0864 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) D:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/19 12:54:10.0937 0864 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) D:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/19 12:54:10.0953 0864 TDTCP (ed0580af02502d00ad8c4c066b156be9) D:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/19 12:54:10.0968 0864 TermDD (a540a99c281d933f3d69d55e48727f47) D:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/19 12:54:11.0015 0864 Udfs (12f70256f140cd7d52c58c7048fde657) D:\WINDOWS\system32\drivers\Udfs.sys
2011/05/19 12:54:11.0031 0864 Update (a6ee444e97477ccf6ee93fa8da3517fe) D:\WINDOWS\system32\DRIVERS\update.sys
2011/05/19 12:54:11.0031 0864 Suspicious file (Forged): D:\WINDOWS\system32\DRIVERS\update.sys. Real md5: a6ee444e97477ccf6ee93fa8da3517fe, Fake md5: aff2e5045961bbc0a602bb6f95eb1345
2011/05/19 12:54:11.0031 0864 Update - detected ForgedFile.Multi.Generic (1)
2011/05/19 12:54:11.0078 0864 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) D:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/19 12:54:11.0109 0864 usbehci (15e993ba2f6946b2bfbbfcd30398621e) D:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/19 12:54:11.0125 0864 usbhub (c72f40947f92cea56a8fb532edf025f1) D:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/19 12:54:11.0156 0864 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) D:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/19 12:54:11.0203 0864 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) D:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/19 12:54:11.0234 0864 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/19 12:54:11.0265 0864 usbuhci (f8fd1400092e23c8f2f31406ef06167b) D:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/19 12:54:11.0312 0864 VgaSave (8a60edd72b4ea5aea8202daf0e427925) D:\WINDOWS\System32\drivers\vga.sys
2011/05/19 12:54:11.0359 0864 VolSnap (ee4660083deba849ff6c485d944b379b) D:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/19 12:54:11.0390 0864 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) D:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/19 12:54:11.0421 0864 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) D:\WINDOWS\system32\DRIVERS\wdcsam.sys
2011/05/19 12:54:11.0484 0864 Wdf01000 (fd47474bd21794508af449d9d91af6e6) D:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/19 12:54:11.0546 0864 wdmaud (2797f33ebf50466020c430ee4f037933) D:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/19 12:54:11.0750 0864 ================================================================================
2011/05/19 12:54:11.0750 0864 Scan finished
2011/05/19 12:54:11.0750 0864 ================================================================================
2011/05/19 12:54:11.0765 1096 Detected object count: 1
2011/05/19 12:55:01.0156 1096 ForgedFile.Multi.Generic(Update) - User select action: Skip
2011/05/19 12:55:17.0156 2680 ================================================================================
2011/05/19 12:55:17.0156 2680 Scan started
2011/05/19 12:55:17.0156 2680 Mode: Manual;
2011/05/19 12:55:17.0156 2680 ================================================================================
2011/05/19 12:55:17.0328 2680 a347bus (1f61cacacb521215f39061789147968c) D:\WINDOWS\System32\DRIVERS\a347bus.sys
2011/05/19 12:55:17.0343 2680 a347scsi (113e4b318bbaa7483ca4e582a4d63f49) D:\WINDOWS\System32\Drivers\a347scsi.sys
2011/05/19 12:55:17.0390 2680 ACPI (a10c7534f7223f4a73a948967d00e69b) D:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/19 12:55:17.0437 2680 ACPIEC (9859c0f6936e723e4892d7141b1327d5) D:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/19 12:55:17.0468 2680 aec (841f385c6cfaf66b58fbd898722bb4f0) D:\WINDOWS\system32\drivers\aec.sys
2011/05/19 12:55:17.0500 2680 AFD (55e6e1c51b6d30e54335750955453702) D:\WINDOWS\System32\drivers\afd.sys
2011/05/19 12:55:17.0578 2680 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) D:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/19 12:55:17.0625 2680 AsyncMac (02000abf34af4c218c35d257024807d6) D:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/19 12:55:17.0656 2680 atapi (cdfe4411a69c224bd1d11b2da92dac51) D:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/19 12:55:17.0828 2680 ati2mtag (1d99d1b43638e31ea5cf4a8fd199762b) D:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/05/19 12:55:17.0890 2680 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) D:\WINDOWS\system32\drivers\AtiHdmi.sys
2011/05/19 12:55:17.0890 2680 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) D:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/19 12:55:17.0921 2680 audstub (d9f724aa26c010a217c97606b160ed68) D:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/19 12:55:17.0953 2680 Beep (da1f27d85e0d1525f6621372e7b685e9) D:\WINDOWS\system32\drivers\Beep.sys
2011/05/19 12:55:17.0984 2680 BIOS (be5d50529799b9bab6be879ec768b6cf) D:\WINDOWS\System32\drivers\BIOS.sys
2011/05/19 12:55:18.0031 2680 BS_I2cIo (9383ffa2aad55f6ca4831addd0edf230) D:\WINDOWS\System32\drivers\BS_I2cIo.sys
2011/05/19 12:55:18.0062 2680 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) D:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/05/19 12:55:18.0062 2680 BTHMODEM (9df0adf74ce1d6371ed60cf92eb1d9a6) D:\WINDOWS\system32\DRIVERS\bthmodem.sys
2011/05/19 12:55:18.0078 2680 BthPan (10355270be12641b9764235da39dcf0f) D:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/05/19 12:55:18.0109 2680 BTHPORT (95ef6f3f386d93ee1e4d9ca45a50252a) D:\WINDOWS\system32\Drivers\BTHport.sys
2011/05/19 12:55:18.0125 2680 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) D:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/05/19 12:55:18.0156 2680 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) D:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/19 12:55:18.0203 2680 Cdaudio (c1b486a7658353d33a10cc15211a873b) D:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/19 12:55:18.0218 2680 Cdfs (cd7d5152df32b47f4e36f710b35aae02) D:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/19 12:55:18.0218 2680 Cdrom (af9c19b3100fe010496b1a27181fbf72) D:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/19 12:55:18.0281 2680 cpuz132 (097a0a4899b759a4f032bd464963b4be) D:\WINDOWS\System32\drivers\cpuz132_x32.sys
2011/05/19 12:55:18.0328 2680 Disk (00ca44e4534865f8a3b64f7c0984bff0) D:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/19 12:55:18.0359 2680 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) D:\WINDOWS\system32\drivers\dmboot.sys
2011/05/19 12:55:18.0390 2680 dmio (f5e7b358a732d09f4bcf2824b88b9e28) D:\WINDOWS\system32\drivers\dmio.sys
2011/05/19 12:55:18.0406 2680 dmload (e9317282a63ca4d188c0df5e09c6ac5f) D:\WINDOWS\system32\drivers\dmload.sys
2011/05/19 12:55:18.0421 2680 DMusic (a6f881284ac1150e37d9ae47ff601267) D:\WINDOWS\system32\drivers\DMusic.sys
2011/05/19 12:55:18.0453 2680 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) D:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/19 12:55:18.0468 2680 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) D:\WINDOWS\System32\DRIVERS\ENTECH.sys
2011/05/19 12:55:18.0500 2680 Fastfat (3117f595e9615e04f05a54fc15a03b20) D:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/19 12:55:18.0515 2680 Fdc (ced2e8396a8838e59d8fd529c680e02c) D:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/19 12:55:18.0531 2680 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) D:\WINDOWS\system32\drivers\Fips.sys
2011/05/19 12:55:18.0546 2680 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) D:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/19 12:55:18.0578 2680 FltMgr (157754f0df355a9e0a6f54721914f9c6) D:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/19 12:55:18.0578 2680 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/19 12:55:18.0593 2680 Ftdisk (6ac26732762483366c3969c9e4d2259d) D:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/19 12:55:18.0609 2680 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/19 12:55:18.0640 2680 Gpc (c0f1d4a21de5a415df8170616703debf) D:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/19 12:55:18.0687 2680 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) D:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/19 12:55:18.0718 2680 HidUsb (1de6783b918f540149aa69943bdfeba8) D:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/19 12:55:18.0781 2680 HTTP (9f8b0f4276f618964fd118be4289b7cd) D:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/19 12:55:18.0828 2680 i8042prt (5502b58eef7486ee6f93f3f164dcb808) D:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/19 12:55:18.0843 2680 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) D:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/19 12:55:19.0000 2680 IntcAzAudAddService (c464cf7a58c011a70188602b55c64e99) D:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/19 12:55:19.0078 2680 intelppm (279fb78702454dff2bb445f238c048d2) D:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/19 12:55:19.0093 2680 ip6fw (4448006b6bc60e6c027932cfc38d6855) D:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/19 12:55:19.0125 2680 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/19 12:55:19.0140 2680 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) D:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/19 12:55:19.0140 2680 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) D:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/19 12:55:19.0156 2680 IPSec (64537aa5c003a6afeee1df819062d0d1) D:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/19 12:55:19.0171 2680 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) D:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/19 12:55:19.0187 2680 isapnp (e504f706ccb699c2596e9a3da1596e87) D:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/19 12:55:19.0203 2680 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) D:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/19 12:55:19.0250 2680 kmixer (d93cad07c5683db066b0b2d2d3790ead) D:\WINDOWS\system32\drivers\kmixer.sys
2011/05/19 12:55:19.0265 2680 KSecDD (674d3e5a593475915dc6643317192403) D:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/19 12:55:19.0328 2680 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) D:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/19 12:55:19.0343 2680 Modem (6fc6f9d7acc36dca9b914565a3aeda05) D:\WINDOWS\system32\drivers\Modem.sys
2011/05/19 12:55:19.0359 2680 Mouclass (34e1f0031153e491910e12551400192c) D:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/19 12:55:19.0390 2680 mouhid (b1c303e17fb9d46e87a98e4ba6769685) D:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/19 12:55:19.0406 2680 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) D:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/19 12:55:19.0421 2680 MRxDAV (46edcc8f2db2f322c24f48785cb46366) D:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/19 12:55:19.0484 2680 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/19 12:55:19.0500 2680 Msfs (561b3a4333ca2dbdba28b5b956822519) D:\WINDOWS\system32\drivers\Msfs.sys
2011/05/19 12:55:19.0515 2680 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) D:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/19 12:55:19.0531 2680 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) D:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/19 12:55:19.0546 2680 MSPQM (1988a33ff19242576c3d0ef9ce785da7) D:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/19 12:55:19.0578 2680 mssmbios (469541f8bfd2b32659d5d463a6714bce) D:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/19 12:55:19.0593 2680 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) D:\WINDOWS\system32\drivers\Mup.sys
2011/05/19 12:55:19.0609 2680 NDIS (558635d3af1c7546d26067d5d9b6959e) D:\WINDOWS\system32\drivers\NDIS.sys
2011/05/19 12:55:19.0640 2680 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) D:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/19 12:55:19.0656 2680 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) D:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/19 12:55:19.0671 2680 NdisWan (0b90e255a9490166ab368cd55a529893) D:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/19 12:55:19.0671 2680 NDProxy (59fc3fb44d2669bc144fd87826bb571f) D:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/19 12:55:19.0687 2680 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) D:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/19 12:55:19.0703 2680 NetBT (0c80e410cd2f47134407ee7dd19cc86b) D:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/19 12:55:19.0750 2680 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) D:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/19 12:55:19.0750 2680 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) D:\WINDOWS\system32\drivers\Npfs.sys
2011/05/19 12:55:19.0781 2680 Ntfs (b78be402c3f63dd55521f73876951cdd) D:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/19 12:55:19.0828 2680 NuidFltr (cf7e041663119e09d2e118521ada9300) D:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/05/19 12:55:19.0859 2680 Null (73c1e1f395918bc2c6dd67af7591a3ad) D:\WINDOWS\system32\drivers\Null.sys
2011/05/19 12:55:19.0875 2680 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/19 12:55:19.0890 2680 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/19 12:55:19.0921 2680 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) D:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/19 12:55:19.0953 2680 Parport (29744eb4ce659dfe3b4122deb45bc478) D:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/19 12:55:19.0968 2680 PartMgr (3334430c29dc338092f79c38ef7b4cd0) D:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/19 12:55:20.0000 2680 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) D:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/19 12:55:20.0000 2680 PCI (8086d9979234b603ad5bc2f5d890b234) D:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/19 12:55:20.0046 2680 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) D:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/19 12:55:20.0062 2680 Pcmcia (82a087207decec8456fbe8537947d579) D:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/19 12:55:20.0140 2680 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) D:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/19 12:55:20.0171 2680 Processor (0d97d88720a4087ec93af7dbb303b30a) D:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/19 12:55:20.0187 2680 PSched (48671f327553dcf1d27f6197f622a668) D:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/19 12:55:20.0187 2680 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/19 12:55:20.0250 2680 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) D:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/19 12:55:20.0296 2680 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) D:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/19 12:55:20.0312 2680 RasPppoe (7306eeed8895454cbed4669be9f79faa) D:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/19 12:55:20.0312 2680 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) D:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/19 12:55:20.0343 2680 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) D:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/19 12:55:20.0359 2680 RDPCDD (4912d5b403614ce99c28420f75353332) D:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/19 12:55:20.0406 2680 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) D:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/19 12:55:20.0421 2680 redbook (b31b4588e4086d8d84adbf9845c2402b) D:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/19 12:55:20.0453 2680 RFCOMM (99c4b74981a1413f142a3903130088cb) D:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/05/19 12:55:20.0484 2680 RTLE8023xp (79b4fe884c18dd82d5449f6b6026d092) D:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/05/19 12:55:20.0531 2680 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/19 12:55:20.0531 2680 SASKUTIL (61db0d0756a99506207fd724e3692b25) D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/19 12:55:20.0578 2680 Secdrv (d26e26ea516450af9d072635c60387f4) D:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/19 12:55:20.0593 2680 serenum (a2d868aeeff612e70e213c451a70cafb) D:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/19 12:55:20.0609 2680 Serial (cd9404d115a00d249f70a371b46d5a26) D:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/19 12:55:20.0625 2680 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) D:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/19 12:55:20.0687 2680 splitter (8e186b8f23295d1e42c573b82b80d548) D:\WINDOWS\system32\drivers\splitter.sys
2011/05/19 12:55:20.0703 2680 sr (e41b6d037d6cd08461470af04500dc24) D:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/19 12:55:20.0750 2680 Srv (7a4f147cc6b133f905f6e65e2f8669fb) D:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/19 12:55:20.0781 2680 swenum (03c1bae4766e2450219d20b993d6e046) D:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/19 12:55:20.0812 2680 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) D:\WINDOWS\system32\drivers\swmidi.sys
2011/05/19 12:55:20.0875 2680 sysaudio (650ad082d46bac0e64c9c0e0928492fd) D:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/19 12:55:20.0921 2680 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) D:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/19 12:55:20.0953 2680 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) D:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/19 12:55:20.0968 2680 TDTCP (ed0580af02502d00ad8c4c066b156be9) D:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/19 12:55:20.0984 2680 TermDD (a540a99c281d933f3d69d55e48727f47) D:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/19 12:55:21.0031 2680 Udfs (12f70256f140cd7d52c58c7048fde657) D:\WINDOWS\system32\drivers\Udfs.sys
2011/05/19 12:55:21.0046 2680 Update (a6ee444e97477ccf6ee93fa8da3517fe) D:\WINDOWS\system32\DRIVERS\update.sys
2011/05/19 12:55:21.0046 2680 Suspicious file (Forged): D:\WINDOWS\system32\DRIVERS\update.sys. Real md5: a6ee444e97477ccf6ee93fa8da3517fe, Fake md5: aff2e5045961bbc0a602bb6f95eb1345
2011/05/19 12:55:21.0046 2680 Update - detected ForgedFile.Multi.Generic (1)
2011/05/19 12:55:21.0093 2680 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) D:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/19 12:55:21.0125 2680 usbehci (15e993ba2f6946b2bfbbfcd30398621e) D:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/19 12:55:21.0140 2680 usbhub (c72f40947f92cea56a8fb532edf025f1) D:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/19 12:55:21.0187 2680 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) D:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/19 12:55:21.0218 2680 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) D:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/19 12:55:21.0250 2680 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/19 12:55:21.0265 2680 usbuhci (f8fd1400092e23c8f2f31406ef06167b) D:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/19 12:55:21.0296 2680 VgaSave (8a60edd72b4ea5aea8202daf0e427925) D:\WINDOWS\System32\drivers\vga.sys
2011/05/19 12:55:21.0343 2680 VolSnap (ee4660083deba849ff6c485d944b379b) D:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/19 12:55:21.0390 2680 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) D:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/19 12:55:21.0437 2680 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) D:\WINDOWS\system32\DRIVERS\wdcsam.sys
2011/05/19 12:55:21.0500 2680 Wdf01000 (fd47474bd21794508af449d9d91af6e6) D:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/19 12:55:21.0562 2680 wdmaud (2797f33ebf50466020c430ee4f037933) D:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/19 12:55:21.0781 2680 ================================================================================
2011/05/19 12:55:21.0781 2680 Scan finished
2011/05/19 12:55:21.0781 2680 ================================================================================
2011/05/19 12:55:21.0781 2520 Detected object count: 1
2011/05/19 12:55:46.0859 2520 ForgedFile.Multi.Generic(Update) - User select action: Skip

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:49 PM

Posted 19 May 2011 - 12:12 PM

Go to Posted Image > Run..., and copy and paste this command into the open box: c:\windows\system32\drivers\
Click OK.

In the list of files displayed, locate: update.sys

Go to one of the following online services that analyzes suspicious files:In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
-- Post back with the results of the file analysis.

Your Malwarebytes Anti-Malware log indicates you are using an older version (1.46) with with an outdated database. Please download and install the most current version (v1.50.1) from here.
You may have to reboot after updating in order to overwrite any "in use" protection module files.

The database shows 6586. Last I checked it was 6616.

Update the database through the program's interface <- preferable method. Then perform a Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally will prevent Malwarebytes' from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 samaria2

samaria2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 19 May 2011 - 01:14 PM

The update.sys file was checked clean by all scanners. Updated Mbam and here is the Quick Scan log.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6619

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/19/2011 2:08:42 PM
mbam-log-2011-05-19 (14-08-42).txt

Scan type: Quick scan
Objects scanned: 156837
Time elapsed: 7 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:49 PM

Posted 19 May 2011 - 01:21 PM

Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
  • Vista/Windows 7 users need to run Internet Explorer/Firefox as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.[/color][/i]
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 samaria2

samaria2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 19 May 2011 - 05:28 PM

D:\Derek's stuf\random dl\bittorrent\eXeem0.20.exe a variant of Win32/Adware.Softomate.AD application deleted - quarantined
D:\Derek's stuf\random dl\program setups\MagicISO_4.2.0091+CRACK.[www.614uc0.tk].rar a variant of Win32/Tool.TPE.A application deleted - quarantined
D:\Derek's stuf\random dl\program setups\Zealot AVI to VCD SVCD DVD Converter v1.5.7.rar probably a variant of Win32/Agent.IJOGPJS trojan deleted - quarantined
D:\Derek's stuf\random dl\program setups\cd burnin\Roxio Easy Media Creator 7.5\keygen.exe a variant of Win32/Keygen.AQ application cleaned by deleting - quarantined
D:\Derek's stuf\random dl\program setups\download progs\Bittorrent\pcmark2002.exe Win32/Adware.WhenU.SaveNow application deleted - quarantined
D:\Documents and Settings\Derek\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.5.windows.exe Win32/OpenCandy application deleted - quarantined
D:\Documents and Settings\Derek\Application Data\Sun\Java\Deployment\cache\6.0\10\35ace28a-304090f6 probably a variant of Win32/Agent.LMMBFXF trojan cleaned by deleting - quarantined
D:\Documents and Settings\Derek\Application Data\Sun\Java\Deployment\cache\6.0\12\3cc664c-742c0847 Java/TrojanDownloader.OpenStream.NBS trojan cleaned by deleting - quarantined
D:\Documents and Settings\Derek\Application Data\Sun\Java\Deployment\cache\6.0\12\601d500c-54e4a771 multiple threats deleted - quarantined
D:\Documents and Settings\Derek\Application Data\Sun\Java\Deployment\cache\6.0\18\4f46b492-27ba354b multiple threats deleted - quarantined
D:\Documents and Settings\Derek\Application Data\Sun\Java\Deployment\cache\6.0\21\386b5b95-3bc7e46a multiple threats deleted - quarantined
D:\Documents and Settings\Derek\Application Data\Sun\Java\Deployment\cache\6.0\26\3a5b5f9a-200bb858 multiple threats deleted - quarantined
D:\Documents and Settings\Derek\Application Data\Sun\Java\Deployment\cache\6.0\27\212ee35b-45db1a09 multiple threats deleted - quarantined
D:\Documents and Settings\Derek\Application Data\Sun\Java\Deployment\cache\6.0\3\5a72fa43-30631ff5 multiple threats deleted - quarantined
D:\Documents and Settings\Derek\Application Data\Sun\Java\Deployment\cache\6.0\35\290a52e3-4a17afbb multiple threats deleted - quarantined
D:\Documents and Settings\Derek\Application Data\Sun\Java\Deployment\cache\6.0\38\36cabf66-37700db9 multiple threats deleted - quarantined
D:\Documents and Settings\Derek\Application Data\Sun\Java\Deployment\cache\6.0\43\763d04eb-3fd9ec5d multiple threats deleted - quarantined
D:\Documents and Settings\Derek\Application Data\Sun\Java\Deployment\cache\6.0\43\763d04eb-724c8f06 multiple threats deleted - quarantined
D:\Documents and Settings\Derek\Application Data\Sun\Java\Deployment\cache\6.0\49\6e7ed0b1-7bbb517d multiple threats deleted - quarantined
D:\Documents and Settings\Derek\Application Data\Sun\Java\Deployment\cache\6.0\50\2c251572-17db11a8 a variant of OSX/Exploit.Smid.D trojan deleted - quarantined
D:\Documents and Settings\Derek\Application Data\Sun\Java\Deployment\cache\6.0\51\4ef73e33-595bdf28 a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
D:\Documents and Settings\Derek\Application Data\Sun\Java\Deployment\cache\6.0\56\31e857f8-3eaee650 multiple threats deleted - quarantined
D:\Documents and Settings\Derek\Application Data\Sun\Java\Deployment\cache\6.0\56\31e857f8-7dbbe73f multiple threats deleted - quarantined
D:\Documents and Settings\Derek\Application Data\Sun\Java\Deployment\cache\6.0\8\4cafbd48-39465a16 probably a variant of Win32/Agent.LMMBFXF trojan cleaned by deleting - quarantined
D:\Documents and Settings\Derek\Desktop\virus removal\New Folder\Kaspersky PURE 2 v 9.1.0.124(a.B)+ABLPatch v1.1\FILE_004\Bonus\Kaspersky TR v3.2\Kaspersky TR v3.2.rar Win32/HackTool.Kiser.OK trojan deleted - quarantined
D:\Documents and Settings\Derek\Desktop\virus removal\New Folder\Kaspersky PURE 2 v 9.1.0.124(a.B)+ABLPatch v1.1\FILE_004\Bonus\Universal Shield v4.4\FIX\universal.shield.4.4-patch.rar probably a variant of Win32/HackTool.Patcher.A application deleted - quarantined
D:\Documents and Settings\Derek\Local Settings\Temp\D3sg6S+6.exe.part Win32/OpenCandy application deleted - quarantined
D:\old drive stuff\xbox flash\new 1.6\JungleFlasher.0.1.62.Beta.rar a variant of MSIL/TrojanDropper.Agent.EH trojan deleted - quarantined
D:\old drive stuff\xbox flash\new 1.6\JungleFlasher v0.1.62 Beta\PortIO32.exe a variant of MSIL/TrojanDropper.Agent.EH trojan cleaned by deleting - quarantined
D:\old drive stuff\xbox flash\new 1.6\JungleFlasher v0.1.62 Beta\What.NET.exe a variant of MSIL/TrojanDropper.Agent.EH trojan cleaned by deleting - quarantined
D:\WINDOWS\Temp\352355.exe a variant of Win32/Kunhitta.A trojan cleaned by deleting - quarantined
D:\xbox flash\new 1.6\JungleFlasher.0.1.62.Beta.rar a variant of MSIL/TrojanDropper.Agent.EH trojan deleted - quarantined
D:\xbox flash\new 1.6\JungleFlasher v0.1.62 Beta\PortIO32.exe a variant of MSIL/TrojanDropper.Agent.EH trojan cleaned by deleting - quarantined
D:\xbox flash\new 1.6\JungleFlasher v0.1.62 Beta\What.NET.exe a variant of MSIL/TrojanDropper.Agent.EH trojan cleaned by deleting - quarantined

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:49 PM

Posted 19 May 2011 - 06:15 PM

How is your computer running now? Are there any more signs of infection?...strange audio ads, unwanted pop-ups, security alerts, or browser redirects?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 samaria2

samaria2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 19 May 2011 - 07:06 PM

Nothing like that. Everything is fine with the exception of the hijacked search engines. Google, Yahoo, Bing, etc. are still redirecting every single search hit to other garbage websites.

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:49 PM

Posted 19 May 2011 - 09:37 PM

Open Notepad or just go to Start > Run and in the open box, type: Notepad
Press Ok.
  • Copy and paste everything in the code box below into the Untitled Notepad.
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
  • Go to "File > Save As", click the drop-down box to change the "Save As Type" to "All Files" and save it as "flush.bat" on your desktop.
  • Double-click flush.bat to run the script.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • A black CMD window will open and close quickly, this is normal.

Edited by quietman7, 19 May 2011 - 09:39 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 samaria2

samaria2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 19 May 2011 - 11:12 PM

When I run it I get an error message that says: "The procedure entry point MigrateWinsockConfiguration could not be located in the dynamic link library MSWSOCK.dll."

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:49 PM

Posted 20 May 2011 - 05:21 AM

Reset the IP address:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Click OK or press Enter. A dos Window will appear.
  • At the command prompt C:\>_, type: ipconfig /release
  • Press Enter.
  • When the prompt comes back, type: ipconfig /renew
  • Press Enter.
  • Close the command box and and see if that fixes the connection. No reboot needed.
-- XP users can refer to XP ipconfig Tutorial: Step 4
-- Vista users can refer to Vista ipconfig Tutorial: Step 4


Flush the DNS resolver cache:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Click OK or press Enter. A dos Window will appear.
  • At the command prompt C:\>_, type: ipconfig /flushdns
  • Press Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:49 PM

Posted 20 May 2011 - 06:17 AM

Some infections will alter the Proxy settings in Internet Explorer which can affect your ability to browse, update or download tools required for disinfection. Check/Reset Proxy Server Settings. To do that, please refer to Steps 4-7 under the section Automated Removal Instructions for System Tool using Malwarebytes' Anti-Malware in this guide.

Alternatively, you can press the WINKEY + R keys on your keyboard or click Posted Image > Run..., and in the Open dialog box, type: inetcpl.cpl
Click OK or press Enter. Click the Connections tab and continue following the instructions in the above guide.

If using FireFox, refer to these instructions to check and configure Proxy Settings under the Connection Settings Dialog.


Check/reset your network settings and Configure TCP/IP to use DNS.
  • Go to Posted Image > Control Panel, and choose Network Connections.
  • Right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
  • Double-click on Internet Protocol (TCP/IP) or highlight it and select Properties.
  • Under the General tab, write down any settings in case you should need to change them back.
  • Select the button that says "Obtain an IP address automatically" or make sure the DNS server IP address is the same as provided by your ISP.
  • Select the button that says "Obtain DNS servers automatically".
  • If unknown Preferred or Alternate DNS servers are listed, uncheck the box that says "Use the following DNS server address".
  • Click OK twice to get out of the properties screen and restart your computer. If not prompted to reboot go ahead and reboot manually.
-- Vista users can refer to How to Change TCP/IP settings.
-- Windows 7 users can refer to How to Change TCP/IP settings.

CAUTION: It's possible that your ISP (Internet Service Provider) requires specific DNS settings here. Make sure you know if you need these settings or not BEFORE you make any changes or you may lose your Internet connection. If you're sure you do not need a specific DNS address, then you may proceed.


If using a router, disconnect from the Internet and reset your router with a strong logon/password. Many users seldom change the default username/password on the router and are prone to some types of infection. If you're not sure how to do this, refer to the owner's manual for your particular router model. If you do not have a manual, look for one on the vendor's web site which you can download and keep for future reference.

Consult these links to find out the default username and password for your router and write down that information so it is available when doing the reset:These are generic instructions for how to reset a router,:
  • Unplug or turn off your DSL/cable modem.
  • Locate the router's reset button.
  • Press, and hold, the Reset button down for 30 seconds.
  • Wait for the Power, WLAN and Internet light to turn on (On the router).
  • Plug in or turn on your modem (if it is separate from the router).
  • Open your web browser to see if you have an Internet connection.
  • If you don't have an Internet connection you may need to restart your computer.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 samaria2

samaria2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 20 May 2011 - 01:06 PM

I am using firefox and my settings were already the way they should be. The network settings were already checked properly as well.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users