Jump to content

Google Redirects to other websites


aqt395
 Share

Recommended Posts

Good day!

Google redirects are taking over. It started with Google Chrome, then in IE 7. I tried various things tips n this forum and others at random. Some appeared to produce some results, but the redirect persisted. About 2-3 days ago Firefox started redirects too.

Need help with the trouble.

I'm attaching some of the logs from the programs I ran lately, including * attach.txt and * ark.txt

Also,

- I uninstalled and installed new Java,

- updated Windows Update (except to IE 8),

- updated Firefox

- Disabled System Restore.

I'm outmatched by this problem. Need expert help.

Thank you in advance.

==================================

++++++++++++++++++++++++++++++++++

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5654

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

2/1/2011 6:40:14 PM

mbam-log-2011-02-01 (18-40-14).txt

Scan type: Quick scan

Objects scanned: 148883

Time elapsed: 6 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

++++++++++++++++++++++++++++

============================

DDS (Ver_10-12-12.02) - NTFSx86

Run by Serge at 17:58:56.72 on Tue 02/01/2011

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_23

Microsoft

Link to post
Share on other sites

Hi and Welcome!

Download TFC to your desktop

http://oldtimer.geekstogo.com/TFC.exe

  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

It's normal after running TFC cleaner that the PC will be slower to boot the first time.

Next, download this Antirootkit Program to a folder that you create such as C:\ARK, by choosing the "Download EXE" button on the webpage.

Disable the active protection component of your antivirus by following the directions that apply here:

http://www.bleepingcomputer.com/forums/topic114351.html

Please perform a rootkit scan:

  • Double-click the randomly name EXE located in the C:\ARK folder that you just downloaded to run the program.
  • When the program opens, it will automatically initiate a very fast scan of common rootkit hiding places.
  • After the automatic "quick" scan is finished (a few seconds), if you're prompted to perform a full system scan due to potential ROOTKIT activity - respond with a [bNo
  • In the right pane, UNCHECK the following items:
    • Drives/Partition other than System drive (typically only C:\ should be checked)
    • IAT/EAT
    • Show All (this should be unchecked by default)

    [*]Select the Scan button.

    [*]Leave your system completely idle while this longer scan is in progress.

    [*]When the scan is done, save the scan log to the Windows clipboard

    [*]Open Notepad or a similar text editor

    [*]Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V

    [*]Exit the Program

    [*]Save the Scan log as ARK.txt and post it in your next reply. If the log is very long attach it please.

    [*]Re-enable your antivirus and any antimalware programs you disabled before running the scan

Some background information on what we're planning to do can be found HERE

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

===========

Please Run ComboFix by following the steps provided in exactly this sequence:

Here is a tutorial that describes how to download, install and run Combofix. Please thoroughly review it beofre proceeding:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Very Important! BEFORE downloading Combofix, temporarily disable your antivirus and antimalware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix and even remove onboard components so it is rendered ineffective:

http://www.bleepingcomputer.com/forums/topic114351.html

Note: The above tutorial does not tell you to rename Combofix as I am about to instruct you to do in the following instructions, so make sure you complete the renaming step before launching Combofix.

Using ComboFix ->

Please download Combofix from one of these locations:

HERE or HERE

I want you to rename Combofix.exe as you download it to iexplore.exe

Notes:

  • It is very important that save the newly renamed EXE file to your desktop.
  • You must rename Combofixe.exe as you download it and not after it is on your computer.
    You may have to modify your browser settings if you use Firefox, so you can rename Combofix.exe as you download it. To do that:
    • Open Firefox
    • Click Tools -> Options -> Main
    • Under the downloads section check the button that says "Always ask me where to save files".
    • Click OK

    [*]For Internet Explorer:

    • Choose to save, not open the file
    • When prompted - save the file to your desktop, and rename it iexplore.exe.

Running Combofix

In the event you already have Combofix, please delete it as this is a new version.

  • Close any open browsers and programs.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  • If Combofix asks to update, please allow it to do so. If it renames itself back to Combofix.exe - this is normal!!
  • If You are running Windows XP, and Combofix asks to install the Recovery Console, please allow it to do so or it WILL NOT perform it's normal malware removal capabilities. This is for your safety !!

1. To Launch Combofix

Click Start --> Run, and enter (copy/paste)this command exactly as shown:

"%userprofile%\desktop\iexplore.exe" /killall

2. When finished, it will produce a logfile located at C:\ComboFix.txt

3. Post the contents of that log in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Please post C:\ComboFix.txt in your next reply.

If You have problems running Combofix then try running it in "Safe Mode with Networking" as follows:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading normally, the Advanced Options Menu should appear;
  • Select the option, to run Windows in "Safe Mode with Networking", then press Enter.
  • Choose your usual account, and launch Combofix as directed above.

Please Copy/Paste the following logs into your next reply:

1. ARK.txt

2. TDSSKiller

3. Combofix.txt

Link to post
Share on other sites

1. To Launch Combofix

Click Start --> Run, and enter (copy/paste)this command exactly as shown:

"%userprofile%\desktop\iexplore.exe" /killall

2. When finished, it will produce a logfile located at C:\ComboFix.txt

3. Post the contents of that log in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Please post C:\ComboFix.txt in your next reply.

If You have problems running Combofix then try running it in "Safe Mode with Networking" as follows:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading normally, the Advanced Options Menu should appear;
  • Select the option, to run Windows in "Safe Mode with Networking", then press Enter.
  • Choose your usual account, and launch Combofix as directed above.

Please Copy/Paste the following logs into your next reply:

1. ARK.txt

2. TDSSKiller

3. Combofix.txt

Thank you for looking into this. I got thru most of this stuff OK. However, when doing the last part - combofix - ran into a problem.

It started doing its thing, the screen was updating with progress steps all the way to 30-40+. Eventually it said it will restart comouter. It went to shut down and nothing happened for a while....

Well, after finally restarting. The computer starts w/o Windows Explorer both in regular and safe mode. So I can't see the desktop, even though it appears to be running somewhere. CTRL ALT DEL works and brings up Task Manager. It has an option for "Create New Task", so I'm trying to restart Combofix.

Link to post
Share on other sites

Why don't you start explorer.exe from task manager and then you will have your desktop back.

Please post TDSSKiller if you have it. First see if Combofix produced the log at this location:

C:\Combofix.txt

If not, then you can try to get Combofix to complete, by running it in safe mode. Make sure ALL anti-virus and anti-malware are turned off.

Also, these two folders look suspicious due to random naming:

011-01-16 00:55:52 -------- d-----w- c:\users\serge\appdata\roaming\spcgfmeua

2011-01-09 22:31:30 -------- d-----w- c:\progra~2\jNjLm04200

You can check out what's in there and report back.

Link to post
Share on other sites

Also, these two folders look suspicious due to random naming:

011-01-16 00:55:52 -------- d-----w- c:\users\serge\appdata\roaming\spcgfmeua - Folder exists, date of creation appears to be suspect.

2011-01-09 22:31:30 -------- d-----w- c:\progra~2\jNjLm04200 Can't seem to find it. agree, probably a suspect

You can check out what's in there and report back.

2011/02/02 01:32:23.0074 5096 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03

2011/02/02 01:32:23.0510 5096 ================================================================================

2011/02/02 01:32:23.0510 5096 SystemInfo:

2011/02/02 01:32:23.0510 5096

2011/02/02 01:32:23.0510 5096 OS Version: 6.0.6001 ServicePack: 1.0

2011/02/02 01:32:23.0510 5096 Product type: Workstation

2011/02/02 01:32:23.0510 5096 ComputerName: TIGERTIGER

2011/02/02 01:32:23.0510 5096 UserName: Serge

2011/02/02 01:32:23.0510 5096 Windows directory: C:\Windows

2011/02/02 01:32:23.0510 5096 System windows directory: C:\Windows

2011/02/02 01:32:23.0510 5096 Processor architecture: Intel x86

2011/02/02 01:32:23.0510 5096 Number of processors: 1

2011/02/02 01:32:23.0510 5096 Page size: 0x1000

2011/02/02 01:32:23.0510 5096 Boot type: Normal boot

2011/02/02 01:32:23.0510 5096 ================================================================================

2011/02/02 01:32:25.0663 5096 Initialize success

2011/02/02 01:32:30.0109 5744 ================================================================================

2011/02/02 01:32:30.0109 5744 Scan started

2011/02/02 01:32:30.0109 5744 Mode: Manual;

2011/02/02 01:32:30.0109 5744 ================================================================================

2011/02/02 01:32:32.0012 5744 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

2011/02/02 01:32:32.0496 5744 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2011/02/02 01:32:32.0917 5744 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2011/02/02 01:32:33.0432 5744 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2011/02/02 01:32:33.0682 5744 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2011/02/02 01:32:34.0181 5744 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys

2011/02/02 01:32:34.0664 5744 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

2011/02/02 01:32:34.0898 5744 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/02/02 01:32:35.0320 5744 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

2011/02/02 01:32:35.0725 5744 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

2011/02/02 01:32:36.0131 5744 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

2011/02/02 01:32:36.0256 5744 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2011/02/02 01:32:36.0646 5744 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

2011/02/02 01:32:37.0192 5744 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys

2011/02/02 01:32:37.0691 5744 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2011/02/02 01:32:38.0143 5744 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2011/02/02 01:32:38.0658 5744 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/02/02 01:32:39.0344 5744 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys

2011/02/02 01:32:39.0922 5744 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2011/02/02 01:32:41.0216 5744 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

2011/02/02 01:32:41.0731 5744 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/02/02 01:32:42.0371 5744 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/02/02 01:32:42.0979 5744 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/02/02 01:32:43.0541 5744 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/02/02 01:32:44.0056 5744 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/02/02 01:32:44.0726 5744 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/02/02 01:32:45.0382 5744 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys

2011/02/02 01:32:46.0084 5744 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/02/02 01:32:46.0598 5744 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

2011/02/02 01:32:47.0098 5744 BTHPORT (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys

2011/02/02 01:32:47.0737 5744 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys

2011/02/02 01:32:48.0455 5744 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys

2011/02/02 01:32:49.0001 5744 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys

2011/02/02 01:32:49.0500 5744 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys

2011/02/02 01:32:50.0857 5744 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/02/02 01:32:51.0434 5744 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\Windows\system32\drivers\Cdr4_xp.sys

2011/02/02 01:32:51.0980 5744 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\Windows\system32\drivers\Cdralw2k.sys

2011/02/02 01:32:52.0511 5744 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

2011/02/02 01:32:53.0010 5744 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2011/02/02 01:32:53.0712 5744 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

2011/02/02 01:32:54.0242 5744 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/02/02 01:32:54.0757 5744 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

2011/02/02 01:32:55.0397 5744 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2011/02/02 01:32:56.0052 5744 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2011/02/02 01:32:56.0598 5744 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2011/02/02 01:32:57.0253 5744 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys

2011/02/02 01:32:57.0924 5744 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys

2011/02/02 01:32:58.0579 5744 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

2011/02/02 01:32:59.0156 5744 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys

2011/02/02 01:32:59.0843 5744 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2011/02/02 01:33:00.0389 5744 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

2011/02/02 01:33:00.0888 5744 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\Windows\system32\DRIVERS\e100b325.sys

2011/02/02 01:33:01.0387 5744 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/02/02 01:33:01.0886 5744 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

2011/02/02 01:33:02.0386 5744 eeCtrl (31c959319ef45b548d2111e338412270) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2011/02/02 01:33:02.0963 5744 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2011/02/02 01:33:03.0852 5744 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

2011/02/02 01:33:04.0367 5744 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

2011/02/02 01:33:05.0006 5744 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2011/02/02 01:33:05.0568 5744 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2011/02/02 01:33:06.0223 5744 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2011/02/02 01:33:06.0956 5744 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/02/02 01:33:07.0565 5744 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

2011/02/02 01:33:08.0017 5744 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2011/02/02 01:33:08.0548 5744 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2011/02/02 01:33:09.0172 5744 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2011/02/02 01:33:09.0920 5744 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/02/02 01:33:10.0482 5744 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/02/02 01:33:11.0090 5744 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/02/02 01:33:11.0777 5744 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/02/02 01:33:12.0463 5744 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

2011/02/02 01:33:12.0978 5744 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2011/02/02 01:33:13.0602 5744 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

2011/02/02 01:33:14.0554 5744 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys

2011/02/02 01:33:15.0256 5744 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

2011/02/02 01:33:15.0942 5744 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys

2011/02/02 01:33:18.0610 5744 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2011/02/02 01:33:19.0140 5744 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/02/02 01:33:20.0794 5744 ialm (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/02/02 01:33:21.0652 5744 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2011/02/02 01:33:22.0307 5744 igfx (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/02/02 01:33:22.0681 5744 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/02/02 01:33:23.0243 5744 IntcAzAudAddService (0789485ffae865458e0f079dcbf4fcd2) C:\Windows\system32\drivers\RTKVHDA.sys

2011/02/02 01:33:23.0789 5744 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

2011/02/02 01:33:24.0272 5744 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2011/02/02 01:33:24.0756 5744 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/02/02 01:33:25.0458 5744 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2011/02/02 01:33:25.0895 5744 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2011/02/02 01:33:26.0347 5744 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2011/02/02 01:33:26.0722 5744 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

2011/02/02 01:33:27.0361 5744 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/02/02 01:33:27.0876 5744 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/02/02 01:33:28.0562 5744 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/02/02 01:33:29.0249 5744 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/02/02 01:33:29.0608 5744 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys

2011/02/02 01:33:30.0372 5744 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys

2011/02/02 01:33:30.0934 5744 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/02/02 01:33:31.0183 5744 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2011/02/02 01:33:31.0636 5744 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2011/02/02 01:33:31.0979 5744 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2011/02/02 01:33:32.0291 5744 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2011/02/02 01:33:32.0650 5744 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2011/02/02 01:33:33.0211 5744 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2011/02/02 01:33:33.0913 5744 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2011/02/02 01:33:34.0475 5744 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2011/02/02 01:33:35.0021 5744 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2011/02/02 01:33:35.0660 5744 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2011/02/02 01:33:36.0347 5744 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2011/02/02 01:33:36.0768 5744 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2011/02/02 01:33:37.0220 5744 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2011/02/02 01:33:37.0766 5744 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/02/02 01:33:38.0266 5744 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

2011/02/02 01:33:38.0765 5744 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/02/02 01:33:39.0264 5744 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/02/02 01:33:39.0810 5744 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/02/02 01:33:40.0231 5744 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

2011/02/02 01:33:40.0840 5744 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2011/02/02 01:33:41.0479 5744 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2011/02/02 01:33:42.0134 5744 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2011/02/02 01:33:42.0743 5744 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2011/02/02 01:33:43.0367 5744 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/02/02 01:33:44.0038 5744 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2011/02/02 01:33:44.0786 5744 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

2011/02/02 01:33:45.0348 5744 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/02/02 01:33:45.0894 5744 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2011/02/02 01:33:46.0487 5744 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

2011/02/02 01:33:47.0064 5744 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

2011/02/02 01:33:47.0735 5744 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys

2011/02/02 01:33:48.0250 5744 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/02/02 01:33:48.0952 5744 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/02/02 01:33:49.0451 5744 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/02/02 01:33:49.0872 5744 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2011/02/02 01:33:50.0387 5744 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2011/02/02 01:33:50.0855 5744 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

2011/02/02 01:33:51.0838 5744 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys

2011/02/02 01:33:53.0678 5744 NETw5v32 (054ba4a208c7aaf4f787e4f5466755e6) C:\Windows\system32\DRIVERS\NETw5v32.sys

2011/02/02 01:33:54.0630 5744 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/02/02 01:33:55.0270 5744 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

2011/02/02 01:33:56.0003 5744 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2011/02/02 01:33:57.0032 5744 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

2011/02/02 01:33:57.0719 5744 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/02/02 01:33:58.0561 5744 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2011/02/02 01:33:59.0170 5744 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2011/02/02 01:33:59.0684 5744 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2011/02/02 01:34:00.0293 5744 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

2011/02/02 01:34:00.0932 5744 NWADI (aa62ba29ef342d805555196f46fcaa4e) C:\Windows\system32\DRIVERS\NWADIenum.sys

2011/02/02 01:34:02.0196 5744 NWUSBModem (d03072d7a3e4bf86e530f7abe18309fc) C:\Windows\system32\DRIVERS\nwusbmdm.sys

2011/02/02 01:34:02.0758 5744 NWUSBPort (d03072d7a3e4bf86e530f7abe18309fc) C:\Windows\system32\DRIVERS\nwusbser.sys

2011/02/02 01:34:03.0257 5744 NWUSBPort2 (d03072d7a3e4bf86e530f7abe18309fc) C:\Windows\system32\DRIVERS\nwusbser2.sys

2011/02/02 01:34:04.0084 5744 OADevice (422cf292a3fd758418c5b79405c93331) C:\Windows\system32\drivers\OADriver.sys

2011/02/02 01:34:04.0614 5744 oahlpXX (7c6d7532a8fcbcbda241215e808354c2) C:\Windows\system32\drivers\oahlp32.sys

2011/02/02 01:34:05.0129 5744 OAmon (6243e6db6399a95fd401090fc0d0c3ab) C:\Windows\system32\drivers\OAmon.sys

2011/02/02 01:34:05.0534 5744 OAnet (2e3c6c23b2c618517685a5137c0611cb) C:\Windows\system32\DRIVERS\oanet.sys

2011/02/02 01:34:06.0034 5744 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/02/02 01:34:06.0548 5744 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/02/02 01:34:07.0126 5744 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

2011/02/02 01:34:07.0703 5744 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/02/02 01:34:08.0358 5744 PCASp50 (803c8e7f4d00fe832c1f3871514fec85) C:\Windows\system32\Drivers\PCASp50.sys

2011/02/02 01:34:08.0998 5744 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

2011/02/02 01:34:09.0559 5744 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\DRIVERS\pciide.sys

2011/02/02 01:34:10.0152 5744 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/02/02 01:34:10.0994 5744 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/02/02 01:34:11.0806 5744 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2011/02/02 01:34:12.0367 5744 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2011/02/02 01:34:12.0960 5744 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

2011/02/02 01:34:13.0506 5744 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys

2011/02/02 01:34:14.0192 5744 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2011/02/02 01:34:14.0848 5744 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/02/02 01:34:15.0425 5744 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2011/02/02 01:34:16.0064 5744 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2011/02/02 01:34:16.0704 5744 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/02/02 01:34:17.0390 5744 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/02/02 01:34:17.0999 5744 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

2011/02/02 01:34:18.0623 5744 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

2011/02/02 01:34:19.0153 5744 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/02/02 01:34:19.0637 5744 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys

2011/02/02 01:34:20.0214 5744 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2011/02/02 01:34:20.0822 5744 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

2011/02/02 01:34:21.0462 5744 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys

2011/02/02 01:34:22.0273 5744 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys

2011/02/02 01:34:22.0804 5744 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys

2011/02/02 01:34:23.0334 5744 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2011/02/02 01:34:24.0114 5744 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/02/02 01:34:24.0785 5744 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/02/02 01:34:25.0643 5744 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2011/02/02 01:34:26.0126 5744 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/02/02 01:34:26.0563 5744 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2011/02/02 01:34:27.0156 5744 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

2011/02/02 01:34:27.0640 5744 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

2011/02/02 01:34:28.0154 5744 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

2011/02/02 01:34:28.0903 5744 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/02/02 01:34:29.0714 5744 shpf (571aed0899d559671672ea9da3fdf4cf) C:\Windows\system32\DRIVERS\shpf.sys

2011/02/02 01:34:30.0401 5744 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

2011/02/02 01:34:31.0087 5744 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2011/02/02 01:34:31.0992 5744 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2011/02/02 01:34:32.0772 5744 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

2011/02/02 01:34:33.0505 5744 SNC (db31d8989b3450569c29780e7fa98c48) C:\Windows\system32\Drivers\SonyNC.sys

2011/02/02 01:34:34.0254 5744 SPI (6832cda4c9336294df1df124f6627b6c) C:\Windows\system32\DRIVERS\SonyPI.sys

2011/02/02 01:34:35.0096 5744 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2011/02/02 01:34:35.0736 5744 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys

2011/02/02 01:34:36.0563 5744 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys

2011/02/02 01:34:37.0109 5744 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys

2011/02/02 01:34:38.0076 5744 StkAMini (69a926dbca12046633e3d6e6d46e7087) C:\Windows\system32\Drivers\StkAMini.sys

2011/02/02 01:34:38.0575 5744 StkScan (83406fb18cb0abfec501add986d63572) C:\Windows\system32\Drivers\StkScan.sys

2011/02/02 01:34:39.0137 5744 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2011/02/02 01:34:39.0776 5744 swmsflt (851681f7d3200e2a646c5ee4d4e9883d) C:\Windows\System32\drivers\swmsflt.sys

2011/02/02 01:34:40.0369 5744 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/02/02 01:34:41.0040 5744 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/02/02 01:34:41.0492 5744 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/02/02 01:34:42.0226 5744 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys

2011/02/02 01:34:43.0052 5744 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys

2011/02/02 01:34:43.0567 5744 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

2011/02/02 01:34:44.0051 5744 TcUsb (009aede9fe870c247014450dc1e01d5d) C:\Windows\system32\Drivers\tcusb.sys

2011/02/02 01:34:44.0612 5744 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2011/02/02 01:34:45.0221 5744 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2011/02/02 01:34:45.0736 5744 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

2011/02/02 01:34:46.0250 5744 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

2011/02/02 01:34:46.0921 5744 ti21sony (7c7445b4c2bd46c56abb3499da52b75c) C:\Windows\system32\drivers\ti21sony.sys

2011/02/02 01:34:47.0842 5744 toshidpt (e362d54fd394999c4178936396664e57) C:\Windows\system32\drivers\Toshidpt.sys

2011/02/02 01:34:48.0434 5744 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\Windows\system32\DRIVERS\tosporte.sys

2011/02/02 01:34:48.0980 5744 tosrfbd (42a23ff09bd172fa3f6a3a0a589ef1b0) C:\Windows\system32\DRIVERS\tosrfbd.sys

2011/02/02 01:34:49.0558 5744 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\Windows\system32\Drivers\tosrfbnp.sys

2011/02/02 01:34:50.0072 5744 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\Windows\system32\Drivers\tosrfcom.sys

2011/02/02 01:34:50.0634 5744 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\Windows\system32\DRIVERS\Tosrfhid.sys

2011/02/02 01:34:51.0258 5744 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys

2011/02/02 01:34:51.0773 5744 TosRfSnd (a4ce9572bc4ac8d329455059b43c5bea) C:\Windows\system32\drivers\tosrfsnd.sys

2011/02/02 01:34:52.0381 5744 tosrfusb (18dfe8b766af237119537a12e8401ebf) C:\Windows\system32\DRIVERS\tosrfusb.sys

2011/02/02 01:34:53.0036 5744 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys

2011/02/02 01:34:53.0770 5744 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/02/02 01:34:54.0331 5744 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2011/02/02 01:34:54.0877 5744 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys

2011/02/02 01:34:55.0517 5744 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2011/02/02 01:34:56.0188 5744 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

2011/02/02 01:34:57.0046 5744 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

2011/02/02 01:34:57.0498 5744 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2011/02/02 01:34:57.0966 5744 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/02/02 01:34:58.0496 5744 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/02/02 01:34:59.0167 5744 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2011/02/02 01:34:59.0932 5744 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys

2011/02/02 01:35:00.0634 5744 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/02/02 01:35:01.0336 5744 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/02/02 01:35:01.0850 5744 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys

2011/02/02 01:35:02.0506 5744 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys

2011/02/02 01:35:03.0161 5744 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2011/02/02 01:35:03.0691 5744 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2011/02/02 01:35:04.0175 5744 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

2011/02/02 01:35:04.0752 5744 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/02/02 01:35:05.0485 5744 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/02/02 01:35:06.0094 5744 usb_rndisx (ee181a08e09db23cf4a49b46a1e66bb8) C:\Windows\system32\DRIVERS\usb8023x.sys

2011/02/02 01:35:06.0967 5744 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/02/02 01:35:07.0513 5744 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2011/02/02 01:35:08.0028 5744 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

2011/02/02 01:35:08.0527 5744 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2011/02/02 01:35:09.0198 5744 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

2011/02/02 01:35:09.0697 5744 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2011/02/02 01:35:10.0368 5744 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

2011/02/02 01:35:10.0914 5744 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

2011/02/02 01:35:11.0413 5744 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2011/02/02 01:35:12.0006 5744 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/02/02 01:35:12.0630 5744 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/02/02 01:35:12.0677 5744 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/02/02 01:35:13.0254 5744 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2011/02/02 01:35:13.0831 5744 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/02/02 01:35:14.0393 5744 WimFltr (c8d53a13e867d5a7eafb19400016560f) C:\Windows\system32\DRIVERS\wimfltr.sys

2011/02/02 01:35:14.0986 5744 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

2011/02/02 01:35:15.0953 5744 WinUSB (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\WinUSB.sys

2011/02/02 01:35:16.0780 5744 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

2011/02/02 01:35:17.0544 5744 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/02/02 01:35:18.0090 5744 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys

2011/02/02 01:35:18.0683 5744 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

2011/02/02 01:35:19.0135 5744 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/02/02 01:35:19.0744 5744 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys

2011/02/02 01:35:20.0336 5744 ================================================================================

2011/02/02 01:35:20.0336 5744 Scan finished

2011/02/02 01:35:20.0336 5744 ================================================================================

2011/02/02 01:35:42.0348 4860 Deinitialize success

Link to post
Share on other sites

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit scan 2011-02-01 18:59:25

Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK8009GAH rev.BQ001A

Running: e6gigjin.exe; Driver: C:\Users\Serge\AppData\Local\Temp\pgdiyuow.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAllocateVirtualMemory [0x8D853328]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAlpcConnectPort [0x8D851A8C]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAlpcCreatePort [0x8D85155E]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAssignProcessToJobObject [0x8D852824]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwConnectPort [0x8D85164C]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateFile [0x8D8581F8]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreatePort [0x8D85146A]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateSection [0x8D84F4F2]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateThread [0x8D850634]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwDebugActiveProcess [0x8D850D22]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwDuplicateObject [0x8D85132C]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwLoadDriver [0x8D85224C]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenFile [0x8D858554]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenSection [0x8D84F7B4]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenThread [0x8D8508B0]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwProtectVirtualMemory [0x8D8525D6]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwQueueApcThread [0x8D852940]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwRequestPort [0x8D851CB0]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwRequestWaitReplyPort [0x8D851F14]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwRestoreKey [0x8D857FF0]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwResumeThread [0x8D8510CE]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSecureConnectPort [0x8D85186E]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSetContextThread [0x8D850BCC]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSetSystemInformation [0x8D852FDC]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwShutdownSystem [0x8D852186]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSuspendProcess [0x8D8511FE]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSuspendThread [0x8D850F7A]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSystemDebugControl [0x8D850E40]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwTerminateProcess [0x8D850472]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwTerminateThread [0x8D850A66]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwUnloadDriver [0x8D852414]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwWriteVirtualMemory [0x8D852700]

SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateThreadEx [0x8D850768]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 364 820BFA28 4 Bytes [28, 33, 85, 8D]

.text ntkrnlpa.exe!KeSetTimerEx + 370 820BFA34 8 Bytes [8C, 1A, 85, 8D, 5E, 15, 85, ...] {MOV WORD [EDX], DS; TEST [EBP-0x727aeaa2], ECX}

.text ntkrnlpa.exe!KeSetTimerEx + 3C4 820BFA88 4 Bytes [24, 28, 85, 8D]

.text ntkrnlpa.exe!KeSetTimerEx + 3F4 820BFAB8 4 Bytes [4C, 16, 85, 8D]

.text ntkrnlpa.exe!KeSetTimerEx + 40C 820BFAD0 4 Bytes [F8, 81, 85, 8D]

.text ...

---- User code sections - GMER 1.0.15 ----

The rest is attached as Ark. txt - file too long to post

ark.txt

Link to post
Share on other sites

Well, ComboFix was fighting some good fights there.

Couple (more like 7-8) tries later it completed the job.

The files you noticed, they appear in log as well:

........

2011-01-16 00:55 . 2011-01-16 01:02 -------- d-----w- c:\users\Serge\AppData\Roaming\spcgfmeua

2011-01-09 22:31 . 2011-01-10 00:16 -------- d-----w- c:\programdata\jNjLm04200

...........

I'm attaching 2 logs from ComboFix.

the 1st one - ComboFix 1st.txt - sort of did the job, but there were some incomplete entries.

The second: ComboFix.txt was the final and complete process.

ComboFix_1st.txt

ComboFix.txt

Link to post
Share on other sites

Now, you know why Explorer would not open!

I want to check out the contents of those two suspicious directories by creating and running a batch script, as follows:

(If you have any script-blocking programs or components in your security line-up, such as Norton script blocking, you will have to disable it)

1. Open Notepad, and on the Notepad menu, choose "Format" and make sure that Word Wrap is UNchecked (disabled).

2. Copy/Paste the text in the code box below and save it to your desktop as dirlist.bat, by using the File -> "Save as" function on the Notepad Menu (be sure to set the Save as type to "All Files")!!!

dir /a /s c:\users\Serge\AppData\Roaming\spcgfmeua > dirlist.txt
dir /a /s c:\programdata\jNjLm04200 >> dirlist.txt
Notepad dirlist.txt

3. Right-click dirlist.bat on your desktop and select "Run as Administrator".

4. Paste back the contents of the file dirlist.txt that opens in Notepad.

Link to post
Share on other sites

Westchester Country NY - great place, I used to work there and live just across the river in Rockland. Great area!

Well, the script ran and here is the result.

Volume in drive C is VISTA

Volume Serial Number is 6C57-AA0F

Directory of c:\users\Serge\AppData\Roaming\spcgfmeua

01/15/2011 08:02 PM <DIR> .

01/15/2011 08:02 PM <DIR> ..

0 File(s) 0 bytes

Total Files Listed:

0 File(s) 0 bytes

2 Dir(s) 35,977,887,744 bytes free

Volume in drive C is VISTA

Volume Serial Number is 6C57-AA0F

Directory of c:\programdata\jNjLm04200

01/09/2011 07:16 PM <DIR> .

01/09/2011 07:16 PM <DIR> ..

01/09/2011 05:41 PM 94 jNjLm04200

1 File(s) 94 bytes

Total Files Listed:

1 File(s) 94 bytes

2 Dir(s) 35,977,883,648 bytes free

Also run ESET Online scan.

C:\Qoobox\Quarantine\C\Windows\System32\nt.dll.vir Win32/Bamital.EZ trojan

This is the result.

The dir itself - it looks like it was established by ComboFix and has dome ComboFix entries in it.

Hope it helps.

Link to post
Share on other sites

Westchester Country NY - great place, I used to work there and live just across the river in Rockland. Great area!

I agree, usually that is, but now it looks more like a frozen Tundra!

You can delete this directory:

c:\users\Serge\AppData\Roaming\spcgfmeua

But, please upload this file for scanning at VirusTotal

c:\programdata\jNjLm04200\jNjLm04200

Select the "Upload a File" Tab.

Click the "Browse" button and a Windows Explorer-type interface will open that enables you to navigate through your file system.

Locate the suspect file you want analyzed for it's threat potential, left-click that file, and click "Send File" to upload it to VirusTotal.

If the file was previously scanned VirusTotal will display a message to that effect.

If that happens Select "Reanalyze".

Wait for it to be scanned and post back the url (copy/paste the link to the scan result page from your browser's address bar) if any of the scanners determine the file to be a threat.

========

Yes, that Qoobox directory contains Combofix quarantined items, among other things (so detections there represent inactive quarantined threats)!

I didn't see nt.dll in the Combofix deletions, so I'd like you to do this:

Please open a run line (click Start, type Run into the Start Search box, and under the "Programs" heading, select -> Run)

Copy/paste the following bolded text into the Run box and click OK:

C:\Qoobox\ComboFix-quarantined-files.txt

A report should open in Notepad. Please copy/paste its contents in your next reply.

Thanks for running the ESET scan - that is normally my next suggested step after Combofix has done its job!

Are the redirects gone now?

Link to post
Share on other sites

Yes, it's winter wonderland here too. Not as much snow as they promised. More like rain / ice around here. But looks pretty anyway. very much on schedule. Just like Weather Channel promised.

2011-02-02 08:36:21 . 2011-02-02 08:36:21 722 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Octoshape add-in for Adobe Flash Player.reg.dat

2011-02-02 08:36:21 . 2011-02-02 08:36:21 2,410 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-W1Z3F33D-CD0C-4AC4-86B4-X11E5511AA18_is1.reg.dat

2011-02-02 08:34:34 . 2011-02-02 08:34:34 928 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SunJavaUpdateSched.reg.dat

2011-02-02 08:34:32 . 2011-02-02 08:34:32 942 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-OrderReminder.reg.dat

2011-02-02 08:34:29 . 2011-02-02 08:34:29 976 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Corel Photo Downloader.reg.dat

2011-02-02 08:34:24 . 2011-02-02 08:34:24 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfRd.reg.dat

2011-02-02 08:34:24 . 2011-02-02 08:34:24 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfPf.reg.dat

2011-02-02 08:32:29 . 2011-02-02 08:32:29 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC}.reg.dat

2011-02-02 08:32:20 . 2011-02-02 08:32:20 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc}.reg.dat

2011-02-02 04:03:21 . 2011-02-02 09:13:57 14,932 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2011-02-02 03:51:28 . 2011-02-02 09:06:24 310 ----a-w- C:\Qoobox\Quarantine\catchme.log

2009-08-13 01:54:21 . 2009-08-13 01:55:43 18,015,723 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\vlc-1.0.1-win32.exe.vir

2009-03-28 00:39:05 . 2008-01-19 07:36:46 3,584 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\nt.dll.vir

2009-03-28 00:37:59 . 2008-01-19 07:33:37 96,768 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir

2007-05-24 02:02:31 . 2007-05-24 02:04:22 1,132,112 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\pswi_preloaded.exe.vir

2006-12-21 20:12:19 . 2006-12-18 19:50:54 4,096 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\THUMBS.DB.vir

http://www.virustotal.com/file-scan/report...2b10-1296699092

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.

File name:

jNjLm04200

Submission date:

2011-02-03 02:11:32 (UTC)

Current status:

queued queued (#78) analysing finished

Result:

0/ 43 (0.0%)

Per your suggestion I did ran couple of searches in IE, Chrome and Firefox. All appeared OK. And the pages load faster, without hesitation like they did in the past when links were redirected.

I'll keep trying out searches just to be sure.

Link to post
Share on other sites

Per your suggestion I did ran couple of searches in IE, Chrome and Firefox. All appeared OK. And the pages load faster, without hesitation like they did in the past when links were redirected.

I'll keep trying out searches just to be sure.

Sounds good! Let's give it one more day and if all is OK, I'll give you my post-clean-up speech!

Link to post
Share on other sites

Let's give it one more day and if all is OK - exactly.

However, let me ask you question. In your recommendation can you also account for computer performance. For example.This laptop runs reasonably with Vista, but when I installed Online Armor as a firewall solution - it became painfully slow. Maybe ComboFix fixed that as well, I don't know.

Link to post
Share on other sites

I personally use ESET Smart Security which is a Anti-malware + Firewall suite and my Vista PC performs well with no perceptible slowness at all.

There is a free 30 day trial here:

http://www.eset.com/download/free-trial/smart-security

Another solution is Microsoft Security Essentials 2 (MSE) because it works with and improves upon the protection provided by the Windows Firewall (with no performance degradation).

Link to post
Share on other sites

Hi aqt395,

Excellent job! Your scans are all coming up clean now, but we have a few "housekeeping" steps to finish up now!!

If I asked you to download and run an ARK (Antirootkit program) such as Gmer, Rootkit Unhooker, or Root Repeal, then please uninstall it by doing the following:

  • Delete the contents of the C:\ARK folder (or whatever folder you chose to install the antirootkit in)
  • Delete the C:\ARK folder(or whatever folder you chose to install the antirootkit in)

If I asked You to download OTL, TDSSKiller, MBRCheck or mbr.exe, please delete these programs from your Desktop (or their download location).

To remove Combofix and it's quarantine folder:

Click Start -> Run, and copy/paste the following bolded text in the Open: box and select OK:

"%userprofile%\desktop\combofix.exe" /uninstall

This will do the following:

  • Uninstall Combofix and all its associated files and folders.
  • Flush your system restore points and create a new restore point.
  • Rehide your system files and folders
  • Reset your system clock
  • Disable autorun to prevent USB flash drive infections (you can access any attached devices through through Windows Explorer (Windows key + E) or through Start -> Computer)

---

Here are some additional measures you should take to keep your system in good working order and ensure your continued security.

1. Scan your system for outdated versions of commonly used software applications that may also cause your PC be vulnerable, using the Secunia Online Software Inspector (OSI) by clicking the Start Scanner button. This is very important because recent statistics confirm that an overwhelming majority of infections are aquired through application not Operating System flaws. Commonly used programs like Quicktime, Java, and Adobe Acrobat Reader, itunes, FlashPlayer and many others are frequently targeted today. You can make your computer much more secure if you update to the most current versions of these programs and any others that Secunia alerts you to.

Just click the "Start Scanner" button to get a listing of all outdated and possibly insecure resident programs.

Note: If your firewall prompts you about access, allow it.

2. Keep MBAM as an on demand scanner because I highly recommend it, and the quick scan will find most all active malware in minutes.

3. You can reduce your startups by downloading Malwarebyte's StartUp Lite and saving it to a convenient location. Just double-click StartUpLite.exe. Then, check the options you would like based on the descriptions provided, then select continue. This will free up system resources because nonessential background programs will no longer be running when you start up your computer.

You should visit the Windows Updates website, and obtain the most current Operating System updates/patches, and Internet Explorer released versions.

The easiest and fastest way to obtain Windows Updates is by clicking Control Panel -> Windows Update.

However, setting your computer to download and install updates automatically will relieve you of the responsibility of doing this on a continual basis. It is important to periodically check that Windows Updates is functioning properly because many threats disable it as part of their strategy to compromise your system. Windows Updates are released on the second Tuesday of every month.

Finally, please review the additional suggestions offered by Tony Klein in How did I get infected in the first place. so you can maintain a safe and secure computing environment.

Happy Surfing! :)

Link to post
Share on other sites

In the process of implementing your recommendation. Ran into some problems:

"To remove Combofix and it's quarantine folder:

Click Start -> Run, and copy/paste the following bolded text in the Open: box and select OK:

"%userprofile%\desktop\combofix.exe" /uninstall

This will do the following:

* Uninstall Combofix and all its associated files and folders.

* Flush your system restore points and create a new restore point.

* Rehide your system files and folders

* Reset your system clock

* Disable autorun to prevent USB flash drive infections (you can access any attached devices through through Windows Explorer (Windows key + E) or through Start -> Computer)"

This part didn't really work. ComboFix said it did uninstall itself successfully, and the icon is gone from desktop, but the other bullet points were not completed. I tried to download fresh version of ComboFix - no change.

Should I just do all these things manually?

Link to post
Share on other sites

Sorry, aqt395!! I wonder why that happened!

Yes, please do the following manually:

  • Flush your system restore points and create a new restore point.
    Turn off Windows Vista System Restore:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK
    9. When you have finished, restart the computer.
    Turn on Windows Vista System Restore:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Place a checkmark in the box for any drive you wish to enable System Restore on
    7. Click OK
  • Create a new System Restore Point
  • Re-hide your system files and folders:
    • Click Start > Control Panel > Folder Options.
    • Select the View Tab.
    • Under the Hidden files and folders heading, de-select Show hidden files and folders.
    • Check: Hide file extensions for known file types
    • Check the Hide protected operating system files (recommended) option.
    • Click Yes to confirm.
    • Click OK.

    [*] Reset your system clock (only if it needs it)

    [*] Disable autorun to prevent USB flash drive infections (you can access any attached devices through through Windows Explorer (Windows key + E) or through Start -> Computer)"

The need for enacting the last point was superseded by was an update to Security Advisory 967940 which retires the autorun feature, in the last batch of Windows Updates on Tuesday, February 8. You can read about it >HERE< and then check your update history to see if you installed it.

You can also remove the C:\Qoobox folder (which belongs to Combofix) if it is still present.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.