Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirects


  • Please log in to reply
11 replies to this topic

#1 cybrphantom

cybrphantom

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 09 September 2011 - 09:12 PM

just started getting redirects earlier this week...here are some logs of the scans i did

-SECURITY CHECK
Results of screen317's Security Check version 0.99.7
(UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 20
Out of date Java installed!
Adobe Flash Player 10.2.153.1
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````

-MINI TOOLBOX
MiniToolBox by Farbar
Ran by Cyber (administrator) on 09-09-2011 at 21:32:38
Windows Seven Black Edition (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


95.64.61.141 www.google.com
95.64.61.142 www.bing.com


========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="Local Area Connection" address=192.168.137.1


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Cyber-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Mixed
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #3
Physical Address. . . . . . . . . : 00-08-54-9B-92-47
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
Physical Address. . . . . . . . . : 00-08-54-9B-92-47
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::25ad:23:5264:c638%24(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, September 09, 2011 11:47:18 AM
Lease Expires . . . . . . . . . . : Saturday, September 10, 2011 8:56:33 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 402655316
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-80-A5-78-00-26-2D-28-A4-F7
DNS Servers . . . . . . . . . . . : 167.206.251.130
167.206.251.129
167.206.251.130
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-26-2D-28-A4-F7
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::64a4:218b:ba66:c2e%11(Deprecated)
Autoconfiguration IPv4 Address. . : 169.254.12.46(Tentative)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IPv4 Address. . . . . . . . . . . : 192.168.137.1(Tentative)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{1C368BD4-6558-4113-A226-1C7933CC685F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3437:1229:ba83:f632(Preferred)
Link-local IPv6 Address . . . . . : fe80::3437:1229:ba83:f632%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: vdns2.srv.whplny.cv.net
Address: 167.206.251.130

Name: google.com
Addresses: 74.125.113.103
74.125.113.104
74.125.113.147
74.125.113.105
74.125.113.99
74.125.113.106


Pinging google.com [74.125.113.105] with 32 bytes of data:
Reply from 74.125.113.105: bytes=32 time=28ms TTL=51
Reply from 74.125.113.105: bytes=32 time=38ms TTL=51

Ping statistics for 74.125.113.105:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 28ms, Maximum = 38ms, Average = 33ms
Server: vdns2.srv.whplny.cv.net
Address: 167.206.251.130

Name: yahoo.com
Addresses: 69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76


Pinging yahoo.com [69.147.125.65] with 32 bytes of data:
Reply from 69.147.125.65: bytes=32 time=23ms TTL=54
Reply from 69.147.125.65: bytes=32 time=20ms TTL=54

Ping statistics for 69.147.125.65:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 20ms, Maximum = 23ms, Average = 21ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
25...00 08 54 9b 92 47 ......Microsoft Virtual WiFi Miniport Adapter #3
24...00 08 54 9b 92 47 ......Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
11...00 26 2d 28 a4 f7 ......NVIDIA nForce Networking Controller
1...........................Software Loopback Interface 1
28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.101 286
192.168.1.101 255.255.255.255 On-link 192.168.1.101 286
192.168.1.255 255.255.255.255 On-link 192.168.1.101 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.101 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.101 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:3437:1229:ba83:f632/128
On-link
24 286 fe80::/64 On-link
13 306 fe80::/64 On-link
24 286 fe80::25ad:23:5264:c638/128
On-link
13 306 fe80::3437:1229:ba83:f632/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
24 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/09/2011 01:23:23 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (09/09/2011 01:00:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: Flash10e.ocx, version: 10.0.45.2, time stamp: 0x4b5f8faa
Exception code: 0xc0000005
Fault offset: 0x001408e5
Faulting process id: 0x15e4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/09/2011 11:47:18 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (09/09/2011 06:38:19 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (09/08/2011 11:54:21 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (09/08/2011 06:41:50 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (09/07/2011 11:13:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6147094

Error: (09/07/2011 11:13:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6147094

Error: (09/07/2011 11:13:24 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/07/2011 11:13:19 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6142289


System errors:
=============
Error: (09/09/2011 11:47:53 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (09/07/2011 07:24:16 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (09/06/2011 06:21:47 AM) (Source: ipnathlp) (User: )
Description: 0

Error: (09/05/2011 08:36:53 PM) (Source: ipnathlp) (User: )
Description: 0

Error: (09/05/2011 00:10:49 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/05/2011 00:10:49 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/05/2011 00:10:49 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/05/2011 00:10:49 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/05/2011 00:10:49 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (09/05/2011 00:10:49 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

µTorrent (Version: 2.0.2)
7-Zip 4.65
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 10 Plugin (Version: 10.2.153.1)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Adobe SVG Viewer 3.0 (Version: 3.0)
AIM 7
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.2.120)
AVG 2011 (Version: 10.0.1392)
AVG 2011 (Version: 10.0.1520)
Bonjour (Version: 2.0.4.0)
CCleaner (Version: 3.01)
DivX Setup (Version: 2.5.0.8)
Download Updater (AOL LLC)
Foxit Reader (Version: 4.3.0.1110)
ImgBurn (Version: 2.4.1.0)
iTunes (Version: 10.1.1.4)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 20 (Version: 6.0.200)
Java™ 6 Update 21 (64-bit) (Version: 6.0.210)
Java™ SE Development Kit 6 Update 14 (64-bit) (Version: 1.6.0.140)
Java™ SE Development Kit 6 Update 21 (64-bit) (Version: 1.6.0.210)
K-Lite Codec Pack 6.4.0 (Full) (Version: 6.4.0)
LG Android Driver (Version: 1.0)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 4.0.60129.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Mozilla Firefox 6.0.2 (x86 en-US) (Version: 6.0.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA ForceWare Network Access Manager (Version: 1.00.7316)
PVSonyDll (Version: 1.00.0001)
QuickTime (Version: 7.69.80.9)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30117)
SD Formatter (Version: 2.9.5)
SDFormatter
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.0.1118)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Windows Mobile Device Center (Version: 6.1.6965.0)
WinRAR archiver
WinZip 14.5 (Version: 14.5.9095)
Yahoo! Messenger
Yahoo! Software Update

========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 3838.55 MB
Available physical RAM: 1676.54 MB
Total Pagefile: 7675.25 MB
Available Pagefile: 5373.22 MB
Total Virtual: 4095.88 MB
Available Virtual: 3985.17 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:684.87 GB) (Free:498.66 GB) NTFS
2 Drive d: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

========================= Users: ========================================

User accounts for \\CYBER-PC

Administrator Cyber Guest


**** End of log ****


-MALWAREBYTES
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7688

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/9/2011 9:39:24 PM
mbam-log-2011-09-09 (21-39-24).txt

Scan type: Quick scan
Objects scanned: 178812
Time elapsed: 4 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

-GMER
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-09 22:05:10
Windows 6.1.7600
Running: gnvb18nf.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB6 0x59 0x30 0x60 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x70 0x5E 0xE5 0x62 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA9 0x43 0xF0 0xE3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB6 0x59 0x30 0x60 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x70 0x5E 0xE5 0x62 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA9 0x43 0xF0 0xE3 ...

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:09 AM

Posted 09 September 2011 - 09:40 PM

Hello and welcome.

This is WIN7 / 64 bit?
Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.9.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the [COLOR=blue]SUPERAntiSpyware Portable Scanner
instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 cybrphantom

cybrphantom
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 09 September 2011 - 09:49 PM

Yes I am using win 7 64bit and I also use firefox as my browser..and occasionally ie for wen I need.to log on for work...I am connected wirelessly to the internet but I'm not sure what u mean by redirecting...thank you.for.your quick response and I will post the results as soon as I can.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:09 AM

Posted 09 September 2011 - 10:28 PM

As in "google redirects" you click on site and it jumps to another.

I may be off when you nexy post but will check bsck as soon as possible.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 cybrphantom

cybrphantom
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 09 September 2011 - 11:44 PM

2011/09/09 23:47:46.0848 5220 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34
2011/09/09 23:47:47.0112 5220 ================================================================================
2011/09/09 23:47:47.0112 5220 SystemInfo:
2011/09/09 23:47:47.0112 5220
2011/09/09 23:47:47.0112 5220 OS Version: 6.1.7600 ServicePack: 0.0
2011/09/09 23:47:47.0112 5220 Product type: Workstation
2011/09/09 23:47:47.0112 5220 ComputerName: CYBER-PC
2011/09/09 23:47:47.0112 5220 UserName: Cyber
2011/09/09 23:47:47.0112 5220 Windows directory: C:\Windows
2011/09/09 23:47:47.0112 5220 System windows directory: C:\Windows
2011/09/09 23:47:47.0112 5220 Running under WOW64
2011/09/09 23:47:47.0112 5220 Processor architecture: Intel x64
2011/09/09 23:47:47.0112 5220 Number of processors: 2
2011/09/09 23:47:47.0112 5220 Page size: 0x1000
2011/09/09 23:47:47.0112 5220 Boot type: Normal boot
2011/09/09 23:47:47.0112 5220 ================================================================================
2011/09/09 23:47:48.0165 5220 Initialize success
2011/09/09 23:47:58.0946 5364 ================================================================================
2011/09/09 23:47:58.0946 5364 Scan started
2011/09/09 23:47:58.0946 5364 Mode: Manual;
2011/09/09 23:47:58.0946 5364 ================================================================================
2011/09/09 23:48:02.0301 5364 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/09/09 23:48:02.0332 5364 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/09/09 23:48:02.0360 5364 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/09/09 23:48:02.0394 5364 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/09 23:48:02.0424 5364 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/09 23:48:02.0453 5364 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/09 23:48:02.0494 5364 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/09/09 23:48:02.0524 5364 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/09/09 23:48:02.0553 5364 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/09/09 23:48:02.0571 5364 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/09/09 23:48:02.0601 5364 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/09 23:48:02.0640 5364 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/09 23:48:02.0709 5364 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/09/09 23:48:02.0755 5364 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/09 23:48:02.0785 5364 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/09/09 23:48:02.0837 5364 Andbus (bc3e934af147211cb5d61ac257371e4a) C:\Windows\system32\DRIVERS\lgandbus64.sys
2011/09/09 23:48:02.0924 5364 AndDiag (aed499431a45810d28beca2f7cfd2635) C:\Windows\system32\DRIVERS\lganddiag64.sys
2011/09/09 23:48:02.0973 5364 AndGps (c2c42287f8e8f54081b46d22a413e8d3) C:\Windows\system32\DRIVERS\lgandgps64.sys
2011/09/09 23:48:02.0998 5364 ANDModem (75befd9d99fd08ca2d697d878ef4f23d) C:\Windows\system32\DRIVERS\lgandmodem64.sys
2011/09/09 23:48:03.0114 5364 androidusb (9c1751b2e733471ae07561028b7d2a9b) C:\Windows\system32\Drivers\lgandadb.sys
2011/09/09 23:48:03.0166 5364 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/09/09 23:48:03.0231 5364 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/09/09 23:48:03.0256 5364 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/09 23:48:03.0277 5364 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/09 23:48:03.0308 5364 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/09/09 23:48:03.0410 5364 AVGIDSDriver (eee718457f24f2154f23a7fad1a0cea3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/09 23:48:03.0466 5364 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/09/09 23:48:03.0503 5364 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/09 23:48:03.0541 5364 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
2011/09/09 23:48:03.0572 5364 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
2011/09/09 23:48:03.0632 5364 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
2011/09/09 23:48:03.0679 5364 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
2011/09/09 23:48:03.0733 5364 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/09/09 23:48:03.0763 5364 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/09/09 23:48:03.0797 5364 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/09/09 23:48:03.0835 5364 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/09 23:48:03.0867 5364 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/09 23:48:03.0889 5364 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/09 23:48:03.0914 5364 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/09 23:48:03.0936 5364 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/09/09 23:48:03.0959 5364 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/09 23:48:03.0980 5364 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/09 23:48:03.0997 5364 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/09 23:48:04.0080 5364 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
2011/09/09 23:48:04.0109 5364 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/09 23:48:04.0144 5364 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/09 23:48:04.0182 5364 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/09 23:48:04.0202 5364 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/09 23:48:04.0240 5364 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/09/09 23:48:04.0275 5364 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/09 23:48:04.0308 5364 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/09/09 23:48:04.0343 5364 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/09/09 23:48:04.0367 5364 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/09 23:48:04.0391 5364 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/09/09 23:48:04.0411 5364 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/09 23:48:04.0464 5364 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/09/09 23:48:04.0533 5364 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/09/09 23:48:04.0568 5364 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/09/09 23:48:04.0608 5364 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/09/09 23:48:04.0658 5364 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/09/09 23:48:04.0705 5364 DroidCam (74b076c74c687fa3663131356d41f688) C:\Windows\system32\drivers\droidcam.sys
2011/09/09 23:48:04.0784 5364 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/09 23:48:04.0928 5364 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/09/09 23:48:05.0129 5364 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/09 23:48:05.0230 5364 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/09/09 23:48:05.0342 5364 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/09/09 23:48:05.0386 5364 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/09/09 23:48:05.0430 5364 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/09 23:48:05.0477 5364 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/09/09 23:48:05.0513 5364 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/09/09 23:48:05.0554 5364 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/09 23:48:05.0588 5364 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/09/09 23:48:05.0725 5364 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/09/09 23:48:05.0746 5364 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/09 23:48:05.0814 5364 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/09 23:48:05.0860 5364 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/09 23:48:05.0910 5364 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/09 23:48:06.0018 5364 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/09 23:48:06.0117 5364 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/09/09 23:48:06.0143 5364 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/09 23:48:06.0179 5364 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/09 23:48:06.0232 5364 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/09 23:48:06.0252 5364 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/09 23:48:06.0348 5364 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/09 23:48:06.0421 5364 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/09/09 23:48:06.0483 5364 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/09/09 23:48:06.0553 5364 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/09 23:48:06.0593 5364 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/09 23:48:06.0656 5364 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/09/09 23:48:06.0694 5364 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/09 23:48:06.0730 5364 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/09/09 23:48:06.0778 5364 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/09 23:48:06.0813 5364 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/09 23:48:06.0835 5364 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/09/09 23:48:06.0892 5364 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/09/09 23:48:06.0972 5364 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/09/09 23:48:06.0998 5364 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/09/09 23:48:07.0045 5364 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/09 23:48:07.0131 5364 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/09 23:48:07.0162 5364 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/09 23:48:07.0192 5364 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/09 23:48:07.0254 5364 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/09 23:48:07.0295 5364 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/09/09 23:48:07.0525 5364 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/09 23:48:07.0580 5364 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/09 23:48:07.0602 5364 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/09 23:48:07.0672 5364 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/09 23:48:07.0692 5364 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/09 23:48:07.0741 5364 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/09/09 23:48:07.0791 5364 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/09 23:48:07.0867 5364 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/09 23:48:07.0909 5364 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/09/09 23:48:07.0938 5364 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/09 23:48:08.0037 5364 motccgp (338ba6b7170111edc2e43b5b4eaf17df) C:\Windows\system32\DRIVERS\motccgp.sys
2011/09/09 23:48:08.0130 5364 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
2011/09/09 23:48:08.0231 5364 MotDev (3cc500c9b0e4d476802d277353cb2c89) C:\Windows\system32\DRIVERS\motodrv.sys
2011/09/09 23:48:08.0283 5364 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
2011/09/09 23:48:08.0343 5364 Motousbnet (db73ee608d06e415e0c4e777c6d7ba56) C:\Windows\system32\DRIVERS\Motousbnet.sys
2011/09/09 23:48:08.0391 5364 motport (e90aba3c6f01be2c456c4aa857b28646) C:\Windows\system32\DRIVERS\motport.sys
2011/09/09 23:48:08.0424 5364 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/09 23:48:08.0457 5364 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/09 23:48:08.0490 5364 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/09/09 23:48:08.0514 5364 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/09/09 23:48:08.0542 5364 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/09 23:48:08.0588 5364 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/09 23:48:08.0646 5364 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/09 23:48:08.0719 5364 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/09 23:48:08.0747 5364 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/09 23:48:08.0791 5364 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/09/09 23:48:08.0835 5364 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/09/09 23:48:08.0882 5364 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/09/09 23:48:08.0927 5364 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/09 23:48:08.0948 5364 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/09/09 23:48:08.0993 5364 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/09 23:48:09.0042 5364 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/09 23:48:09.0066 5364 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/09/09 23:48:09.0115 5364 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/09/09 23:48:09.0170 5364 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/09 23:48:09.0210 5364 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/09/09 23:48:09.0241 5364 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/09 23:48:09.0284 5364 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/09/09 23:48:09.0355 5364 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/09 23:48:09.0414 5364 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/09/09 23:48:09.0511 5364 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/09 23:48:09.0554 5364 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/09 23:48:09.0622 5364 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/09 23:48:09.0686 5364 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/09 23:48:09.0748 5364 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/09/09 23:48:09.0779 5364 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/09 23:48:09.0808 5364 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/09 23:48:09.0889 5364 netr28ux (eed1fbde98cf5f6d5c0c5b27ab1f68ec) C:\Windows\system32\DRIVERS\netr28ux.sys
2011/09/09 23:48:10.0030 5364 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/09 23:48:10.0203 5364 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/09/09 23:48:10.0300 5364 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/09 23:48:10.0537 5364 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/09/09 23:48:10.0728 5364 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/09/09 23:48:10.0869 5364 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/09/09 23:48:11.0073 5364 NVHDA (cddd4478757288df4bb1494bfd084259) C:\Windows\system32\drivers\nvhda64v.sys
2011/09/09 23:48:12.0218 5364 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/09 23:48:12.0527 5364 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
2011/09/09 23:48:12.0651 5364 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/09/09 23:48:12.0871 5364 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/09/09 23:48:12.0956 5364 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/09/09 23:48:13.0033 5364 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
2011/09/09 23:48:13.0324 5364 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/09/09 23:48:13.0662 5364 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/09 23:48:13.0757 5364 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/09/09 23:48:13.0810 5364 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/09/09 23:48:13.0855 5364 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/09/09 23:48:13.0878 5364 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/09/09 23:48:13.0910 5364 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/09 23:48:13.0939 5364 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/09/09 23:48:14.0082 5364 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/09/09 23:48:14.0297 5364 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/09 23:48:14.0319 5364 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/09/09 23:48:14.0423 5364 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/09 23:48:14.0520 5364 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/09 23:48:14.0581 5364 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/09 23:48:14.0622 5364 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/09 23:48:14.0708 5364 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/09 23:48:14.0801 5364 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/09 23:48:14.0860 5364 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/09 23:48:14.0899 5364 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/09 23:48:15.0010 5364 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/09 23:48:15.0073 5364 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/09 23:48:15.0145 5364 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/09 23:48:15.0185 5364 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/09 23:48:15.0264 5364 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/09/09 23:48:15.0552 5364 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/09 23:48:15.0672 5364 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/09 23:48:15.0710 5364 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/09/09 23:48:15.0838 5364 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/09/09 23:48:15.0992 5364 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/09 23:48:16.0097 5364 RSUSBSTOR (79bad3e977966af21df982def5a99c76) C:\Windows\system32\Drivers\RtsUStor.sys
2011/09/09 23:48:16.0274 5364 RTL8187B (945ab249d12cbe044782430c6013aa1a) C:\Windows\system32\DRIVERS\RTL8187B.sys
2011/09/09 23:48:16.0340 5364 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/09/09 23:48:16.0514 5364 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/09/09 23:48:16.0632 5364 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/09/09 23:48:16.0683 5364 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/09/09 23:48:16.0817 5364 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/09 23:48:16.0933 5364 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/09/09 23:48:16.0997 5364 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/09 23:48:17.0064 5364 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/09/09 23:48:17.0117 5364 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/09 23:48:17.0206 5364 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/09/09 23:48:17.0239 5364 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/09/09 23:48:17.0391 5364 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/09/09 23:48:17.0575 5364 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/09 23:48:17.0682 5364 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/09 23:48:17.0767 5364 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/09 23:48:17.0809 5364 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/09/09 23:48:17.0926 5364 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/09/09 23:48:18.0109 5364 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/09/09 23:48:18.0109 5364 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/09/09 23:48:18.0116 5364 sptd - detected LockedFile.Multi.Generic (1)
2011/09/09 23:48:18.0223 5364 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/09/09 23:48:18.0276 5364 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/09 23:48:18.0358 5364 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/09 23:48:18.0421 5364 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/09 23:48:18.0544 5364 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/09/09 23:48:18.0618 5364 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/09/09 23:48:18.0674 5364 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/09 23:48:18.0923 5364 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/09/09 23:48:19.0062 5364 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/09 23:48:19.0141 5364 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/09 23:48:19.0182 5364 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/09/09 23:48:19.0201 5364 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/09/09 23:48:19.0242 5364 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/09 23:48:19.0270 5364 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/09 23:48:19.0428 5364 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/09 23:48:19.0671 5364 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/09 23:48:19.0863 5364 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/09 23:48:19.0965 5364 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/09 23:48:20.0055 5364 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/09/09 23:48:20.0100 5364 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/09 23:48:20.0153 5364 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/09 23:48:20.0228 5364 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/09 23:48:20.0243 5364 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/09/09 23:48:20.0292 5364 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/09 23:48:20.0317 5364 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/09 23:48:20.0384 5364 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/09/09 23:48:20.0417 5364 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/09 23:48:20.0479 5364 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/09 23:48:20.0513 5364 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/09 23:48:20.0581 5364 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/09/09 23:48:20.0638 5364 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/09/09 23:48:20.0660 5364 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/09 23:48:20.0698 5364 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/09/09 23:48:20.0725 5364 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/09/09 23:48:20.0767 5364 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/09/09 23:48:20.0819 5364 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/09/09 23:48:20.0836 5364 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/09/09 23:48:20.0907 5364 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/09/09 23:48:20.0985 5364 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/09/09 23:48:21.0036 5364 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/09/09 23:48:21.0065 5364 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/09 23:48:21.0126 5364 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/09/09 23:48:21.0172 5364 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/09/09 23:48:21.0208 5364 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/09/09 23:48:21.0236 5364 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/09 23:48:21.0275 5364 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/09 23:48:21.0292 5364 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/09 23:48:21.0443 5364 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/09/09 23:48:21.0505 5364 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/09 23:48:21.0572 5364 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/09 23:48:21.0601 5364 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/09/09 23:48:21.0711 5364 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/09/09 23:48:21.0764 5364 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/09/09 23:48:21.0821 5364 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/09 23:48:21.0867 5364 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/09/09 23:48:21.0896 5364 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/09 23:48:22.0033 5364 MBR (0x1B8) (d8f98fa929a3ce2707b66f8b212f5858) \Device\Harddisk0\DR0
2011/09/09 23:48:22.0042 5364 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
2011/09/09 23:48:22.0073 5364 Boot (0x1200) (1ea238734df5324bbdbddf75fc663cfb) \Device\Harddisk0\DR0\Partition0
2011/09/09 23:48:22.0085 5364 Boot (0x1200) (55104fdee2b0e1b12752f0d5d5dd7988) \Device\Harddisk0\DR0\Partition1
2011/09/09 23:48:22.0092 5364 ================================================================================
2011/09/09 23:48:22.0092 5364 Scan finished
2011/09/09 23:48:22.0092 5364 ================================================================================
2011/09/09 23:48:22.0108 5356 Detected object count: 2
2011/09/09 23:48:22.0108 5356 Actual detected object count: 2
2011/09/09 23:48:43.0152 5356 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/09/09 23:48:43.0191 5356 \Device\Harddisk0\DR0 (Rootkit.Boot.Pihar.a) - will be cured after reboot
2011/09/09 23:48:43.0191 5356 \Device\Harddisk0\DR0 - ok
2011/09/09 23:48:43.0192 5356 Rootkit.Boot.Pihar.a(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/09 23:48:58.0712 5176 Deinitialize success



and



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/10/2011 at 00:38 AM

Application Version : 5.0.1118

Core Rules Database Version : 7673
Trace Rules Database Version: 5485

Scan type : Complete Scan
Total Scan Time : 00:38:50

Operating System Information
Windows 7 Ultimate 64-bit (Build 6.01.7600)
UAC Off - Administrator

Memory items scanned : 658
Memory threats detected : 0
Registry items scanned : 72878
Registry threats detected : 0
File items scanned : 66178
File threats detected : 6

Trojan.Agent/Gen-FSG
ZIP ARCHIVE( C:\USERS\CYBER\DOWNLOADS\HD2 GAMES PACK 1-24.7Z\HTC HD2 SPIELE PACK 14\600_SOLITAIRE_MANIA_PRO_KEYGEN INKL..ZIP )/KEYGEN.EXE
C:\USERS\CYBER\DOWNLOADS\HD2 GAMES PACK 1-24.7Z\HTC HD2 SPIELE PACK 14\600_SOLITAIRE_MANIA_PRO_KEYGEN INKL..ZIP

Trojan.Agent/Gen-MSFake
C:\USERS\CYBER\DOWNLOADS\ONE-CLICK-G2X-RECOVERY-FLASH\NVFLASH\ONECLICKRECOVERYFLASHER.EXE
C:\USERS\CYBER\DOWNLOADS\ONE-CLICK-G2X-RECOVERY-FLASHER-06-16\NVFLASH\ONECLICKRECOVERYFLASHER.EXE

Adware.Tracking Cookie
C:\WINDOWS\TEMP\COOKIES\SYSTEM@247REALMEDIA[1].TXT
C:\WINDOWS\TEMP\COOKIES\SYSTEM@BURSTNET[1].TXT

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:09 AM

Posted 10 September 2011 - 09:56 AM

I think we got it ,how is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 cybrphantom

cybrphantom
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 11 September 2011 - 07:08 AM

it stil seems to do it with some links that i click not all but its some now

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:09 AM

Posted 11 September 2011 - 04:35 PM

Ok lets do one more

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 cybrphantom

cybrphantom
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 12 September 2011 - 05:38 AM

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4d5f6200-7dea3b0d Java/Exploit.CVE-2009-2843.B trojan deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\653a8b4a-5e170b00 a variant of Java/Exploit.CVE-2009-2843.B trojan deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6b1e720a-6137b3ba Java/Agent.BV trojan deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\3d726d4b-3e8d85bc a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\2281260d-185bf3b9 probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\7efe204d-4d885a58 multiple threats deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\5f583a0f-4c236a13 probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\64d94f02-3f092fb2 Java/Exploit.CVE-2010-3562.A trojan cleaned by deleting - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\76b61fd6-154591c5 multiple threats deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\42f2dad8-7713f13d Java/Exploit.CVE-2009-3867.AL trojan deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\20d825dc-3dcb49cb multiple threats deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\2568ef1d-35898a74 multiple threats deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\64414e83-37ce3ea1 a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\774dcea0-4e61ad5e Java/Exploit.CVE-2009-2843.B trojan cleaned by deleting - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\79f95620-59b10f98 multiple threats deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\41e8aee3-741eb2e1 a variant of Java/Exploit.CVE-2009-2843.B trojan deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\5f24cc23-56736a39 Java/Exploit.CVE-2009-3867.AL trojan deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\1765e425-316c24aa Java/Exploit.CVE-2009-2843.B trojan deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1b3c1126-66b9904c Java/Exploit.CVE-2010-3562.A trojan cleaned by deleting - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\2ef758e6-1f988e97 Java/Agent.BV trojan deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\4b83f3c4-37313213 multiple threats deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\589af4e8-424917e2 multiple threats deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\75c96a28-56f73dae multiple threats deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\418b0369-37fdd3f7 Java/Exploit.CVE-2009-2843.B trojan cleaned by deleting - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\189eca2a-179b8200 multiple threats deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\3f630bab-77b844f9 probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\6d1b776b-1d0788a8 multiple threats deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\7a0b54eb-40be09ce multiple threats deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\4084a7b0-694b173a multiple threats deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\d126230-5583512d Java/Agent.BV trojan deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\665ffb1-50609bd3 probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\7baf0ab2-4009e9b6 a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\59ec2974-2ce9594f a variant of Java/Agent.AF trojan deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\70e692f4-5b8f266a multiple threats deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\16a8b77-308f50ce a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1baeccbb-231a6e09 Java/Exploit.CVE-2009-3867.AL trojan deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\3d541bfb-460f6642 multiple threats deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\1c75f27d-766c41c9 multiple threats deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\406df447-7e6555eb multiple threats deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1d87cc08-6171dbad probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\Cyber\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\64a5a908-6cd92ed0 probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\Cyber\Desktop\HD2 Android Backups\1-23-2011\download\z.apk Android/Exploit.RageCage.A trojan deleted - quarantined
C:\Users\Cyber\Desktop\HD2 Android Backups\1172011\download\z.apk Android/Exploit.RageCage.A trojan deleted - quarantined
C:\Users\Cyber\Documents\FrostWire\Saved Win32/OpenCandy application deleted - quarantined
C:\Users\Cyber\Downloads\Driver.www.freshwap.net.rar multiple threats deleted - quarantined
C:\Users\Cyber\Downloads\kms.rar a variant of Win32/HackKMS.A application deleted - quarantined
C:\Users\Cyber\Downloads\winamp5621_full_emusic-7plus_en-us.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Cyber\Downloads\HD2 Games Pack 1-24.7z\HTC HD2 Spiele Pack 1\C2Matrix firehawk_ppc.rar probably a variant of Win32/PSW.OnLineGames.LDGUONV trojan deleted - quarantined
C:\Users\Cyber\Downloads\HD2 Games Pack 1-24.7z\HTC HD2 Spiele Pack 18\Hexxagon.Labs.v1.21.rar probably a variant of Win32/PSW.OnLineGames.EMABVFV trojan deleted - quarantined
C:\Users\Cyber\Downloads\HD2 Games Pack 1-24.7z\HTC HD2 Spiele Pack 8\Sudoku.rar probably a variant of Win32/PSW.Agent.DGAWLFA trojan deleted - quarantined
C:\Users\Cyber\Downloads\kms\kms\mini-KMS_Activator_v1.054_ENG.rar a variant of Win32/HackKMS.A application deleted - quarantined
C:\Users\Cyber\Downloads\kms\kms\mini-KMS_Activator_v1.054_ENG\mini-KMS_Activator_v1.054_ENG.exe a variant of Win32/HackKMS.A application deleted - quarantined
C:\Users\Cyber\Downloads\kon-boot-all\FD0-konboot-v1.1-2in1.zip Win32/PSWTool.KonBoot.A application deleted - quarantined
C:\Users\Cyber\Downloads\kon-boot-all\FD0-konboot-v1.1-2in1\FD0-konboot-v1.1-2in1.img Win32/PSWTool.KonBoot.A application cleaned by deleting - quarantined
C:\Users\Cyber\Downloads\kon-boot-all\older\FD0-konboot-v1.0-Vkickstart.zip probably unknown TSR.BOOT virus deleted - quarantined
C:\Users\Cyber\Downloads\kon-boot-all\older\FD0-konboot-v1.0-Vorange.zip probably unknown TSR.BOOT virus deleted - quarantined

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:09 AM

Posted 12 September 2011 - 09:53 AM

Hello, how are the redirects now?
You have outdated Java and that is allwing some exploits we see.

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 cybrphantom

cybrphantom
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 16 September 2011 - 11:17 AM

it keeps doing it and i did everything? hmmm might just back up everything and reinstall

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:09 AM

Posted 16 September 2011 - 12:57 PM

Hello, that will definately fix all issues. If that is your choice then here's a tip
2 guidelines/rules when backing up

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe/.scr/.htm/.html/.xml/.zip/.rar files as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.


OR try
Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users