Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus help needed by total technophobe


  • Please log in to reply
19 replies to this topic

#1 heresmook

heresmook

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 05 December 2010 - 08:12 AM

Hi I have this virus on my computer that redirects me to different sites when I click on a link from google. It doesnt happen every time but it does happen frequently. I am on windows 7 and a 32 bt operating system. I have very limited computer knowledge but have tried running thins like AVG - Ive managed to physcially stop the redirects by changing the home page info (which had a redirect thing in the title) to google but I know its still there on my machine and want to get rid.

PLease help a damsel in distress

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,092 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:50 PM

Posted 05 December 2010 - 10:20 AM

Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKiller
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process. <- Important!!
    Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Step 9 recommends that you scan your computer using Malwarebytes Anti-Malware to remove any traces that may still be present. If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware. After performing that step, please post the complete results of your scan for review.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 heresmook

heresmook
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 05 December 2010 - 10:37 AM

Than k you for replying I really appreciate it - I tried to download the TDSS killer.zip but when I clicked to download I was redirected to the Gomeo site :( I dont have another computer to download it to as suggested nor do I have an external hardrive. Is there anything else I can do?

Edited by heresmook, 05 December 2010 - 10:45 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,092 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:50 PM

Posted 05 December 2010 - 05:41 PM

Can you reboot in "safe mode with networking? If so, try downloading from that mode.

If you cannot use the Internet or download any required programs to the infected machine, try downloading them from another computer (family member, friend, library, etc) with an Internet connection. Save to a flash (usb, pen, thumb, jump) drive or CD, transfer to the infected machine, then install and run the program(s). If you cannot copy files to your usb drive, make sure it is not "Write Protected". Some flash drives have a switch on the side or on the back as shown here which could have accidentally been moved to write protect.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 heresmook

heresmook
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 06 December 2010 - 06:27 AM

Thanks so much for your help - I will try your suggestions tonight :)

#6 heresmook

heresmook
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 06 December 2010 - 08:04 AM

I have managed to bot in safe mode and ran the TDSS killer followed by malwarebytes.

However the TDSS killer reported no suspicious objects fund but my computer is still redirecting if I use the forward and back button on my browser.

The log from the TDSS is as follows:

2010/12/06 12:59:47.0156 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/06 12:59:47.0156 ================================================================================
2010/12/06 12:59:47.0156 SystemInfo:
2010/12/06 12:59:47.0156
2010/12/06 12:59:47.0156 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/06 12:59:47.0156 Product type: Workstation
2010/12/06 12:59:47.0156 ComputerName: KYRA-PC
2010/12/06 12:59:47.0156 UserName: kyra
2010/12/06 12:59:47.0156 Windows directory: C:\Windows
2010/12/06 12:59:47.0156 System windows directory: C:\Windows
2010/12/06 12:59:47.0156 Processor architecture: Intel x86
2010/12/06 12:59:47.0156 Number of processors: 2
2010/12/06 12:59:47.0156 Page size: 0x1000
2010/12/06 12:59:47.0156 Boot type: Safe boot with network
2010/12/06 12:59:47.0156 ================================================================================
2010/12/06 12:59:47.0500 Initialize success
2010/12/06 12:59:50.0531 ================================================================================
2010/12/06 12:59:50.0531 Scan started
2010/12/06 12:59:50.0531 Mode: Manual;
2010/12/06 12:59:50.0531 ================================================================================
2010/12/06 12:59:52.0796 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/06 12:59:52.0890 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/06 12:59:52.0968 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/06 12:59:53.0046 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/06 12:59:53.0109 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/06 12:59:53.0171 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/06 12:59:53.0265 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/12/06 12:59:53.0312 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/06 12:59:53.0375 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/12/06 12:59:53.0453 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/06 12:59:53.0468 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/12/06 12:59:53.0546 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/06 12:59:53.0609 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/06 12:59:53.0625 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/06 12:59:53.0687 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/06 12:59:53.0781 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\

Many thanks for your help

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,092 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:50 PM

Posted 06 December 2010 - 08:42 AM

I asked if you could reboot in "safe mode with networking" in order to download the tools you needed.

However, its best to run them in normal mode. Go go ahead and rerun both TDSSkiller & Malwarebytes, then post fresh logs.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 heresmook

heresmook
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 06 December 2010 - 12:57 PM

Have re-run bot and paste the logs below:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5249

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

06/12/2010 15:40:13
mbam-log-2010-12-06 (15-40-13).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 323652
Time elapsed: 1 hour(s), 7 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/06 17:55:11.0561 ================================================================================
2010/12/06 17:55:11.0561 SystemInfo:
2010/12/06 17:55:11.0561
2010/12/06 17:55:11.0561 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/06 17:55:11.0561 Product type: Workstation
2010/12/06 17:55:11.0561 ComputerName: KYRA-PC
2010/12/06 17:55:11.0561 UserName: kyra
2010/12/06 17:55:11.0561 Windows directory: C:\Windows
2010/12/06 17:55:11.0561 System windows directory: C:\Windows
2010/12/06 17:55:11.0561 Processor architecture: Intel x86
2010/12/06 17:55:11.0561 Number of processors: 2
2010/12/06 17:55:11.0561 Page size: 0x1000
2010/12/06 17:55:11.0561 Boot type: Normal boot
2010/12/06 17:55:11.0561 ================================================================================
2010/12/06 17:55:12.0061 Initialize success
2010/12/06 17:55:13.0733 ================================================================================
2010/12/06 17:55:13.0749 Scan started
2010/12/06 17:55:13.0749 Mode: Manual;
2010/12/06 17:55:13.0749 ================================================================================
2010/12/06 17:55:17.0670 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/06 17:55:17.0717 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/06 17:55:17.0780 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/06 17:55:17.0858 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/06 17:55:17.0905 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/06 17:55:17.0936 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/06 17:55:18.0014 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/12/06 17:55:18.0077 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/06 17:55:18.0155 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/12/06 17:55:18.0202 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/06 17:55:18.0233 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/12/06 17:55:18.0280 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/06 17:55:18.0342 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/06 17:55:18.0358 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/06 17:55:18.0420 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/06 17:55:18.0452 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/06 17:55:18.0499 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/06 17:55:18.0545 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/12/06 17:55:18.0639 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/12/06 17:55:18.0702 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/06 17:55:18.0733 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/06 17:55:18.0780 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/06 17:55:18.0889 athrusb6 (be701d39fb0543083ddf74227638bcf3) C:\Windows\system32\DRIVERS\athru6.sys
2010/12/06 17:55:19.0045 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/12/06 17:55:19.0108 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/12/06 17:55:19.0170 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/12/06 17:55:19.0217 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/06 17:55:19.0280 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/06 17:55:19.0295 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/06 17:55:19.0327 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/06 17:55:19.0405 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/12/06 17:55:19.0420 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/06 17:55:19.0452 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/06 17:55:19.0483 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/06 17:55:19.0499 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/06 17:55:19.0577 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/06 17:55:19.0624 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/06 17:55:19.0670 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/06 17:55:19.0749 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/12/06 17:55:19.0811 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/06 17:55:19.0842 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/06 17:55:19.0889 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/12/06 17:55:19.0936 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/06 17:55:19.0983 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/06 17:55:20.0030 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/06 17:55:20.0124 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/12/06 17:55:20.0217 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/12/06 17:55:20.0264 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/12/06 17:55:20.0327 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/12/06 17:55:20.0420 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/12/06 17:55:20.0499 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/06 17:55:20.0686 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/12/06 17:55:20.0889 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/06 17:55:20.0920 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/06 17:55:20.0983 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/12/06 17:55:21.0014 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/12/06 17:55:21.0061 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/06 17:55:21.0124 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/12/06 17:55:21.0139 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/12/06 17:55:21.0186 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/06 17:55:21.0249 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/12/06 17:55:21.0311 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/12/06 17:55:21.0342 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/06 17:55:21.0405 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/06 17:55:21.0452 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/06 17:55:21.0545 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/06 17:55:21.0639 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/12/06 17:55:21.0702 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/06 17:55:21.0733 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/06 17:55:21.0764 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/06 17:55:21.0827 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/06 17:55:21.0874 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/06 17:55:21.0952 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/06 17:55:22.0014 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/12/06 17:55:22.0061 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/06 17:55:22.0108 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/06 17:55:22.0139 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/06 17:55:22.0202 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/06 17:55:22.0233 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/06 17:55:22.0280 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/06 17:55:22.0311 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/06 17:55:22.0358 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/06 17:55:22.0389 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/12/06 17:55:22.0420 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/12/06 17:55:22.0467 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/06 17:55:22.0592 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/06 17:55:22.0670 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/06 17:55:22.0702 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/06 17:55:22.0764 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/06 17:55:22.0842 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/06 17:55:22.0920 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/06 17:55:23.0014 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/06 17:55:23.0045 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/06 17:55:23.0092 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/06 17:55:23.0124 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/06 17:55:23.0170 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/12/06 17:55:23.0233 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/06 17:55:23.0280 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/06 17:55:23.0327 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/12/06 17:55:23.0374 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/06 17:55:23.0405 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/06 17:55:23.0436 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/06 17:55:23.0483 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/12/06 17:55:23.0530 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/06 17:55:23.0561 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/06 17:55:23.0608 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/12/06 17:55:23.0686 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/06 17:55:23.0733 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/06 17:55:23.0795 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/06 17:55:23.0827 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/06 17:55:23.0874 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/06 17:55:23.0936 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/12/06 17:55:23.0967 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/06 17:55:24.0030 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/06 17:55:24.0077 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/06 17:55:24.0108 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/06 17:55:24.0139 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/12/06 17:55:24.0186 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/12/06 17:55:24.0233 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/06 17:55:24.0280 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/12/06 17:55:24.0295 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/06 17:55:24.0342 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/12/06 17:55:24.0405 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/06 17:55:24.0483 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2010/12/06 17:55:24.0561 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/06 17:55:24.0608 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/06 17:55:24.0655 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/06 17:55:24.0686 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/06 17:55:24.0717 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/12/06 17:55:24.0764 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/06 17:55:24.0795 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/06 17:55:24.0889 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/06 17:55:24.0936 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/12/06 17:55:25.0014 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/06 17:55:25.0108 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/12/06 17:55:25.0202 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/12/06 17:55:25.0233 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/06 17:55:25.0280 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/06 17:55:25.0327 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/06 17:55:25.0342 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/06 17:55:25.0405 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/12/06 17:55:25.0452 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/12/06 17:55:25.0483 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/12/06 17:55:25.0530 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/12/06 17:55:25.0577 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/06 17:55:25.0624 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/06 17:55:25.0670 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/12/06 17:55:25.0717 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/12/06 17:55:25.0983 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/06 17:55:26.0045 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/12/06 17:55:26.0124 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/06 17:55:26.0186 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/06 17:55:26.0264 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/06 17:55:26.0374 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/06 17:55:26.0436 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/06 17:55:26.0467 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/06 17:55:26.0545 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/06 17:55:26.0577 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/06 17:55:26.0655 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/06 17:55:26.0702 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/06 17:55:26.0733 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/06 17:55:26.0764 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/06 17:55:26.0795 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/06 17:55:26.0874 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/12/06 17:55:26.0920 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/06 17:55:26.0967 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/06 17:55:27.0014 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/12/06 17:55:27.0077 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/12/06 17:55:27.0186 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/06 17:55:27.0249 RTL8023xp (4e20765744bfbc16f6d6e5bd5598786b) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2010/12/06 17:55:27.0311 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/12/06 17:55:27.0499 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Users\kyra\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS
2010/12/06 17:55:27.0577 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Users\kyra\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS
2010/12/06 17:55:27.0639 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/06 17:55:27.0686 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/06 17:55:27.0749 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/06 17:55:27.0811 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/06 17:55:27.0858 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/12/06 17:55:27.0889 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/06 17:55:27.0952 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/06 17:55:27.0983 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/06 17:55:28.0014 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/06 17:55:28.0045 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/06 17:55:28.0092 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/12/06 17:55:28.0155 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/06 17:55:28.0186 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/06 17:55:28.0249 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/12/06 17:55:28.0311 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/12/06 17:55:28.0420 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/06 17:55:28.0499 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/06 17:55:28.0592 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/06 17:55:28.0655 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/06 17:55:28.0733 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/12/06 17:55:28.0795 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/12/06 17:55:28.0827 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/06 17:55:28.0967 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2010/12/06 17:55:29.0092 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/06 17:55:29.0139 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/06 17:55:29.0186 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/12/06 17:55:29.0202 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/12/06 17:55:29.0249 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/06 17:55:29.0280 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/06 17:55:29.0358 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/06 17:55:29.0420 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/06 17:55:29.0467 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/06 17:55:29.0483 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/06 17:55:29.0561 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/06 17:55:29.0608 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/06 17:55:29.0655 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/06 17:55:29.0717 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/06 17:55:29.0764 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/06 17:55:29.0811 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/06 17:55:29.0858 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/06 17:55:29.0889 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/06 17:55:29.0936 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/06 17:55:29.0983 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/06 17:55:30.0030 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/06 17:55:30.0045 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/06 17:55:30.0124 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/06 17:55:30.0155 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/06 17:55:30.0186 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/12/06 17:55:30.0233 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/06 17:55:30.0280 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/12/06 17:55:30.0311 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/12/06 17:55:30.0342 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/06 17:55:30.0405 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/12/06 17:55:30.0452 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/12/06 17:55:30.0499 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/06 17:55:30.0545 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/12/06 17:55:30.0608 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/06 17:55:30.0655 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/06 17:55:30.0717 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/12/06 17:55:30.0764 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/06 17:55:30.0811 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/06 17:55:30.0842 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/06 17:55:30.0936 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/12/06 17:55:30.0983 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/06 17:55:31.0092 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/06 17:55:31.0139 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/12/06 17:55:31.0233 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/06 17:55:31.0327 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/06 17:55:31.0405 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/12/06 17:55:31.0452 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/06 17:55:31.0561 ================================================================================
2010/12/06 17:55:31.0561 Scan finished
2010/12/06 17:55:31.0561 ================================================================================
2010/12/06 17:55:38.0045 Deinitialize success

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,092 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:50 PM

Posted 06 December 2010 - 01:25 PM

Please download Norman Malware Cleaner and save to your desktop.
alternate download link
If you previously used Norman, delete that version and download it again as the tool is frequently updated!
  • Be sure to read all the information Norman provides on that same page.
  • Double-click on Norman_Malware_Cleaner.exe to start. Vista/Windows 7 users right-click and select Run As Administrator.
    The tool is very slow to load as it uses a special driver. This is normal so please be patient.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot to ensure that all infections are removed.
  • After the scan has finished, a log file a log file named NFix_date_time (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
  • Copy and paste the contents of that file in your next reply.
-- Note: If you need to scan a usb flash drives or other removable drives not listed, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.


Please perform a scan with Eset Online Anti-virus Scanner.
  • This scan requires Internet Explorer to work. If using a different browser, you will be given the option to download and use the ESET Smart Installer.
  • Vista/Windows 7 users need to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 heresmook

heresmook
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 07 December 2010 - 11:03 AM

I am so sorry but I made some mistakes while doing what you asked. Firstly, My son switched off the computer midscan on the norman malware programme so I ran it again (ive posted logs from both) then I made a mistake saving a text log from the ESET scanner so ran that again (ive posted the text file I managed to save correctly). Apologies!

Norman Malware Cleaner
Version 1.8.3
Copyright 1990 - 2010, Norman ASA. Built 2010/12/05 23:56:48

Norman Scanner Engine Version: 6.06.07
Nvcbin.def Version: 6.06.00, Date: 2010/12/05 23:56:48, Variants: 8288531

Scan started: 2010/12/06 22:04:23

Running pre-scan cleanup routine:
Operating System: Microsoft Windows 7 6.1.7600
Logged on user: kyra-PC\kyra


Scanning kernel...

Kernel scan complete


Scanning bootsectors...

Number of sectors found: 1
Number of sectors scanned: 1
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s 110ms


Scanning running processes and process memory...

Number of processes/threads found: 5043
Number of processes/threads scanned: 5043
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 6m 4s


Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\System Volume Information\{1201f4bf-f78f-11df-bf40-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{1201f4e5-f78f-11df-bf40-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{1201f4ed-f78f-11df-bf40-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{167255b2-fc46-11df-9050-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{1e590cb6-f39f-11df-8712-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{457ddc24-fea2-11df-80ad-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{6ab7de79-f171-11df-86e0-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{6ab7de92-f171-11df-86e0-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{6ab7de9a-f171-11df-86e0-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{6ab7de9e-f171-11df-86e0-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{6ab7dea2-f171-11df-86e0-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{6ab7def2-f171-11df-86e0-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{6ab7df01-f171-11df-86e0-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{7ac95ea7-f169-11df-bdb7-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{844fc726-f163-11df-b83b-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{844fc781-f163-11df-b83b-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{8df3bf52-f21e-11df-8125-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{90e5b430-f3e5-11df-94a2-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{90e5b436-f3e5-11df-94a2-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{90e5b43a-f3e5-11df-94a2-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{c399ecf2-f094-11df-8a43-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{d4cd6c32-f920-11df-888f-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{d6a07e9b-f208-11df-8277-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{ead7b7f1-efc9-11df-a0ff-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\Windows.old\ProgramData\{79B8DAC5-643C-49ED-954D-AF51C0FAC64C}\sightBOSS-Setup.res/componentstree.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Windows.old\ProgramData\{79B8DAC5-643C-49ED-954D-AF51C0FAC64C}\sightBOSS-Setup.res/destination.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Windows.old\ProgramData\{79B8DAC5-643C-49ED-954D-AF51C0FAC64C}\sightBOSS-Setup.res/maintenance.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Windows.old\ProgramData\{79B8DAC5-643C-49ED-954D-AF51C0FAC64C}\sightBOSS-Setup.res/progressprereq.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Windows.old\ProgramData\{79B8DAC5-643C-49ED-954D-AF51C0FAC64C}\sightBOSS-Setup.res/setuptype.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Windows.old\ProgramData\{79B8DAC5-643C-49ED-954D-AF51C0FAC64C}\sightBOSS-Setup.res/startinstallation.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Windows.old\ProgramData\{79B8DAC5-643C-49ED-954D-AF51C0FAC64C}\sightBOSS-Setup.res/welcome.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Windows.old\ProgramData\{79B8DAC5-643C-49ED-954D-AF51C0FAC64C}\sightBOSS-Setup.res/wizard.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

Scanning: D:\*.*

Scanning: postscan


Running post-scan cleanup routine:

Number of files found: 516443
Number of archives unpacked: 5312
Number of files scanned: 516382
Number of files not scanned: 61
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 3h 41m 3s


Norman Malware Cleaner
Version 1.8.3
Copyright 1990 - 2010, Norman ASA. Built 2010/12/05 23:56:48

Norman Scanner Engine Version: 6.06.07
Nvcbin.def Version: 6.06.00, Date: 2010/12/05 23:56:48, Variants: 8288531

Scan started: 2010/12/06 19:15:16

Running pre-scan cleanup routine:
Operating System: Microsoft Windows 7 6.1.7600
Logged on user: kyra-PC\kyra

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = -> ""

Scanning kernel...

Kernel scan complete


Scanning bootsectors...

Number of sectors found: 1
Number of sectors scanned: 1
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s 16ms


Scanning running processes and process memory...

Number of processes/threads found: 5760
Number of processes/threads scanned: 5760
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 6m 40s


Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\32788R22FWJFW\catchme.cfxxe (Infected with W32/Smalltroj.ZLDK)
Deleted file

C:\System Volume Information\{1201f4bf-f78f-11df-bf40-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{1201f4e5-f78f-11df-bf40-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{1201f4ed-f78f-11df-bf40-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{167255b2-fc46-11df-9050-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{1e590cb6-f39f-11df-8712-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{457ddc24-fea2-11df-80ad-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{6ab7de79-f171-11df-86e0-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{6ab7de92-f171-11df-86e0-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{6ab7de9a-f171-11df-86e0-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{6ab7de9e-f171-11df-86e0-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{6ab7dea2-f171-11df-86e0-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{6ab7def2-f171-11df-86e0-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{6ab7df01-f171-11df-86e0-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{7ac95ea7-f169-11df-bdb7-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{844fc726-f163-11df-b83b-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{844fc781-f163-11df-b83b-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{8df3bf52-f21e-11df-8125-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{90e5b430-f3e5-11df-94a2-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{90e5b436-f3e5-11df-94a2-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{90e5b43a-f3e5-11df-94a2-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{c399ecf2-f094-11df-8a43-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{d4cd6c32-f920-11df-888f-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{d6a07e9b-f208-11df-8277-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{ead7b7f1-efc9-11df-a0ff-0040d0ab97b8}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\Users\kyra\AppData\Local\Temp\jar_cache3055796819578265920.tmp/bpac/a.class (Infected with JAVA/Agent.BI)
Deleted file

C:\Users\kyra\AppData\Local\Temp\jar_cache6750435121874823767.tmp/applet.class (Infected with JAVA/Exploit.AY)
Deleted file

C:\Users\kyra\AppData\Local\Temp\~nsu.tmp\ALOT_Toolbar_11708_Installer.exe (Infected with W32/Obfuscated.AK!genr)
Deleted file

C:\Users\kyra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\4d273690-6c12a1f3/bpac/a.class (Infected with JAVA/Agent.BI)
Deleted file

C:\Users\kyra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\485a6f91-680ef2e1/bpac/a.class (Infected with JAVA/Agent.BI)
Deleted file

C:\Users\kyra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\668f4964-51cb7477/bpac/a.class (Infected with JAVA/Agent.BI)
Deleted file

C:\Users\kyra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\29425c6b-45103689/bpac/a.class (Infected with JAVA/Agent.BI)
Deleted file

C:\Users\kyra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\38fd132c-71198e9b/bpac/a.class (Infected with JAVA/Agent.BI)
Deleted file

C:\Users\kyra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\429f32d-7d4880cf/bpac/a.class (Infected with JAVA/Agent.BI)
Deleted file

C:\Users\kyra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\f54af72-6f978a37/bpac/a.class (Infected with JAVA/Agent.BI)
Deleted file

C:\Users\kyra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\6bedbc33-4eeab91c/bpac/a.class (Infected with JAVA/Agent.BI)
Deleted file

C:\Users\kyra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\2c035c34-5dbfc71d/bpac/a.class (Infected with Suspicious_Gen2.EEFLX)
Deleted file

C:\Users\kyra\Desktop\SmitfraudFix\Reboot.exe (Infected with W32/Rebooter.AI)
Deleted file

C:\Users\kyra\Desktop\SmitfraudFix\restart.exe (Infected with W32/Shutdown.BD)
Deleted file

C:\Windows.old\Program Files\ErrorSmart\RegCleaner.dll (Infected with W32/Suspicious_Gen2.DNIHP)
Deleted file

C:\Windows.old\Program Files\ErrorSmart\TCL.dll (Infected with W32/SpySheriff.EA)
Deleted file

C:\Windows.old\Program Files\Ixquick Toolbar\ix_quick.dll (Infected with W32/Adware.B!genr)
Deleted file

C:\Windows.old\ProgramData\{79B8DAC5-643C-49ED-954D-AF51C0FAC64C}\sightBOSS-Setup.res/componentstree.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Windows.old\ProgramData\{79B8DAC5-643C-49ED-954D-AF51C0FAC64C}\sightBOSS-Setup.res/destination.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Windows.old\ProgramData\{79B8DAC5-643C-49ED-954D-AF51C0FAC64C}\sightBOSS-Setup.res/maintenance.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Windows.old\ProgramData\{79B8DAC5-643C-49ED-954D-AF51C0FAC64C}\sightBOSS-Setup.res/progressprereq.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Windows.old\ProgramData\{79B8DAC5-643C-49ED-954D-AF51C0FAC64C}\sightBOSS-Setup.res/setuptype.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Windows.old\ProgramData\{79B8DAC5-643C-49ED-954D-AF51C0FAC64C}\sightBOSS-Setup.res/startinstallation.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Windows.old\ProgramData\{79B8DAC5-643C-49ED-954D-AF51C0FAC64C}\sightBOSS-Setup.res/welcome.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Windows.old\ProgramData\{79B8DAC5-643C-49ED-954D-AF51C0FAC64C}\sightBOSS-Setup.res/wizard.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

ESET
C:\Users\kyra\Desktop\SmitfraudFix\Process.exe Win32/PrcView application cleaned by deleting - quarantined

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,092 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:50 PM

Posted 07 December 2010 - 11:19 AM

It appears that someone ran both ComboFix and SmitfraudFix on this machine. Do you know what that was done?

Did the Eset scan find anything the first time it was run?

Are you still getting the redirects?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 heresmook

heresmook
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 07 December 2010 - 02:49 PM

Hi, not managed to find out who ran the programmes you mentioned - although I suspect son or husband!

I ran the ESET scan again and got the following:

C:\Users\kyra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JAJM4JEK\scaner[1].htm JS/TrojanDownloader.FraudLoad.NAB trojan cleaned by deleting - quarantined
C:\Users\kyra\AppData\Local\Temp\jar_cache3055796819578265920.tmp Java/TrojanDownloader.Agent.NCA trojan deleted - quarantined
C:\Users\kyra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\2d43a641-41b06435 multiple threats deleted - quarantined
C:\Users\kyra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\4d273690-6c12a1f3 Java/TrojanDownloader.Agent.NCA trojan deleted - quarantined
C:\Users\kyra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\485a6f91-680ef2e1 Java/TrojanDownloader.Agent.NCA trojan deleted - quarantined
C:\Users\kyra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\799a7c9d-439b584d multiple threats deleted - quarantined
C:\Users\kyra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\668f4964-51cb7477 Java/TrojanDownloader.Agent.NCA trojan deleted - quarantined
C:\Users\kyra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\29425c6b-45103689 Java/TrojanDownloader.Agent.NCA trojan deleted - quarantined
C:\Users\kyra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\38fd132c-71198e9b Java/TrojanDownloader.Agent.NCA trojan deleted - quarantined
C:\Users\kyra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\429f32d-7d4880cf Java/TrojanDownloader.Agent.NCA trojan deleted - quarantined
C:\Users\kyra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\f54af72-6f978a37 Java/TrojanDownloader.Agent.NCA trojan deleted - quarantined
C:\Users\kyra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\6bedbc33-4eeab91c Java/TrojanDownloader.Agent.NCA trojan deleted - quarantined
C:\Users\kyra\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\2c035c34-5dbfc71d Java/TrojanDownloader.Agent.NCA trojan deleted - quarantined
C:\Windows.old\Program Files\Ixquick Deskbar\deskbar.dll a variant of Win32/Adware.Softomate.AC application cleaned by deleting - quarantined


I just tested if I was getting re-directs again and unfortunately yes I am, when I use the back button on the browser - the next time I click a link I go to a page called icityfind

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,092 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:50 PM

Posted 07 December 2010 - 06:58 PM

Your scan results indicate a threat(s) was found in the Java cache and Web browser cache.

When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder (C:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache) for quick execution later and better performance. Malicious applets are also stored in the Java cache directory and your anti-virus may detect them and provide alerts. For more specific information about Java exploits, please refer to Virus found in the Java cache directory.

As a precaution, I recommend clearing the entire cache to ensure everything is cleaned out:
Please download and scan with the Kaspersky Virus Removal Tool from one of the links provided below and save it to your desktop.
Link 1
Link 2Be sure to print out and read the instructions provided in:How to Install Kaspersky Virus Removal Tool
How to use the Kaspersky Virus Removal Tool to automatically remove viruses
  • Double-click the setup file (i.e. setup_9.0.0.722_22.01.2010_10-04.exe) to select your language and install the utility.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • When the 'Setup page' appears, click Next, check the box 'I accept the license agreement' and click Next twice more to begin extracting the required files.
  • Setup may recommend to scan the computer in Safe Mode. Click Ok.
  • A window will open with a tab that says Autoscan and one for Manual disinfection.
  • Click the green Start scan button on the Autoscan tab in the main window.
  • If malware is detected, you will see the Scan Alert screen. Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.
  • In the Scan window click the Reports button, choose Critical events and select Save to save the results to a file (name it avptool.txt).
  • Copy and paste the report results of any threats detected and if they were successfully removed in your next reply. Do not include the longer list marked Events.
  • When finished, follow these instructions on How to uninstall Kaspersky Virus Removal Tool 2010.
-- If you cannot run this tool in normal mode, then try using it in "safe mode".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 heresmook

heresmook
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 09 December 2010 - 03:00 AM

Hi, Nothing was found on the kaspersky scan, so nothing to post!

A quick test to see if I am being redirected after using the back button shows currently Iam not!

Thank you so much for your help - is there anything else I need to do or any virus protection I should install?

Thank you again!

#15 heresmook

heresmook
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 09 December 2010 - 06:56 AM

I spoke too soon. Just been redirected to a site called Gomeo when I clicked on a google link :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users