Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with FireFox & Google re-directing


  • Please log in to reply
11 replies to this topic

#1 Daz2106

Daz2106

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 10 November 2010 - 11:24 AM

Hi all,
I have read several topics on here that seems like there having the same problem as me and i thought i would open up my own topic to get the best help from you guys.

OK so the problem im having is i use FireFox to surf the net. i never have any problems with this unless i go to google.co.uk and do a search then when i click on a result i see a blank page for about 3 seconds with the google favicon then the page reloads to some ads or site that i don't want then my AV (Norton Internet Security 2011) displays a splash screen to say that the site is malware or has trogens ect.
If i then click the back button and click the google link again it does the same thing, i repeat this process 3 to 4 times and finally the correct page loads.

I have done a MalwareBytes scan (quick & full) and it found some files and removed them but still the problem remains. I really don't want to do a full format and re-install. (this will be my very last resort)

The PC im running is windows XP sp3 Professional version 2002
Its a personal PC
Any help that you can provide will be greatly appreciated

i have included a log from malwarebytes log that shows no infections (this is because i have already tried to clean the system with no luck)

LOG
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5083

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/11/2010 04:09:01 pm
mbam-log-2010-11-10 (16-09-01).txt

Scan type: Quick scan
Objects scanned: 164536
Time elapsed: 8 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,070 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:07 AM

Posted 10 November 2010 - 06:56 PM

Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKiller
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process. <- Important!!
    Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Daz2106

Daz2106
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 10 November 2010 - 07:55 PM

thanks for your reply i ran a on-line scan called 'ESET Online Antivirus Scanner' www.eset.com/onlinescan and this fount a trojan or something similar and it appearers to have solved the problem for now

can you give me information on what this trojan has done? or what it does?
does it record keys or passwords ect ect. the reason i want to know is if it does then i need to change all my passwords for paypal, on-line banking ect ect...

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,070 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:07 AM

Posted 10 November 2010 - 08:59 PM

I would need to see the results of the Eset scan. A log.txt file should have been created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Daz2106

Daz2106
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 11 November 2010 - 03:01 AM

here is the combo fix log
these files are still on my pc here C:\Qoobox\Quarantine, can i delete them now that they have been quarantined?

2010-11-10 15:34:09 . 2010-11-10 15:34:09
952 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-Sonicart 2.0.reg.dat
2010-11-10 15:33:35 . 2010-11-10 15:33:36
129 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CmPCIaudio.reg.dat
2010-11-10 15:27:06 . 2010-11-10 15:27:06
10,357 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-11-10 15:15:25 . 2010-11-10 15:21:17
102 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2010-10-05 18:46:55 . 1998-11-23 15:10:06
90,112 ----a-w-  C:\Qoobox\Quarantine\C\WINDOWS\system32\ccrpTmr6.dll.vir
2010-10-03 10:51:16 . 2010-09-29 18:14:20
767 ----a-w-  C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Internet Explorer.lnk.vir

and here is TDSSKiller log

2010/11/11 00:46:34.0703	TDSS rootkit removing tool 2.4.7.0 Nov  8 2010 10:52:22
2010/11/11 00:46:34.0703	================================================================================
2010/11/11 00:46:34.0703	SystemInfo:
2010/11/11 00:46:34.0703	
2010/11/11 00:46:34.0703	OS Version: 5.1.2600 ServicePack: 3.0
2010/11/11 00:46:34.0703	Product type: Workstation
2010/11/11 00:46:34.0703	ComputerName: H***-****-*******
2010/11/11 00:46:34.0703	UserName: **Homer**
2010/11/11 00:46:34.0703	Windows directory: C:\WINDOWS
2010/11/11 00:46:34.0703	System windows directory: C:\WINDOWS
2010/11/11 00:46:34.0703	Processor architecture: Intel x86
2010/11/11 00:46:34.0703	Number of processors: 2
2010/11/11 00:46:34.0703	Page size: 0x1000
2010/11/11 00:46:34.0703	Boot type: Normal boot
2010/11/11 00:46:34.0703	================================================================================
2010/11/11 00:46:35.0250	Initialize success
2010/11/11 00:46:38.0390	================================================================================
2010/11/11 00:46:38.0390	Scan started
2010/11/11 00:46:38.0390	Mode: Manual; 
2010/11/11 00:46:38.0390	================================================================================
2010/11/11 00:46:39.0515	ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/11 00:46:39.0562	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/11 00:46:39.0640	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/11 00:46:39.0687	AFD             (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2010/11/11 00:46:39.0843	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/11 00:46:39.0953	Aspi32          (20d04091eba710f6988f710507d85868) C:\WINDOWS\system32\drivers\Aspi32.sys
2010/11/11 00:46:39.0984	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/11 00:46:40.0015	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/11 00:46:40.0078	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/11 00:46:40.0125	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/11 00:46:40.0171	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/11 00:46:40.0328	BHDrvx86        (80f390347c7754835a900349ba1e4b75) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx86.sys
2010/11/11 00:46:40.0390	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/11 00:46:40.0421	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/11/11 00:46:40.0468	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/11 00:46:40.0500	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/11 00:46:40.0531	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/11 00:46:40.0687	cmuda3          (5d9e1c82428d99ff664139648a13fcbf) C:\WINDOWS\system32\drivers\cmudax3.sys
2010/11/11 00:46:40.0843	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/11 00:46:40.0906	dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/11 00:46:40.0953	dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/11 00:46:40.0984	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/11 00:46:41.0046	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/11 00:46:41.0203	dpK0Bx01        (aa586b977f26720193e76c6ce4975f0e) C:\WINDOWS\system32\DRIVERS\dpK0Bx01.sys
2010/11/11 00:46:41.0421	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/11 00:46:41.0515	eeCtrl          (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/11/11 00:46:41.0562	EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/11/11 00:46:41.0609	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/11 00:46:41.0656	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/11 00:46:41.0671	Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/11 00:46:41.0718	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/11 00:46:41.0781	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/11 00:46:41.0812	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/11 00:46:41.0843	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/11 00:46:41.0890	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/11 00:46:41.0953	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/11 00:46:42.0015	HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/11 00:46:42.0093	i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2010/11/11 00:46:42.0265	IDSxpx86        (74e8463447101ecf0165ddc7e5168b7e) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101108.002\IDSxpx86.sys
2010/11/11 00:46:42.0296	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/11 00:46:42.0359	intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/11 00:46:42.0406	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/11/11 00:46:42.0437	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/11 00:46:42.0500	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/11 00:46:42.0531	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/11 00:46:42.0593	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/11 00:46:42.0640	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/11 00:46:42.0687	isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/11 00:46:42.0734	Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/11 00:46:42.0765	kbdhid          (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/11 00:46:42.0812	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/11 00:46:42.0859	KSecDD          (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/11 00:46:42.0937	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/11 00:46:43.0000	Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/11 00:46:43.0031	Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/11 00:46:43.0078	mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/11 00:46:43.0109	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/11 00:46:43.0156	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/11 00:46:43.0218	MRxSmb          (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/11 00:46:43.0250	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/11 00:46:43.0312	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/11 00:46:43.0359	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/11 00:46:43.0375	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/11 00:46:43.0390	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/11 00:46:43.0437	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/11/11 00:46:43.0468	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/11 00:46:43.0500	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/11/11 00:46:43.0609	NAVENG          (49d802531e5984cf1fe028c6c129b9d8) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101110.002\NAVENG.SYS
2010/11/11 00:46:43.0671	NAVEX15         (158676a5758c1fa519563b3e72fbf256) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20101110.002\NAVEX15.SYS
2010/11/11 00:46:43.0781	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/11 00:46:43.0828	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/11/11 00:46:43.0859	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/11 00:46:43.0890	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/11 00:46:43.0906	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/11 00:46:43.0953	NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/11 00:46:43.0968	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/11 00:46:44.0000	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/11 00:46:44.0078	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/11 00:46:44.0109	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/11 00:46:44.0156	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/11 00:46:44.0218	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/11 00:46:44.0484	nv              (3712d332633b853101ab786380c969ec) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/11 00:46:44.0718	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/11 00:46:44.0750	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/11 00:46:44.0828	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/11 00:46:44.0875	Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/11 00:46:44.0890	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/11 00:46:44.0937	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/11 00:46:44.0968	PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/11 00:46:45.0000	PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/11 00:46:45.0046	Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/11 00:46:45.0265	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/11 00:46:45.0281	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/11 00:46:45.0312	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/11 00:46:45.0359	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/11 00:46:45.0500	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/11 00:46:45.0531	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/11 00:46:45.0562	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/11 00:46:45.0593	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/11 00:46:45.0625	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/11 00:46:45.0640	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/11 00:46:45.0718	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/11 00:46:45.0765	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/11 00:46:45.0828	redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/11 00:46:45.0968	RT73            (4f153709d0691c6de8c9a4c5e813907c) C:\WINDOWS\system32\DRIVERS\rt73.sys
2010/11/11 00:46:46.0031	rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/11/11 00:46:46.0078	SCDEmu          (16b1abe7f3e35f21dac57592b6c5d464) C:\WINDOWS\system32\drivers\SCDEmu.sys
2010/11/11 00:46:46.0125	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/11 00:46:46.0171	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/11 00:46:46.0187	Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/11 00:46:46.0234	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/11 00:46:46.0312	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/11/11 00:46:46.0375	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/11 00:46:46.0437	sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/11 00:46:46.0515	SRTSP           (d0ab8e989935d895f1bed8f607fa0948) C:\WINDOWS\system32\drivers\NIS\1201000.025\SRTSP.SYS
2010/11/11 00:46:46.0562	SRTSPX          (fae9f5558a1f53670e579f9ffb4a67cc) C:\WINDOWS\system32\drivers\NIS\1201000.025\SRTSPX.SYS
2010/11/11 00:46:46.0593	Srv             (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/11 00:46:46.0640	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/11/11 00:46:46.0671	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/11 00:46:46.0703	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/11 00:46:46.0796	SymDS           (67e83f8c7e80dc898a1d73b38412ba7a) C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMDS.SYS
2010/11/11 00:46:46.0843	SymEFA          (3986a8de371e985ba6c82eb8da3b1e98) C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMEFA.SYS
2010/11/11 00:46:46.0890	SymEvent        (5c76a63fac8a5580c5a1c4a4ed827782) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/11/11 00:46:46.0953	SymIRON         (8ae632773b5192dce48f4ec8de753863) C:\WINDOWS\system32\drivers\NIS\1201000.025\Ironx86.SYS
2010/11/11 00:46:46.0984	SYMTDI          (34ff2368b7914d1b29d16aba865e982d) C:\WINDOWS\system32\drivers\NIS\1201000.025\SYMTDI.SYS
2010/11/11 00:46:47.0062	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/11 00:46:47.0140	Tcpip           (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/11 00:46:47.0187	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/11 00:46:47.0250	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/11 00:46:47.0296	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/11 00:46:47.0375	uagp35          (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2010/11/11 00:46:47.0406	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/11 00:46:47.0484	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/11 00:46:47.0531	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/11 00:46:47.0593	usbdpfp         (334fd1ed28cf35113522d86733ab576c) C:\WINDOWS\system32\DRIVERS\usbdpfp.sys
2010/11/11 00:46:47.0625	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/11 00:46:47.0640	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/11 00:46:47.0671	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/11/11 00:46:47.0718	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/11 00:46:47.0734	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/11 00:46:47.0765	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/11/11 00:46:47.0812	VCSVADHWSer     (b2abab4ca46bad182e27763dc19c780f) C:\WINDOWS\system32\DRIVERS\vcsvad.sys
2010/11/11 00:46:47.0828	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/11 00:46:47.0875	VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/11 00:46:47.0921	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/11 00:46:47.0984	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/11 00:46:48.0109	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/11/11 00:46:48.0156	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/11 00:46:48.0187	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/11 00:46:48.0359	================================================================================
2010/11/11 00:46:48.0359	Scan finished
2010/11/11 00:46:48.0359	================================================================================
2010/11/11 00:47:01.0500	Deinitialize success

and as for the ESET log i cant find that anywhere

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,070 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:07 AM

Posted 11 November 2010 - 07:21 AM

these files are still on my pc here C:\Qoobox\Quarantine, can i delete them now that they have been quarantined?

The files in Qoobox\Quarantine are threats previously removed by ComboFix, copied, renamed and sent to its quarantine folder so they are no longer a threat. No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.

Please download OTC by OldTimer and save to your Desktop.
  • Connect to the Internet and double-click on OTC.exe to start the program.
  • Click on the green CleanUp! button.
  • If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.
  • When it has finished, OTC will ask you to reboot so it can remove itself.
-- Doing this will remove any specialized tools downloaded and used. If OTC does not delete itself, then delete the file manually when done.
-- Any leftover folders/files on your desktop or related to ComboFix which OTC did not remove can be deleted manually (right-click on it and choose delete).


Please download and scan with the Kaspersky Virus Removal Tool from one of the links provided below and save it to your desktop.
Link 1
Link 2Be sure to print out and read the instructions provided in:How to Install Kaspersky Virus Removal Tool
How to use the Kaspersky Virus Removal Tool to automatically remove viruses
  • Double-click the setup file (i.e. setup_9.0.0.722_22.01.2010_10-04.exe) to select your language and install the utility.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • When the 'Setup page' appears, click Next, check the box 'I accept the license agreement' and click Next twice more to begin extracting the required files.
  • Setup may recommend to scan the computer in Safe Mode. Click Ok.
  • A window will open with a tab that says Autoscan and one for Manual disinfection.
  • Click the green Start scan button on the Autoscan tab in the main window.
  • If malware is detected, you will see the Scan Alert screen. Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.
  • In the Scan window click the Reports button, choose Critical events and select Save to save the results to a file (name it avptool.txt).
  • Copy and paste the report results of any threats detected and if they were successfully removed in your next reply. Do not include the longer list marked Events.
  • When finished, follow these instructions on How to uninstall Kaspersky Virus Removal Tool 2010.
-- If you cannot run this tool in normal mode, then try using it in "safe mode".

Please download Norman Malware Cleaner and save to your desktop.
alternate download link
Note: If you previously used Norman, delete that version and download it again as the tool is frequently updated!
  • Be sure to read all the information Norman provides on that same page.
  • Double-click on Norman_Malware_Cleaner.exe to start. Vista/Windows 7 users right-click and select Run As Administrator.
    The tool is very slow to load as it uses a special driver. This is normal so please be patient.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot to ensure that all infections are removed.
  • After the scan has finished, a log file a log file named NFix_date_time (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
  • Copy and paste the contents of that file in your next reply.
-- Note: If you need to scan usb flash drives and/or other removable drives, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Daz2106

Daz2106
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 11 November 2010 - 07:33 AM

my pc seems to be running fine now though
should i still follow the instructions you have just posted??

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,070 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:07 AM

Posted 11 November 2010 - 08:05 AM

Yes. No single product is 100% foolproof and can detect and remove all threats at any given time so its best to perform scans with multiple security tools.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Daz2106

Daz2106
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 11 November 2010 - 08:36 AM

OK will i have ran the OTC tool and rebooted and that's removed the files that i mentioned but now there is a folder there called 'BackEnv' C:\Qoobox\BackEnv
i cant access this folder or delete it. is this normal?

im just running the kaspersky tool and that's at 4%, (may take a while cos i have a 1TB HDD and its about 60% full)
i also ran malwarebytes again and that doesn't show any error's or virus ect, also did a Norton Scan of the full HDD and that didn't find any errors or virus

should i let kaspersky carry on?
do i also need to scan with that Norman malware scanner?

the reason i ask is that it takes a good 2 hours for each scan and i have things to be doing on my pc and its recommend that you don't do anything when a scan is performing

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,070 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:07 AM

Posted 11 November 2010 - 10:11 AM

Don't worry about the Qoobox folder right now. Your priority should be to deal with any malware first.

Yes continue with the scans. There are no guarantees or shortcuts when it comes to malware removal. Depending on the infection you are dealing with, it may take several efforts with different, the same or more powerful tools to do the job. Even then, with some types of malware infections, the task can be arduous and security tools may not find all the remnants.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Daz2106

Daz2106
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 11 November 2010 - 10:57 AM

ok so the kaspersky has now finished after 2 1/2 hours
there were no infections found
the program asked me to close the window then a popup opened and said to uninstall kaspersky so i clicked ok,
my pc then restarted then im back here now replying to you

so does this mean my pc is free from viruses and malware?
i have now done 4 scans from different programs and they all say that there are no more errors.

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,070 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:07 AM

Posted 11 November 2010 - 02:39 PM

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users