Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect in FireFox/ IE pop up window problem


  • This topic is locked This topic is locked
16 replies to this topic

#1 Sabav

Sabav

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 12 December 2010 - 06:51 PM

Hi there,

I am new to these forums. Starting yesterday morning I have found that I get redirected randomly to some advertising pages when using Google Search in Firefox. Basically when I search something in google and then click on the resulted links, sometimes (not always) I get redirected to an unrelated web page.

Also, last night my IE started creating pop up windows to www.checkedstats.com , or some site called e-Zanga. and I was not even using IE at the time. I do have a peer-to-peer sharing software on my computer but I can't remember the last time I actually used it, so I don't think it's because of a file I recently downloaded but you never know I guess. I have windows defender/firewall and Sophos antivirus on my computer at the moment.

I read the preperation guide and used DeFogger (although it did not ask me to restart my computer, so I'm not sure if it found anything), and then used DDS and GMER (it took about 7 hours for GMER to scan my C drive). There are no "red" lines in the GMER scan window though. Anyway, the files are attached, hope you can help me!

The DDS.txt log is :


DDS (Ver_10-12-12.01) - NTFSx86
Run by saba at 1:49:48.22 on Sun 12/12/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.943 [GMT -8:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
AV: Sophos Anti-Virus *Enabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Enabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version4\TeamViewer.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\saba\Desktop\windows-kb890830-v3.13.exe
c:\6b283faa878772d9267bd6d6\mrtstub.exe
C:\Windows\system32\MRT.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\sdclt.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\saba\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.sonystyle.ca/vaio
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\saba\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Unattend0000000001{630C7228-8502-4F7C-8DF2-412ACCE58C37}] %PROGRAMFILES%\Sony\First Experience\VAIOWelcome.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Skytel] Skytel.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: catnet.dll msperf.dll,c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL msperf.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\saba\appdata\roaming\mozilla\firefox\profiles\n4so8sse.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\saba\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\saba\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\saba\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\saba\appdata\roaming\mozilla\firefox\profiles\n4so8sse.default\extensions\{f5e4ac68-1466-4b9f-b043-f40127f993d0}\plugins\npatgpc.dll
FF - plugin: c:\users\saba\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\users\saba\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\saba\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: WebEx plug-in: {F5E4AC68-1466-4b9f-B043-F40127F993D0} - c:\users\saba\appdata\roaming\mozilla\firefox\profiles\n4so8sse.default\extensions\{F5E4AC68-1466-4b9f-B043-F40127F993D0}
FF - Extension: Redirect Cleaner: redirectcleaner@example.net - c:\users\saba\appdata\roaming\mozilla\firefox\profiles\n4so8sse.default\extensions\redirectcleaner@example.net
FF - Extension: FIFA Online Web Launcher: eafo3fflauncher@ea.com - c:\users\saba\appdata\roaming\mozilla\firefox\profiles\n4so8sse.default\extensions\eafo3fflauncher@ea.com
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\users\saba\appdata\roaming\Move Networks

============= SERVICES / DRIVERS ===============

R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2010-12-11 93688]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-12-11 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-12-11 98304]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-12-11 172032]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-5-18 185640]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects\uCamMonitor.exe [2009-5-8 104960]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2009-5-8 17408]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-4-28 28464]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2008-4-28 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2008-4-28 43904]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-4-28 9344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-4-28 818688]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2009-5-8 104288]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2009-5-8 350048]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2009-5-8 63328]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-4-28 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-4-28 87328]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-12-11 20288]

=============== Created Last 30 ================

2010-12-12 09:10:57 -------- d-----w- C:\6b283faa878772d9267bd6d6
2010-12-12 02:54:25 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-12 02:54:24 139152 ----a-w- c:\users\saba\appdata\roaming\PnkBstrK.sys
2010-12-12 02:53:58 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-12 02:53:56 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-12 02:53:54 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-12-12 02:53:52 -------- d-----w- c:\program files\EA Sports
2010-12-11 22:07:55 -------- d-----w- c:\users\saba\appdata\local\Sophos
2010-12-11 22:06:38 130088 ----a-w- c:\windows\system32\sdccoinstaller.dll
2010-12-11 22:06:03 -------- d-----w- c:\program files\common files\Cisco Systems
2010-12-11 22:05:57 23552 ----a-w- c:\windows\system32\sophosboottasks.exe
2010-12-11 22:04:58 93688 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2010-12-11 22:04:33 20288 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2010-12-11 22:03:02 -------- d-----w- c:\program files\Sophos
2010-12-11 22:03:01 -------- d-----w- c:\progra~2\Sophos
2010-12-11 22:02:15 -------- d-----w- C:\Temp
2010-12-11 21:40:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-11 21:40:35 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-12-11 21:40:05 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-12-11 21:35:45 2730536 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2010-12-11 21:35:41 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e90c1591-dc69-401b-9996-5063b1982d6c}\mpengine.dll
2010-12-11 21:35:38 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-11 08:43:23 478720 --sh--w- c:\windows\system32\catnet.dll
2010-12-11 08:43:17 62976 --sh--w- c:\windows\system32\msperf.dll
2010-12-10 05:03:29 749832 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2010-11-24 19:31:01 -------- d-----w- c:\program files\iPod
2010-11-24 19:31:00 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-24 19:22:32 -------- d-----w- c:\program files\Bonjour
2010-11-24 02:16:34 7680 ----a-w- c:\program files\internet explorer\iecompat.dll

==================== Find3M ====================

2010-10-07 20:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 20:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 20:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-28 23:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL

============= FINISH: 1:50:31.69 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Sabav

Sabav
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 14 December 2010 - 12:34 AM

Hi there,

I realize that the experts on this website must be vey busy, but I can see that some other people with the exact same problem as me have been helped although they posted their issues later. I would really appreciate it if you could help me with this problem as soon as possible. I really do not want to run the malware remover scripts by myself!

Thanks a lot,
Sabav

#3 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:01:10 PM

Posted 21 December 2010 - 04:14 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
Download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.scr
DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:


Why we request you disable CD Emulation when receiving Malware Removal Advice

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

Best Regards,
oneof4.

Best Regards,
oneof4.


#4 Sabav

Sabav
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 22 December 2010 - 05:30 AM

Hi there,

Thanks for replying! I have tried not to use my computer in the past 3-4 days, I ran the scans you requested again. It took GMER about 8 hours to run the whole scan, but it didn't give me any warnings and the report is kind of short! (I had checked off IAT/EAT box in GMER options as mentioned in the preparation guide). Also, now it looks like I can't connect to the internet, while before running DDS and GMER I could connect. (There is a slight chance it may be something with my router, but I'm reporting it anyway).

I am now using another computer to send the logs:

DDS log:

DDS (Ver_10-12-12.01) - NTFSx86
Run by saba at 15:20:54.06 on Tue 12/21/2010
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1515 [GMT -8:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TeamViewer\Version4\TeamViewer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\saba\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.sonystyle.ca/vaio
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\saba\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Unattend0000000001{630C7228-8502-4F7C-8DF2-412ACCE58C37}] %PROGRAMFILES%\Sony\First Experience\VAIOWelcome.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Skytel] Skytel.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: catnet.dll msperf.dll,c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL msperf.dll msperf.dll msperf.dll msperf.dll msperf.dll msperf.dll msperf.dll msperf.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\saba\appdata\roaming\mozilla\firefox\profiles\n4so8sse.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\saba\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\saba\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\saba\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\saba\appdata\roaming\mozilla\firefox\profiles\n4so8sse.default\extensions\{f5e4ac68-1466-4b9f-b043-f40127f993d0}\plugins\npatgpc.dll
FF - plugin: c:\users\saba\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\users\saba\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\saba\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: WebEx plug-in: {F5E4AC68-1466-4b9f-B043-F40127F993D0} - c:\users\saba\appdata\roaming\mozilla\firefox\profiles\n4so8sse.default\extensions\{F5E4AC68-1466-4b9f-B043-F40127F993D0}
FF - Extension: Redirect Cleaner: redirectcleaner@example.net - c:\users\saba\appdata\roaming\mozilla\firefox\profiles\n4so8sse.default\extensions\redirectcleaner@example.net
FF - Extension: FIFA Online Web Launcher: eafo3fflauncher@ea.com - c:\users\saba\appdata\roaming\mozilla\firefox\profiles\n4so8sse.default\extensions\eafo3fflauncher@ea.com
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\users\saba\appdata\roaming\Move Networks

============= SERVICES / DRIVERS ===============

R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2010-12-11 93688]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-12-11 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-12-11 98304]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-12-11 172032]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-5-18 185640]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects\uCamMonitor.exe [2009-5-8 104960]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2009-5-8 17408]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2008-4-28 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2008-4-28 43904]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-4-28 9344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-4-28 818688]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-4-28 28464]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-4-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-4-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-4-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-4-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-4-23 98568]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2009-5-8 104288]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2009-5-8 350048]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2009-5-8 63328]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-4-28 333088]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-4-28 87328]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-12-11 20288]

=============== Created Last 30 ================

2010-12-16 05:17:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 05:17:44 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-12-15 17:35:28 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{9366dd56-6d71-4d2a-9346-b5c8550b0d87}\mpengine.dll
2010-12-12 02:54:25 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-12-12 02:54:24 139152 ----a-w- c:\users\saba\appdata\roaming\PnkBstrK.sys
2010-12-12 02:53:58 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-12 02:53:56 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-12 02:53:54 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-12-12 02:53:52 -------- d-----w- c:\program files\EA Sports
2010-12-11 22:07:55 -------- d-----w- c:\users\saba\appdata\local\Sophos
2010-12-11 22:06:38 130088 ----a-w- c:\windows\system32\sdccoinstaller.dll
2010-12-11 22:06:03 -------- d-----w- c:\program files\common files\Cisco Systems
2010-12-11 22:05:57 23552 ----a-w- c:\windows\system32\sophosboottasks.exe
2010-12-11 22:04:58 93688 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2010-12-11 22:04:33 20288 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2010-12-11 22:03:02 -------- d-----w- c:\program files\Sophos
2010-12-11 22:03:01 -------- d-----w- c:\progra~2\Sophos
2010-12-11 22:02:15 -------- d-----w- C:\Temp
2010-12-11 21:40:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-11 21:40:35 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-12-11 21:40:05 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-12-11 21:35:45 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2010-12-11 21:35:38 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-11 08:43:23 478720 --sh--w- c:\windows\system32\catnet.dll
2010-12-11 08:43:17 62976 --sh--w- c:\windows\system32\msperf.dll
2010-12-10 05:03:29 749832 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2010-11-24 19:31:01 -------- d-----w- c:\program files\iPod
2010-11-24 19:31:00 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-11-24 19:22:32 -------- d-----w- c:\program files\Bonjour
2010-11-24 02:16:34 7680 ----a-w- c:\program files\internet explorer\iecompat.dll

==================== Find3M ====================

2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-07 20:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 20:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 20:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-09-28 23:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

============= FINISH: 15:21:51.54 ===============



and here is the GMER log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-22 01:36:15
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G1 rev.00410009
Running: gmer.exe; Driver: C:\Users\saba\AppData\Local\Temp\kxldypow.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\Users\saba\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfb57dc1e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3da4fb3a
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001bfb57dc1e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e3da4fb3a (not active ControlSet)

---- EOF - GMER 1.0.15 ----

Attached Files



#5 Sabav

Sabav
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 22 December 2010 - 03:31 PM

BTW, the connection problem was something with my router, I can connect to the internet now. Thanks.

#6 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:02:10 PM

Posted 23 December 2010 - 09:39 PM

Hi Sabav,

First of all I apologize for answering some logs before yours. I was doing a search for a common problem with a known solution and was posting it to some users since it could quickly solve their problem (and we have a considerable list of users waiting).
Even though your gmer log didn't accuse a TDL infection I would rather double-check it is not TDSS. Let's start with TDSSKiller:

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\TDSSKiller folder). Please copy and paste the contents of that file here.

And, let's do a generic malware check:

Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

#7 Sabav

Sabav
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 25 December 2010 - 10:19 PM

Hi there,

thanks for your reply. sorry for the delay in responding. I did the TDSS scan and the malwarebytes scan which found 5 infected files and I think it removed all of them. I don't have the redirect problem in IE or firefox anymore. Does that mean my problem is solved?!

thanks,
sabav

here is the TDSS log:

2010/12/25 18:44:41.0938 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/25 18:44:41.0938 ================================================================================
2010/12/25 18:44:41.0938 SystemInfo:
2010/12/25 18:44:41.0938
2010/12/25 18:44:41.0938 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/25 18:44:41.0938 Product type: Workstation
2010/12/25 18:44:41.0938 ComputerName: SABA-PC
2010/12/25 18:44:41.0938 UserName: saba
2010/12/25 18:44:41.0938 Windows directory: C:\Windows
2010/12/25 18:44:41.0938 System windows directory: C:\Windows
2010/12/25 18:44:41.0938 Processor architecture: Intel x86
2010/12/25 18:44:41.0938 Number of processors: 2
2010/12/25 18:44:41.0938 Page size: 0x1000
2010/12/25 18:44:41.0938 Boot type: Normal boot
2010/12/25 18:44:41.0938 ================================================================================
2010/12/25 18:44:42.0525 Initialize success
2010/12/25 18:44:55.0668 ================================================================================
2010/12/25 18:44:55.0668 Scan started
2010/12/25 18:44:55.0668 Mode: Manual;
2010/12/25 18:44:55.0668 ================================================================================
2010/12/25 18:44:59.0901 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/12/25 18:45:00.0029 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/12/25 18:45:00.0194 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/12/25 18:45:00.0264 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/12/25 18:45:00.0331 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/12/25 18:45:00.0636 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/12/25 18:45:00.0708 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/12/25 18:45:00.0999 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/25 18:45:01.0050 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/12/25 18:45:01.0119 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/12/25 18:45:01.0170 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/12/25 18:45:01.0413 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/12/25 18:45:01.0478 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/12/25 18:45:01.0578 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/12/25 18:45:01.0737 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/12/25 18:45:01.0801 ArcSoftKsUFilter (6b3ab8f67b37402a4174caa45002903e) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
2010/12/25 18:45:01.0858 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/25 18:45:01.0924 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/12/25 18:45:02.0165 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/25 18:45:02.0247 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/12/25 18:45:02.0327 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/25 18:45:02.0400 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/25 18:45:02.0619 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/25 18:45:02.0704 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/25 18:45:02.0865 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/25 18:45:03.0140 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/25 18:45:03.0268 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/25 18:45:03.0406 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/12/25 18:45:03.0680 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/25 18:45:03.0770 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2010/12/25 18:45:03.0921 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2010/12/25 18:45:04.0056 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2010/12/25 18:45:04.0162 btwaudio (7f256d9fff384faa40df5db1cb8531d9) C:\Windows\system32\drivers\btwaudio.sys
2010/12/25 18:45:04.0275 btwavdt (d87d990131aaabb27d4046790292366d) C:\Windows\system32\drivers\btwavdt.sys
2010/12/25 18:45:04.0302 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
2010/12/25 18:45:04.0350 btwrchid (e1771c0fb49e747ab2b2d29da50510f9) C:\Windows\system32\DRIVERS\btwrchid.sys
2010/12/25 18:45:04.0462 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/25 18:45:04.0583 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/25 18:45:04.0723 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/12/25 18:45:04.0826 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/12/25 18:45:05.0104 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/25 18:45:05.0230 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/12/25 18:45:05.0339 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/25 18:45:05.0505 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/12/25 18:45:05.0647 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/12/25 18:45:05.0793 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/12/25 18:45:05.0966 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/12/25 18:45:06.0106 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
2010/12/25 18:45:06.0255 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2010/12/25 18:45:06.0390 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2010/12/25 18:45:06.0522 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2010/12/25 18:45:06.0625 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/25 18:45:06.0812 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/25 18:45:06.0935 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/25 18:45:07.0094 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/12/25 18:45:07.0226 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/12/25 18:45:07.0371 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/12/25 18:45:07.0578 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/12/25 18:45:07.0732 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/12/25 18:45:07.0857 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/25 18:45:07.0967 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/25 18:45:08.0039 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/25 18:45:08.0190 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/25 18:45:08.0337 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/12/25 18:45:08.0415 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/25 18:45:08.0571 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/25 18:45:08.0708 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/12/25 18:45:08.0848 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/12/25 18:45:09.0016 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/25 18:45:09.0112 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/25 18:45:09.0219 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/25 18:45:09.0366 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/25 18:45:09.0453 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/12/25 18:45:09.0585 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/12/25 18:45:09.0693 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/12/25 18:45:09.0829 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/12/25 18:45:09.0935 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/12/25 18:45:10.0168 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/12/25 18:45:10.0426 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/25 18:45:10.0553 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/12/25 18:45:10.0711 igfx (62448322731ac1beda52e2b3327046ee) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/25 18:45:10.0925 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/25 18:45:11.0207 IntcAzAudAddService (d729199b204c3fb78c58ff30550d965c) C:\Windows\system32\drivers\RTKVHDA.sys
2010/12/25 18:45:11.0373 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/12/25 18:45:11.0451 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/25 18:45:11.0506 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/25 18:45:11.0607 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/25 18:45:11.0726 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/25 18:45:11.0896 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/25 18:45:11.0988 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/12/25 18:45:12.0097 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/25 18:45:12.0184 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/25 18:45:12.0263 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/25 18:45:12.0338 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/25 18:45:12.0407 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/25 18:45:12.0546 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/25 18:45:12.0656 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/25 18:45:12.0747 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/25 18:45:12.0805 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/25 18:45:12.0900 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/25 18:45:12.0957 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/25 18:45:13.0045 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/12/25 18:45:13.0119 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/12/25 18:45:13.0259 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/12/25 18:45:13.0378 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/25 18:45:13.0502 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/25 18:45:13.0550 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/25 18:45:13.0636 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/25 18:45:13.0722 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/25 18:45:13.0807 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/12/25 18:45:13.0855 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/25 18:45:13.0960 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/25 18:45:14.0080 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/25 18:45:14.0181 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/25 18:45:14.0235 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/25 18:45:14.0289 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/25 18:45:14.0381 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/12/25 18:45:14.0467 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/12/25 18:45:14.0529 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/25 18:45:14.0631 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/25 18:45:14.0753 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/25 18:45:14.0867 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/25 18:45:14.0955 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/25 18:45:15.0091 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/12/25 18:45:15.0153 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/25 18:45:15.0223 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/25 18:45:15.0310 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/12/25 18:45:15.0492 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/25 18:45:15.0759 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/12/25 18:45:15.0828 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/25 18:45:15.0890 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/25 18:45:16.0009 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/25 18:45:16.0079 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/25 18:45:16.0136 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/25 18:45:16.0252 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/25 18:45:16.0407 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2010/12/25 18:45:16.0666 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/25 18:45:16.0773 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/12/25 18:45:16.0820 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/25 18:45:16.0935 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/12/25 18:45:17.0072 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/25 18:45:17.0132 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/25 18:45:17.0186 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/12/25 18:45:17.0260 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/12/25 18:45:17.0400 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/12/25 18:45:17.0598 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/25 18:45:17.0722 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/25 18:45:17.0825 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/12/25 18:45:17.0901 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/25 18:45:17.0995 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/12/25 18:45:18.0065 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/12/25 18:45:18.0173 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/25 18:45:18.0279 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/25 18:45:18.0424 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/25 18:45:18.0491 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/12/25 18:45:18.0657 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/25 18:45:18.0960 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/25 18:45:19.0126 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/12/25 18:45:19.0242 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/25 18:45:19.0301 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/25 18:45:19.0378 R5U870FLx86 (68e04f3944e6f82c64b53f8a8f13fb3a) C:\Windows\system32\Drivers\R5U870FLx86.sys
2010/12/25 18:45:19.0486 R5U870FUx86 (7f1356060d1894b46554a0d8e6f13958) C:\Windows\system32\Drivers\R5U870FUx86.sys
2010/12/25 18:45:19.0582 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/25 18:45:19.0675 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/25 18:45:19.0799 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/25 18:45:19.0934 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/25 18:45:20.0051 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/25 18:45:20.0137 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/25 18:45:20.0247 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/12/25 18:45:20.0324 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/25 18:45:20.0457 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/12/25 18:45:20.0547 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
2010/12/25 18:45:20.0670 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/12/25 18:45:20.0751 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/25 18:45:20.0872 RTL8169 (b7e1c523e2f7787d700766fc78e01f77) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/12/25 18:45:20.0971 s115bus (e1ab463b36a7ef31d8a73a97a9b57afa) C:\Windows\system32\DRIVERS\s115bus.sys
2010/12/25 18:45:21.0066 s115mdfl (e24113fc13b8737c94cf4e3415488c76) C:\Windows\system32\DRIVERS\s115mdfl.sys
2010/12/25 18:45:21.0117 s115mdm (4029e49e7c673aa0670bd206b0af1b5b) C:\Windows\system32\DRIVERS\s115mdm.sys
2010/12/25 18:45:21.0252 s115mgmt (eb02ab4ca8bccecfde236cad8fc6e135) C:\Windows\system32\DRIVERS\s115mgmt.sys
2010/12/25 18:45:21.0351 s115obex (089869db9ffd2ac807fa87fe82ac7761) C:\Windows\system32\DRIVERS\s115obex.sys
2010/12/25 18:45:21.0452 SAVOnAccess (578065889049db1c91fab1acfe2ed108) C:\Windows\system32\DRIVERS\savonaccess.sys
2010/12/25 18:45:21.0540 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/25 18:45:21.0676 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/25 18:45:21.0735 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/25 18:45:21.0793 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/25 18:45:21.0848 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/25 18:45:21.0961 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
2010/12/25 18:45:22.0036 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/12/25 18:45:22.0129 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/25 18:45:22.0295 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/25 18:45:22.0346 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/25 18:45:22.0453 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/12/25 18:45:22.0532 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/12/25 18:45:22.0604 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/12/25 18:45:22.0701 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/12/25 18:45:22.0800 SophosBootDriver (6de03cbac3139d2fd8fba4aab4ac5bd0) C:\Windows\system32\DRIVERS\SophosBootDriver.sys
2010/12/25 18:45:22.0897 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/25 18:45:22.0980 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/12/25 18:45:23.0026 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/25 18:45:23.0070 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/25 18:45:23.0161 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/25 18:45:23.0271 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/25 18:45:23.0374 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/25 18:45:23.0449 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/25 18:45:23.0545 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
2010/12/25 18:45:23.0727 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/12/25 18:45:23.0816 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/25 18:45:23.0881 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/25 18:45:23.0946 TcUsb (07d174a992ab0ea6001f390de1afa27b) C:\Windows\system32\Drivers\tcusb.sys
2010/12/25 18:45:24.0069 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/25 18:45:24.0131 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/25 18:45:24.0236 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/25 18:45:24.0336 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/25 18:45:24.0474 ti21sony (030f439ac1ccda7ac6ce01cc02102045) C:\Windows\system32\drivers\ti21sony.sys
2010/12/25 18:45:24.0602 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/25 18:45:24.0680 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/25 18:45:24.0813 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/25 18:45:24.0884 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/12/25 18:45:24.0997 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/25 18:45:25.0157 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/25 18:45:25.0243 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/12/25 18:45:25.0323 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/25 18:45:25.0396 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/25 18:45:25.0521 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/25 18:45:25.0744 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2010/12/25 18:45:26.0066 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/25 18:45:26.0128 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/25 18:45:26.0260 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/25 18:45:26.0338 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/25 18:45:26.0398 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/12/25 18:45:26.0465 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/25 18:45:26.0542 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/25 18:45:26.0679 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/25 18:45:26.0749 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/25 18:45:26.0848 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/12/25 18:45:26.0951 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/25 18:45:27.0035 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/25 18:45:27.0089 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/12/25 18:45:27.0174 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/12/25 18:45:27.0266 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/12/25 18:45:27.0325 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/25 18:45:27.0416 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/12/25 18:45:27.0535 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/12/25 18:45:27.0633 vpnva (e1f2333a88ec4a5c8ea6be357323b72d) C:\Windows\system32\DRIVERS\vpnva.sys
2010/12/25 18:45:27.0705 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/12/25 18:45:27.0799 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/25 18:45:27.0880 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/25 18:45:27.0918 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/25 18:45:27.0983 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/12/25 18:45:28.0067 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/25 18:45:28.0187 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
2010/12/25 18:45:28.0284 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/12/25 18:45:28.0432 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2010/12/25 18:45:28.0573 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/25 18:45:28.0624 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/25 18:45:28.0749 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/25 18:45:28.0851 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2010/12/25 18:45:28.0954 ================================================================================
2010/12/25 18:45:28.0954 Scan finished
2010/12/25 18:45:28.0954 ================================================================================


and here is the malwarebytes log:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5396

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

12/25/2010 6:59:35 PM
mbam-log-2010-12-25 (18-59-35).txt

Scan type: Quick scan
Objects scanned: 156748
Time elapsed: 7 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Windows\System32\msperf.dll (Trojan.P2P.Agent) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.P2P.Agent) -> Bad: (msperf.dll) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.P2P.Agent) -> Bad: (catnet.dll) Good: () -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\msperf.dll (Trojan.P2P.Agent) -> Delete on reboot.
c:\Windows\System32\catnet.dll (Trojan.P2P.Agent) -> Delete on reboot.
c:\Users\saba\local settings\temporary internet files\Content.IE5\ZMCA72ZE\version[1].dat.dll (Trojan.P2P.Agent) -> Quarantined and deleted successfully.
c:\Users\saba\AppData\Local\Temp\0.25200456946632155.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\saba\AppData\Local\Temp\0.7260181171983374.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

#8 Sabav

Sabav
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 26 December 2010 - 01:54 AM

BTW, I have Sophos AV running on my PC and I enabled it after i finished running malwarebytes, it identified a file (windows/system32/services.exe) as suspicious, but I thought that might have something to do with malwarebytes operation and didn't do anything about it. I ran malwarebytes scan again and it didn't find any infected files, should I assume the services.exe file is safe then?

thanks again,
sabav

#9 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:02:10 PM

Posted 26 December 2010 - 07:27 AM

Hi Sabav,

No problems for the delay, I understand it's holiday seasons :)

Please disable sophos anti-virus before starting this scan.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


#10 Sabav

Sabav
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 26 December 2010 - 03:32 PM

Hello Bleepin' pasta,

I did the scan and a bunch of cookies were identified as low risk and one file was flagged as suspicious. Here is the log: (since the format of the log gets messed up when I paste it here, I'm also attaching the txt file for you to see.

Thanks a lot for all teh help,
sabav

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-12-26 12:27:28
PROTECTIONS: 1
MALWARE: 16
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Sophos Anti-Virus No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\low\saba@trafficmp[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\saba@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\saba@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\low\saba@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\low\saba@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\saba@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\saba@atdmt[3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\saba@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\saba@atdmt[5].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\low\saba@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\low\saba@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\low\saba@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\saba@mediaplex[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\low\saba@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\saba@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\saba@ad.yieldmanager[4].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\saba@ad.yieldmanager[7].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\saba@ad.yieldmanager[8].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\saba@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\saba@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\low\saba@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\low\saba@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\saba@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\low\saba@burstnet[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\low\saba@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\low\saba@ads.pointroll[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\low\saba@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\saba@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\saba@zedo[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No c:\users\saba\appdata\roaming\microsoft\windows\cookies\saba@bluestreak[1].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\program files\sony\vaio media plus\mrspushsrcfilter.ax
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Attached Files



#11 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:02:10 PM

Posted 26 December 2010 - 04:26 PM

Hi Sabav,

How is your computer running?

Are you still getting the redirects?

#12 Sabav

Sabav
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 26 December 2010 - 04:41 PM

Hi Bleepin' pasta,

there are no more redirects! and no other strange activities seem to be going on. Is there anything else I need to be doing?

Thanks so much for your help!

Sabav

#13 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:02:10 PM

Posted 26 December 2010 - 04:51 PM

It's all done! :)


Log looks clean...great job!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

#14 Sabav

Sabav
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 26 December 2010 - 05:40 PM

That;s great! :) Thanks... I installed spywareblaster and ad-aware, but couldn't install spybot because it interfered with Sophos and required that i uninstall it... since my university provides me with Sophos I'd rather keep it, however I would like to know what you think is better.

Thanks,
Saba

#15 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:02:10 PM

Posted 26 December 2010 - 06:38 PM

Hi Sabav,

Keep your antivirus. Spybot is an antimalware tool and having spywareblaster and ad-aware is already enough ;)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users