Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect (Google is redirecting, but...)


  • Please log in to reply
4 replies to this topic

#1 GaleRazorwind

GaleRazorwind

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 18 June 2011 - 06:55 PM

Hi, I recently suffered an attack from the Vista Recovery malware program, which I seem to have fixed thanks to the advice on this site. However, it appears that I also have a RootKit infection, as evidenced by Google links redirecting to advertisements. However, while following this tutorial (http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller), I found that TDSSKiller doesn't see anything after pressing Scan, even though I am still getting the redirects.

Any help you can give would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:39 AM

Posted 18 June 2011 - 08:59 PM

Hello,I moved you here to Am I Infected for now as you need to post different logs there to get a reply.

I found that TDSSKiller doesn't see anything after pressing Scan,

Do you mean the TDSS scan found no infection?

Are you on a router?
Are there other machines on it too and are they redirecting?

Please follow our Removal Guide here Remove Windows Vista Recovery . You will run TDSS again.
After reading how the malware is misleading you ...
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.

A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.


The MBAM log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 GaleRazorwind

GaleRazorwind
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 18 June 2011 - 10:16 PM

The TDSS scan found no infection.

I am on a router, although I believe the affected PC is the only one with a wired connection, all others are wireless (for whatever that's worth). I've been using my laptop, which is hooked up wirelessly, with zero problems at all. I'm back on my desktop (the infected computer) now.

I already completed the process listed in the link you posted to remove Windows Vista Recovery, and it has been successfully removed, as far as I can tell.

Here is the log file from the TDSSKiller:

2011/06/18 22:03:11.0212 6064 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/18 22:03:11.0976 6064 ================================================================================
2011/06/18 22:03:11.0976 6064 SystemInfo:
2011/06/18 22:03:11.0976 6064
2011/06/18 22:03:11.0976 6064 OS Version: 6.0.6000 ServicePack: 0.0
2011/06/18 22:03:11.0976 6064 Product type: Workstation
2011/06/18 22:03:11.0976 6064 ComputerName: DANIEL-PC
2011/06/18 22:03:11.0976 6064 UserName: Daniel
2011/06/18 22:03:11.0976 6064 Windows directory: C:\Windows
2011/06/18 22:03:11.0976 6064 System windows directory: C:\Windows
2011/06/18 22:03:11.0976 6064 Processor architecture: Intel x86
2011/06/18 22:03:11.0976 6064 Number of processors: 4
2011/06/18 22:03:11.0976 6064 Page size: 0x1000
2011/06/18 22:03:11.0976 6064 Boot type: Normal boot
2011/06/18 22:03:11.0976 6064 ================================================================================
2011/06/18 22:03:12.0647 6064 Initialize success
2011/06/18 22:03:15.0330 3100 ================================================================================
2011/06/18 22:03:15.0330 3100 Scan started
2011/06/18 22:03:15.0330 3100 Mode: Manual;
2011/06/18 22:03:15.0330 3100 ================================================================================
2011/06/18 22:03:16.0017 3100 61883 (45ef15ee13010fd53ed870fd240fa929) C:\Windows\system32\DRIVERS\61883.sys
2011/06/18 22:03:16.0126 3100 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/06/18 22:03:16.0313 3100 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/18 22:03:16.0454 3100 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/18 22:03:16.0516 3100 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/18 22:03:16.0719 3100 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/18 22:03:16.0812 3100 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/06/18 22:03:16.0953 3100 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/18 22:03:17.0000 3100 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/18 22:03:17.0031 3100 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/18 22:03:17.0140 3100 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/18 22:03:17.0171 3100 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/18 22:03:17.0249 3100 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/18 22:03:17.0327 3100 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/18 22:03:17.0452 3100 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/18 22:03:17.0561 3100 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/18 22:03:17.0717 3100 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/18 22:03:17.0795 3100 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2011/06/18 22:03:17.0873 3100 Avc (18c8269be7f0f65a2efc5b408d4a17df) C:\Windows\system32\DRIVERS\avc.sys
2011/06/18 22:03:18.0216 3100 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/06/18 22:03:18.0591 3100 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/18 22:03:18.0638 3100 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/18 22:03:18.0731 3100 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/18 22:03:18.0762 3100 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/18 22:03:18.0809 3100 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/18 22:03:18.0840 3100 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/18 22:03:18.0856 3100 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/18 22:03:19.0043 3100 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/18 22:03:19.0074 3100 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/18 22:03:19.0090 3100 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/18 22:03:19.0121 3100 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/18 22:03:19.0199 3100 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/06/18 22:03:19.0262 3100 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/18 22:03:19.0277 3100 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/06/18 22:03:19.0340 3100 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/18 22:03:19.0371 3100 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/18 22:03:19.0464 3100 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/06/18 22:03:19.0683 3100 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/06/18 22:03:19.0839 3100 Dot4 (57b2d433a08b95e4f1b53a919937f3e5) C:\Windows\system32\DRIVERS\Dot4.sys
2011/06/18 22:03:19.0870 3100 Dot4Print (d93fa484bb62fbe7e5ef335c5415d3cf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/06/18 22:03:20.0026 3100 dot4usb (599742c4260fb3e8edb3be148b8ce856) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/06/18 22:03:20.0369 3100 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/06/18 22:03:20.0900 3100 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/18 22:03:21.0009 3100 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/18 22:03:21.0102 3100 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/06/18 22:03:21.0742 3100 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/18 22:03:21.0867 3100 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/06/18 22:03:21.0945 3100 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/18 22:03:22.0116 3100 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/06/18 22:03:22.0163 3100 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/06/18 22:03:22.0241 3100 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/18 22:03:22.0257 3100 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/06/18 22:03:22.0491 3100 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/18 22:03:23.0084 3100 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/18 22:03:23.0286 3100 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/06/18 22:03:23.0520 3100 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/18 22:03:23.0552 3100 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/18 22:03:23.0567 3100 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/18 22:03:23.0661 3100 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/18 22:03:23.0708 3100 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/18 22:03:23.0848 3100 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/18 22:03:24.0129 3100 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
2011/06/18 22:03:24.0254 3100 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/06/18 22:03:24.0300 3100 HTTP (f31d27ccf514549a17e79bebe01b40b6) C:\Windows\system32\drivers\HTTP.sys
2011/06/18 22:03:24.0394 3100 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/18 22:03:24.0503 3100 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/18 22:03:24.0566 3100 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/18 22:03:24.0706 3100 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/18 22:03:24.0846 3100 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/06/18 22:03:24.0924 3100 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/18 22:03:25.0205 3100 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/18 22:03:25.0439 3100 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/18 22:03:25.0595 3100 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/18 22:03:25.0658 3100 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/06/18 22:03:25.0704 3100 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/18 22:03:25.0782 3100 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/18 22:03:25.0876 3100 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/18 22:03:25.0938 3100 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/18 22:03:26.0001 3100 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/18 22:03:26.0110 3100 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/18 22:03:26.0157 3100 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/18 22:03:26.0297 3100 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/18 22:03:26.0344 3100 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/18 22:03:26.0375 3100 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/18 22:03:26.0500 3100 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/18 22:03:26.0531 3100 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/06/18 22:03:26.0656 3100 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\Windows\system32\DRIVERS\MarvinBus.sys
2011/06/18 22:03:26.0906 3100 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/18 22:03:26.0952 3100 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/18 22:03:27.0062 3100 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/06/18 22:03:27.0108 3100 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/18 22:03:27.0233 3100 motccgp (7b8d7bb9ae3ae9cd133bbc5aa91dd3cc) C:\Windows\system32\DRIVERS\motccgp.sys
2011/06/18 22:03:27.0296 3100 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys
2011/06/18 22:03:27.0389 3100 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys
2011/06/18 22:03:27.0436 3100 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/18 22:03:27.0530 3100 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/18 22:03:27.0561 3100 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/06/18 22:03:27.0920 3100 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/18 22:03:27.0951 3100 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/18 22:03:28.0076 3100 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/18 22:03:28.0185 3100 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/06/18 22:03:28.0216 3100 mrxsmb (529b64f9735d27fef1b8ea1678f8c79e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/18 22:03:28.0325 3100 mrxsmb10 (2bbd3970018270d2c6a0b069f568154e) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/18 22:03:28.0341 3100 mrxsmb20 (30a67c7d8b80281028916ded6a64aec9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/18 22:03:28.0388 3100 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/06/18 22:03:28.0481 3100 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/18 22:03:28.0544 3100 MSDV (810b16faa4673e09ce0f6a1ee9ed96ee) C:\Windows\system32\DRIVERS\msdv.sys
2011/06/18 22:03:28.0606 3100 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/06/18 22:03:28.0684 3100 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/06/18 22:03:28.0746 3100 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/18 22:03:29.0058 3100 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/18 22:03:29.0152 3100 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/06/18 22:03:29.0168 3100 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/06/18 22:03:29.0199 3100 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/18 22:03:29.0324 3100 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/06/18 22:03:29.0464 3100 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/06/18 22:03:29.0558 3100 MusCAudio (fa11bef5d56168a3f4017ad41b74602e) C:\Windows\system32\drivers\MusCAudio.sys
2011/06/18 22:03:29.0589 3100 MusCVideo (2b5b846841eee00395d97b78d987c976) C:\Windows\system32\DRIVERS\MusCVideo.sys
2011/06/18 22:03:29.0714 3100 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/18 22:03:29.0807 3100 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/06/18 22:03:29.0885 3100 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/18 22:03:30.0182 3100 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/18 22:03:30.0260 3100 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/18 22:03:30.0306 3100 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/06/18 22:03:30.0369 3100 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/18 22:03:30.0431 3100 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/18 22:03:30.0525 3100 netr73 (757f999aa72b55780ee810d4cd1bdd47) C:\Windows\system32\DRIVERS\WUSB54GCx86.sys
2011/06/18 22:03:30.0618 3100 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/18 22:03:30.0696 3100 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/06/18 22:03:30.0759 3100 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/18 22:03:30.0884 3100 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/06/18 22:03:31.0164 3100 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/18 22:03:31.0211 3100 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/06/18 22:03:31.0320 3100 NVENETFD (b896fb556b4dc1e1d2943559ea79c5c5) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/06/18 22:03:31.0695 3100 nvlddmkm (11f99482daffedf622a4a3f4b0c81487) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/18 22:03:31.0866 3100 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/18 22:03:31.0882 3100 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/18 22:03:31.0929 3100 nvstor32 (63b7838e9c272baaa7b33a0ca4ebb748) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/06/18 22:03:32.0163 3100 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/18 22:03:32.0241 3100 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/18 22:03:32.0381 3100 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/18 22:03:32.0397 3100 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/06/18 22:03:32.0444 3100 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/18 22:03:32.0631 3100 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/06/18 22:03:32.0662 3100 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
2011/06/18 22:03:32.0693 3100 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/18 22:03:32.0802 3100 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\Windows\system32\Drivers\PdiPorts.sys
2011/06/18 22:03:33.0224 3100 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/18 22:03:33.0411 3100 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/18 22:03:33.0458 3100 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\DRIVERS\processr.sys
2011/06/18 22:03:33.0551 3100 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
2011/06/18 22:03:33.0598 3100 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/18 22:03:33.0645 3100 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/18 22:03:34.0050 3100 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/18 22:03:34.0160 3100 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/18 22:03:34.0191 3100 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/18 22:03:34.0222 3100 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/18 22:03:34.0331 3100 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/18 22:03:34.0362 3100 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/18 22:03:34.0425 3100 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/18 22:03:34.0487 3100 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/18 22:03:34.0565 3100 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/18 22:03:34.0612 3100 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/18 22:03:34.0643 3100 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/06/18 22:03:34.0830 3100 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/06/18 22:03:34.0955 3100 ROOTMODEM (d49d61312b273de069584d48c81c8b1d) C:\Windows\system32\Drivers\RootMdm.sys
2011/06/18 22:03:35.0064 3100 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/18 22:03:35.0096 3100 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/18 22:03:35.0220 3100 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/18 22:03:35.0267 3100 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/18 22:03:35.0470 3100 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/18 22:03:35.0517 3100 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/06/18 22:03:35.0579 3100 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/06/18 22:03:35.0673 3100 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/18 22:03:35.0704 3100 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/18 22:03:35.0766 3100 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/18 22:03:35.0891 3100 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/18 22:03:35.0938 3100 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/18 22:03:36.0047 3100 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/18 22:03:36.0094 3100 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/06/18 22:03:36.0203 3100 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/06/18 22:03:36.0328 3100 srv (c962e98179e54b769028c025c7e470a5) C:\Windows\system32\DRIVERS\srv.sys
2011/06/18 22:03:36.0422 3100 srv2 (e8c4d5bca3c7b5c2a040052aa467b5bf) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/18 22:03:36.0453 3100 srvnet (cd11a0767e82dd8b1a3a26d305dbec0f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/18 22:03:36.0578 3100 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/18 22:03:36.0702 3100 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/18 22:03:36.0843 3100 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/18 22:03:36.0952 3100 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/18 22:03:37.0077 3100 Tcpip (300208927321066ea53761fdc98747c6) C:\Windows\system32\drivers\tcpip.sys
2011/06/18 22:03:37.0124 3100 Tcpip6 (300208927321066ea53761fdc98747c6) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/18 22:03:37.0358 3100 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/18 22:03:37.0482 3100 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/06/18 22:03:37.0919 3100 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/06/18 22:03:38.0044 3100 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/18 22:03:38.0060 3100 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/18 22:03:38.0122 3100 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/18 22:03:38.0231 3100 tunmp (a858917785681743c512950fdfa14db7) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/18 22:03:38.0262 3100 tunnel (29f1d1d888ee61d20d5662e72aa34129) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/18 22:03:38.0309 3100 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/18 22:03:38.0418 3100 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/18 22:03:38.0465 3100 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/18 22:03:38.0528 3100 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/18 22:03:38.0668 3100 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/18 22:03:38.0699 3100 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/18 22:03:38.0777 3100 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/18 22:03:38.0871 3100 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/18 22:03:39.0011 3100 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
2011/06/18 22:03:39.0089 3100 usbccgp (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/18 22:03:39.0183 3100 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/18 22:03:39.0292 3100 usbehci (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/18 22:03:39.0386 3100 usbhub (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/18 22:03:39.0401 3100 usbohci (51dc36722172d45f2f935ce5cc18a812) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/18 22:03:39.0448 3100 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/18 22:03:39.0573 3100 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/18 22:03:39.0588 3100 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/18 22:03:39.0651 3100 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/18 22:03:39.0744 3100 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/18 22:03:39.0776 3100 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/06/18 22:03:39.0822 3100 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/18 22:03:39.0900 3100 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/18 22:03:39.0932 3100 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/06/18 22:03:39.0994 3100 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/06/18 22:03:40.0119 3100 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/06/18 22:03:40.0353 3100 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/06/18 22:03:40.0400 3100 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/18 22:03:40.0509 3100 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/18 22:03:40.0540 3100 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/18 22:03:40.0571 3100 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/18 22:03:40.0634 3100 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/18 22:03:40.0774 3100 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/18 22:03:41.0024 3100 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/18 22:03:41.0460 3100 WinUsb (086d2e78eecd6195667282adc6ca109f) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/06/18 22:03:41.0616 3100 WmBEnum (84a90f13eebf4380345ef9474d30f10e) C:\Windows\system32\drivers\WmBEnum.sys
2011/06/18 22:03:41.0741 3100 WmFilter (eb0034ac02a44dc784a3174d2b81e764) C:\Windows\system32\drivers\WmFilter.sys
2011/06/18 22:03:42.0116 3100 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/18 22:03:42.0240 3100 WmXlCore (eacdcced934a185e61ce0684f71c2dec) C:\Windows\system32\drivers\WmXlCore.sys
2011/06/18 22:03:42.0350 3100 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/18 22:03:42.0428 3100 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/18 22:03:42.0506 3100 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/18 22:03:42.0599 3100 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/06/18 22:03:42.0646 3100 xcbdaNtsc (da57c74aaeabd6f97f404151069be42e) C:\Windows\system32\DRIVERS\xcbda.sys
2011/06/18 22:03:42.0755 3100 MBR (0x1B8) (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
2011/06/18 22:03:43.0145 3100 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
2011/06/18 22:03:43.0176 3100 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk7\DR8
2011/06/18 22:03:43.0176 3100 ================================================================================
2011/06/18 22:03:43.0176 3100 Scan finished
2011/06/18 22:03:43.0176 3100 ================================================================================
2011/06/18 22:03:43.0301 5344 Detected object count: 0
2011/06/18 22:03:43.0301 5344 Actual detected object count: 0
2011/06/18 22:03:55.0407 6040 Deinitialize success

And here is the latest MBAM log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6885

Windows 6.0.6000
Internet Explorer 7.0.6000.16890

6/18/2011 5:49:15 PM
mbam-log-2011-06-18 (17-49-15).txt

Scan type: Quick scan
Objects scanned: 205176
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\config\systemprofile\AppData\Roaming\02000000125968731270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\02000000125968731270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\02000000125968731270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\02000000125968731270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\02000000125968731270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\02000000125968731270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\02000000125968731270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\02000000125968731270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.


After running the Unhide.exe program, I now have most of my icons back, though the Start menu is completely empty of quick links (still has all of the normal links like Documents and My Computer). Overall, my computer is running quite well, all things considered. It seems like the only other issue to tackle for the moment is the redirects.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:39 AM

Posted 19 June 2011 - 12:23 PM

If you are still redirecting...
Your router is hijacked by trojan DNS-hijacker.

Download and update MBAM (below) Do not run yet.

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you donít know the router's default password, you can look it up HERE.
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.


As there are other infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site HERE for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,542 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:39 AM

Posted 20 June 2011 - 04:04 PM

Also delete unhide.exe and redownload http://download.bleepingcomputer.com/grinler/unhide.exe and run it again. This should enable your quick links in the start menu.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users