Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: Addicted2Apples on October 30, 2010, 12:01:05 AM
-
Hello there.
Lately I've experienced some very common google redirect virus issues like some people may have encountered. In addition, sometimes random ads or web pages would automatically open to a new tab while I was browsing a website or didn't do anything like on deviantart. I'm using firefox and have installed the adblock plus plug-in along with checking few other methods I found on google but the issue remains. I also experienced crashes on my windows 7 laptop when I just turned it on.
Anyway, I really appreciate any help I can get. Thank you before hands :)
Here are the logs:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/29/2010 at 10:06 PM
Application Version : 4.45.1000
Core Rules Database Version : 5784
Trace Rules Database Version: 3596
Scan type : Complete Scan
Total Scan Time : 01:19:28
Memory items scanned : 811
Memory threats detected : 0
Registry items scanned : 13686
Registry threats detected : 0
File items scanned : 141713
File threats detected : 5
Adware.Tracking Cookie
C:\Users\Naked_Prince\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Naked_Prince\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Naked_Prince\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Naked_Prince\AppData\Roaming\Microsoft\Windows\Cookies\naked_prince@tacoda[2].txt
C:\Users\Naked_Prince\AppData\Roaming\Microsoft\Windows\Cookies\naked_prince@atwola[1].txt
=================================
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4996
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
10/29/2010 10:19:47 PM
mbam-log-2010-10-29 (22-19-47).txt
Scan type: Quick scan
Objects scanned: 139535
Time elapsed: 5 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{96afbe69-c3b0-4b00-8578-d933d2896ee2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96afbe69-c3b0-4b00-8578-d933d2896ee2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
=================================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:44:30 PM, on 10/29/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\sniper.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100921183926.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13912 bytes
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
Windows 7 on a 64 bit computer leaves me with very few tools to clean your computer, but I'll try to work with what I have. Are you still getting redirects?
***********************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*********************************************
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Under the Custom Scan box paste this in
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
-
Thank you for your reply, Dave. here are the logs. And as for the redirects, things seem to be fine for now but I'm not sure if it's completely solve yet. I'll keep an eye on it. But then do you know how to check to see if the redirect issues been solve?
Sorry I know that I'm not suppose to send attachments but then I can't seem to post the logs for some reason. It kept on saying page cannot be open.
[recovering disk space - old attachment deleted by admin]
-
But then do you know how to check to see if the redirect issues been solve?
I can't see anything in the logs that would indicate that the infection causing redirects is still there. We will know if you get redirected again.
P2P - I see you have P2P software installed on your machine (utorrent). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
*********************************
* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.
:OTL
:otl
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
:COMMANDS
[resethosts]
[purity]
[clearrestorepoints]
[emptytemp]
[start explorer]
* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
*****************************************
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png) icon on your desktop.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png)
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png) button.
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
I have removed uTorrent as you suggested. Thank you for the advice, Dave. I still experienced random ads popping up on a new tab though. And here's another log for OTL; however, upon the start up after my laptop restarted, I experienced a crash and my laptop immediately restart for the second time and it was ok then.
All processes killed
========== OTL ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error: Unable to interpret <[clearrestorepoints]> in the current context!
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Naked_Prince
->Temp folder emptied: 10017 bytes
->Temporary Internet Files folder emptied: 12252585 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 92629777 bytes
->Flash cache emptied: 1050 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 240564 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49353 bytes
RecycleBin emptied: 4860464 bytes
Total Files Cleaned = 105.00 mb
OTL by OldTimer - Version 3.2.17.2 log created on 11032010_195507
Files\Folders moved on Reboot...
C:\Users\Naked_Prince\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Files\Folders moved on Reboot...
C:\Users\Naked_Prince\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
-
ESET scan:
C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EK trojan cleaned by deleting - quarantined
-
In your browser go to Tools, internet options and make sure that the box for "Block pop-up windows" is checked. In IE you'll find it on the Privacy tab. In FireFox it is under the Content tab.
-
I've already checked for those options before and I just double checked again and the pop-up bloc option had already been check
-
Please update and run SAS and MBAM again.
-
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/05/2010 at 11:23 PM
Application Version : 4.45.1000
Core Rules Database Version : 5820
Trace Rules Database Version: 3632
Scan type : Complete Scan
Total Scan Time : 01:00:30
Memory items scanned : 914
Memory threats detected : 0
Registry items scanned : 13678
Registry threats detected : 0
File items scanned : 141887
File threats detected : 14
Adware.Tracking Cookie
C:\Users\Naked_Prince\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Naked_Prince\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Naked_Prince\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Naked_Prince\AppData\Roaming\Microsoft\Windows\Cookies\naked_prince@tacoda[1].txt
C:\Users\Naked_Prince\AppData\Roaming\Microsoft\Windows\Cookies\naked_prince@atwola[1].txt
crackle.com [ C:\Users\Naked_Prince\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\D87LHELQ ]
C:\Users\Naked_Prince\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Naked_Prince\AppData\Roaming\Microsoft\Windows\Cookies\Low\naked_prince@casalemedia[1].txt
C:\Users\Naked_Prince\AppData\Roaming\Microsoft\Windows\Cookies\Low\naked_prince@interclick[2].txt
C:\Users\Naked_Prince\AppData\Roaming\Microsoft\Windows\Cookies\Low\naked_prince@mediafire[2].txt
C:\Users\Naked_Prince\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
Trojan.SVCHost/Fake
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\SVCHOST.EXE
Trojan.Agent/Gen-Fuffan
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\SHELL.EXE
C:\Windows\Prefetch\SHELL.EXE-8A6CD82A.pf
==============================
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5057
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
11/5/2010 11:35:12 PM
mbam-log-2010-11-05 (23-35-12).txt
Scan type: Quick scan
Objects scanned: 140830
Time elapsed: 3 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\stor.cfg (Malware.Trace) -> Quarantined and deleted successfully.
-
* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.
Look through the list and let me know if anything was found infected.
***************************************
Please download ComboFix (http://img7.imageshack.us/img7/4930/combofix.gif) from BleepingComputer.com (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Alternate link: GeeksToGo.com (http://subs.geekstogo.com/ComboFix.exe)
Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here (http://www.bleepingcomputer.com/forums/topic114351.html)
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
sorry for the late reply Dave, there was no detection for mrt.exe. But I can't run combofix because it said incompatible
-
Sorry. I forgot you have a 64 bit machine. Unfortunately, 64 bit machines leaves me with very few tools to check your computer and I've already used most of them. Are you still having problems?
-
I still experienced those random ads showing up on new tabs and now for some reason i can't update my McAfee
-
wait i've solved the Mcaffee problems. the redirect on google seem to have stop though. except for the other issue mention above
-
I forgot. What browser are you using?
-
firefox
-
Please try un-installing and re-installing FireFox.
-
i did that but it didn't work
-
and for some reason my yahoo email got hacked too although im not sure if it's related. and i forgot to mention that i still get google redirect when i was using the IE browser
-
Could you please run the SAS, MBAM and OTL scan again as described in Reply #1 and post the logs.
-
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/17/2010 at 00:25 AM
Application Version : 4.45.1000
Core Rules Database Version : 5873
Trace Rules Database Version: 3685
Scan type : Complete Scan
Total Scan Time : 01:07:42
Memory items scanned : 900
Memory threats detected : 0
Registry items scanned : 13735
Registry threats detected : 0
File items scanned : 134687
File threats detected : 27
Adware.Tracking Cookie
C:\Users\Naked_Prince\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Naked_Prince\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Naked_Prince\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Naked_Prince\AppData\Roaming\Microsoft\Windows\Cookies\naked_prince@tacoda[2].txt
C:\Users\Naked_Prince\AppData\Roaming\Microsoft\Windows\Cookies\naked_prince@atwola[1].txt
statse.webtrendslive.com [ C:\Users\Naked_Prince\AppData\Roaming\Mozilla\Firefox\Profiles\s7zxuqul.default\cookies.sqlite ]
www.free-counter.com [ C:\Users\Naked_Prince\AppData\Roaming\Mozilla\Firefox\Profiles\s7zxuqul.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Naked_Prince\AppData\Roaming\Mozilla\Firefox\Profiles\s7zxuqul.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Naked_Prince\AppData\Roaming\Mozilla\Firefox\Profiles\s7zxuqul.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Naked_Prince\AppData\Roaming\Mozilla\Firefox\Profiles\s7zxuqul.default\cookies.sqlite ]
.apmebf.com [ C:\Users\Naked_Prince\AppData\Roaming\Mozilla\Firefox\Profiles\s7zxuqul.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Naked_Prince\AppData\Roaming\Mozilla\Firefox\Profiles\s7zxuqul.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Naked_Prince\AppData\Roaming\Mozilla\Firefox\Profiles\s7zxuqul.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Naked_Prince\AppData\Roaming\Mozilla\Firefox\Profiles\s7zxuqul.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Naked_Prince\AppData\Roaming\Mozilla\Firefox\Profiles\s7zxuqul.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Naked_Prince\AppData\Roaming\Mozilla\Firefox\Profiles\s7zxuqul.default\cookies.sqlite ]
.2o7.net [ C:\Users\Naked_Prince\AppData\Roaming\Mozilla\Firefox\Profiles\s7zxuqul.default\cookies.sqlite ]
.tripod.com [ C:\Users\Naked_Prince\AppData\Roaming\Mozilla\Firefox\Profiles\s7zxuqul.default\cookies.sqlite ]
s01.flagcounter.com [ C:\Users\Naked_Prince\AppData\Roaming\Mozilla\Firefox\Profiles\s7zxuqul.default\cookies.sqlite ]
.soundclick.com [ C:\Users\Naked_Prince\AppData\Roaming\Mozilla\Firefox\Profiles\s7zxuqul.default\cookies.sqlite ]
.soundclick.com [ C:\Users\Naked_Prince\AppData\Roaming\Mozilla\Firefox\Profiles\s7zxuqul.default\cookies.sqlite ]
.soundclick.com [ C:\Users\Naked_Prince\AppData\Roaming\Mozilla\Firefox\Profiles\s7zxuqul.default\cookies.sqlite ]
.soundclick.com [ C:\Users\Naked_Prince\AppData\Roaming\Mozilla\Firefox\Profiles\s7zxuqul.default\cookies.sqlite ]
.soundclick.com [ C:\Users\Naked_Prince\AppData\Roaming\Mozilla\Firefox\Profiles\s7zxuqul.default\cookies.sqlite ]
.soundclick.com [ C:\Users\Naked_Prince\AppData\Roaming\Mozilla\Firefox\Profiles\s7zxuqul.default\cookies.sqlite ]
.soundclick.com [ C:\Users\Naked_Prince\AppData\Roaming\Mozilla\Firefox\Profiles\s7zxuqul.default\cookies.sqlite ]
*Blocked Russian URL* [ C:\Users\Naked_Prince\AppData\Roaming\Mozilla\Firefox\Profiles\s7zxuqul.default\cookies.sqlite ]
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4866
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
10/17/2010 9:12:32 PM
mbam-log-2010-10-17 (21-12-32).txt
Scan type: Quick scan
Objects scanned: 139017
Time elapsed: 3 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Naked_Prince\AppData\Local\Temp\12E9.tmp.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Naked_Prince\AppData\Local\Temp\1327.tmp.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Naked_Prince\AppData\Local\Temp\6B9.tmp.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
[recovering disk space - old attachment deleted by admin]
-
and for some reason my yahoo email got hacked too although im not sure if it's related. and i forgot to mention that i still get google redirect when i was using the IE browser
What exactly do you mean by email got hacked?
Are your google redirects always to the same site?
- Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
-
like someone used my email and sent a link to the people in my contact list. I was being inform by one of the person in my contact list and the google redirects would redirect me to different sites.
2010/11/17 16:31:08.0362 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/17 16:31:08.0362 ================================================================================
2010/11/17 16:31:08.0362 SystemInfo:
2010/11/17 16:31:08.0362
2010/11/17 16:31:08.0362 OS Version: 6.1.7600 ServicePack: 0.0
2010/11/17 16:31:08.0362 Product type: Workstation
2010/11/17 16:31:08.0362 ComputerName: HIBARI
2010/11/17 16:31:08.0363 UserName: Naked_Prince
2010/11/17 16:31:08.0363 Windows directory: C:\Windows
2010/11/17 16:31:08.0363 System windows directory: C:\Windows
2010/11/17 16:31:08.0363 Running under WOW64
2010/11/17 16:31:08.0363 Processor architecture: Intel x64
2010/11/17 16:31:08.0363 Number of processors: 8
2010/11/17 16:31:08.0363 Page size: 0x1000
2010/11/17 16:31:08.0363 Boot type: Normal boot
2010/11/17 16:31:08.0363 ================================================================================
2010/11/17 16:31:08.0364 Utility is running under WOW64
2010/11/17 16:31:08.0717 Initialize success
2010/11/17 16:31:12.0163 ================================================================================
2010/11/17 16:31:12.0163 Scan started
2010/11/17 16:31:12.0163 Mode: Manual;
2010/11/17 16:31:12.0163 ================================================================================
2010/11/17 16:31:13.0706 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/11/17 16:31:13.0756 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys
2010/11/17 16:31:13.0834 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/11/17 16:31:13.0879 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/11/17 16:31:13.0955 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/11/17 16:31:14.0001 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/11/17 16:31:14.0038 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/11/17 16:31:14.0127 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/11/17 16:31:14.0184 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/11/17 16:31:14.0246 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/11/17 16:31:14.0295 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/11/17 16:31:14.0347 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/11/17 16:31:14.0387 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/11/17 16:31:14.0443 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/11/17 16:31:14.0491 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/11/17 16:31:14.0534 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/11/17 16:31:14.0581 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/11/17 16:31:14.0647 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/11/17 16:31:14.0674 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/11/17 16:31:14.0726 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/17 16:31:14.0768 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/11/17 16:31:14.0819 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
2010/11/17 16:31:15.0024 atikmdag (b5fb227a09a9ec28163fa4b45487c3c7) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/17 16:31:15.0320 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/11/17 16:31:15.0379 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/11/17 16:31:15.0424 BCM42RLY (5c0f919666954885d7760dffe4b29a25) C:\Windows\system32\drivers\BCM42RLY.sys
2010/11/17 16:31:15.0553 BCM43XX (bab887a2b2786310a966881f074f4a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
2010/11/17 16:31:15.0713 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/11/17 16:31:15.0789 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/11/17 16:31:15.0853 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/17 16:31:15.0907 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/11/17 16:31:15.0938 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/11/17 16:31:15.0988 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\system32\DRIVERS\BrSerId.sys
2010/11/17 16:31:16.0015 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/11/17 16:31:16.0061 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/11/17 16:31:16.0099 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\DRIVERS\BrUsbSer.sys
2010/11/17 16:31:16.0142 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/11/17 16:31:16.0216 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/17 16:31:16.0286 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/17 16:31:16.0367 cfwids (e02c9cdb15f13de4eb2ff67660e62317) C:\Windows\system32\drivers\cfwids.sys
2010/11/17 16:31:16.0444 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/11/17 16:31:16.0520 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/11/17 16:31:16.0609 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/17 16:31:16.0652 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/11/17 16:31:16.0701 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/11/17 16:31:16.0746 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/17 16:31:16.0799 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/11/17 16:31:16.0848 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/11/17 16:31:16.0915 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2010/11/17 16:31:16.0991 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/11/17 16:31:17.0018 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/11/17 16:31:17.0068 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/11/17 16:31:17.0162 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/11/17 16:31:17.0227 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/17 16:31:17.0387 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/11/17 16:31:17.0594 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/11/17 16:31:17.0642 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/11/17 16:31:17.0706 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/11/17 16:31:17.0741 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/11/17 16:31:17.0823 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/17 16:31:17.0876 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/11/17 16:31:17.0899 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/11/17 16:31:17.0925 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/17 16:31:17.0980 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/11/17 16:31:18.0022 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/11/17 16:31:18.0054 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/17 16:31:18.0114 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/11/17 16:31:18.0191 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/11/17 16:31:18.0231 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/11/17 16:31:18.0283 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/11/17 16:31:18.0318 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/17 16:31:18.0359 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2010/11/17 16:31:18.0533 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/11/17 16:31:18.0672 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/11/17 16:31:18.0886 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/11/17 16:31:19.0090 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/17 16:31:19.0160 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/11/17 16:31:19.0229 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/11/17 16:31:19.0283 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/11/17 16:31:19.0338 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/17 16:31:19.0402 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/11/17 16:31:19.0471 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/11/17 16:31:19.0544 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/11/17 16:31:19.0574 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/17 16:31:19.0620 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/17 16:31:19.0672 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/11/17 16:31:19.0709 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/11/17 16:31:19.0775 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/11/17 16:31:19.0840 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/11/17 16:31:19.0895 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/17 16:31:19.0946 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/17 16:31:19.0996 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/17 16:31:20.0040 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/17 16:31:20.0236 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/11/17 16:31:20.0366 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/11/17 16:31:20.0428 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/17 16:31:20.0493 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/11/17 16:31:20.0554 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/11/17 16:31:20.0590 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/11/17 16:31:20.0619 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/11/17 16:31:20.0662 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/11/17 16:31:20.0779 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/11/17 16:31:20.0836 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/11/17 16:31:20.0897 mfeapfk (c1556ca9695fcd6bbd23d75d402fd43d) C:\Windows\system32\drivers\mfeapfk.sys
2010/11/17 16:31:20.0944 mfeavfk (8857ee8b49f3338fc1fad476bfcca146) C:\Windows\system32\drivers\mfeavfk.sys
2010/11/17 16:31:21.0097 mfefirek (19c44295f6bf085c83352d48397f7870) C:\Windows\system32\drivers\mfefirek.sys
2010/11/17 16:31:21.0204 mfehidk (5f915e20ab56121c41c6bf9a91a83bda) C:\Windows\system32\drivers\mfehidk.sys
2010/11/17 16:31:21.0307 mfenlfk (23ae332e32ff615ca5e5224c8d91af11) C:\Windows\system32\DRIVERS\mfenlfk.sys
2010/11/17 16:31:21.0367 mferkdet (9c7a9273e345f8d653394b5c542bf86a) C:\Windows\system32\drivers\mferkdet.sys
2010/11/17 16:31:21.0475 mfewfpk (3140b2c56d7119ba314f68fc785683f0) C:\Windows\system32\drivers\mfewfpk.sys
2010/11/17 16:31:21.0575 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/11/17 16:31:21.0614 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/17 16:31:21.0682 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/17 16:31:21.0730 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/17 16:31:21.0787 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/11/17 16:31:21.0830 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/11/17 16:31:21.0855 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/17 16:31:21.0896 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/11/17 16:31:21.0941 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/17 16:31:22.0030 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/17 16:31:22.0080 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/17 16:31:22.0149 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
2010/11/17 16:31:22.0226 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/11/17 16:31:22.0272 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/11/17 16:31:22.0304 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/11/17 16:31:22.0345 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/11/17 16:31:22.0412 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/17 16:31:22.0459 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/17 16:31:22.0491 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/11/17 16:31:22.0539 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/11/17 16:31:22.0615 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/17 16:31:22.0639 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/11/17 16:31:22.0674 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/11/17 16:31:22.0724 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/11/17 16:31:22.0784 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/17 16:31:22.0862 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/11/17 16:31:22.0922 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/11/17 16:31:22.0980 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/17 16:31:23.0007 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/17 16:31:23.0038 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/17 16:31:23.0085 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/11/17 16:31:23.0117 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/17 16:31:23.0153 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/17 16:31:23.0212 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/11/17 16:31:23.0254 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/11/17 16:31:23.0273 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/17 16:31:23.0351 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/11/17 16:31:23.0418 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/11/17 16:31:23.0467 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/11/17 16:31:23.0507 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/11/17 16:31:23.0561 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/11/17 16:31:23.0619 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/17 16:31:23.0689 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/11/17 16:31:23.0723 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/11/17 16:31:23.0772 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/11/17 16:31:23.0806 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/11/17 16:31:23.0841 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/11/17 16:31:23.0883 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/11/17 16:31:23.0919 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/11/17 16:31:24.0034 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/17 16:31:24.0077 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/11/17 16:31:24.0136 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/17 16:31:24.0183 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
2010/11/17 16:31:24.0304 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/11/17 16:31:24.0367 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/11/17 16:31:24.0405 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/17 16:31:24.0468 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/17 16:31:24.0524 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/11/17 16:31:24.0566 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/17 16:31:24.0607 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/17 16:31:24.0632 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/11/17 16:31:24.0661 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/17 16:31:24.0696 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/11/17 16:31:24.0741 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/17 16:31:24.0779 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/17 16:31:24.0803 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/11/17 16:31:24.0839 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/11/17 16:31:24.0879 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/11/17 16:31:24.0936 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
2010/11/17 16:31:25.0017 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys
2010/11/17 16:31:25.0080 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
2010/11/17 16:31:25.0138 risdpcie (a6da2b0c8f5bb3f9f5423cff8d6a02d9) C:\Windows\system32\DRIVERS\risdpe64.sys
2010/11/17 16:31:25.0190 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
2010/11/17 16:31:25.0247 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys
2010/11/17 16:31:25.0443 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/17 16:31:25.0518 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
2010/11/17 16:31:25.0681 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2010/11/17 16:31:25.0742 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2010/11/17 16:31:25.0792 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/11/17 16:31:25.0819 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/11/17 16:31:25.0900 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/11/17 16:31:25.0966 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/11/17 16:31:26.0027 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/11/17 16:31:26.0080 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/11/17 16:31:26.0156 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/11/17 16:31:26.0188 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/11/17 16:31:26.0216 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/11/17 16:31:26.0270 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/11/17 16:31:26.0333 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/11/17 16:31:26.0363 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/11/17 16:31:26.0411 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/11/17 16:31:26.0456 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/11/17 16:31:26.0530 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2010/11/17 16:31:26.0650 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/17 16:31:26.0725 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/17 16:31:26.0826 stdflt (c48e0745d33897c7a73394214f2b9b4f) C:\Windows\system32\DRIVERS\stdflt.sys
2010/11/17 16:31:26.0898 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/11/17 16:31:26.0958 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys
2010/11/17 16:31:27.0028 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/17 16:31:27.0089 SynTP (639b57dc871be4b86283027faf1f4e30) C:\Windows\system32\DRIVERS\SynTP.sys
2010/11/17 16:31:27.0223 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/11/17 16:31:27.0403 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/17 16:31:27.0450 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/17 16:31:27.0483 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/11/17 16:31:27.0508 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/11/17 16:31:27.0549 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/17 16:31:27.0587 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/17 16:31:27.0642 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/17 16:31:27.0701 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/17 16:31:27.0766 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
2010/11/17 16:31:27.0839 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/11/17 16:31:27.0889 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/17 16:31:27.0988 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/11/17 16:31:28.0041 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/17 16:31:28.0085 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/11/17 16:31:28.0152 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2010/11/17 16:31:28.0253 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/17 16:31:28.0310 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/11/17 16:31:28.0369 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/17 16:31:28.0469 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/17 16:31:28.0551 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/11/17 16:31:28.0593 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/17 16:31:28.0646 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2010/11/17 16:31:28.0689 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/17 16:31:28.0741 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/17 16:31:28.0809 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
2010/11/17 16:31:28.0908 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/11/17 16:31:28.0979 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/17 16:31:29.0018 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/11/17 16:31:29.0047 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/11/17 16:31:29.0089 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/11/17 16:31:29.0124 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/11/17 16:31:29.0160 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/11/17 16:31:29.0196 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/11/17 16:31:29.0265 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/11/17 16:31:29.0324 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2010/11/17 16:31:29.0370 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2010/11/17 16:31:29.0439 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/11/17 16:31:29.0512 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/17 16:31:29.0537 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/17 16:31:29.0592 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/11/17 16:31:29.0662 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/17 16:31:29.0796 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/11/17 16:31:29.0849 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
2010/11/17 16:31:29.0933 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/11/17 16:31:30.0014 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/11/17 16:31:30.0130 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/11/17 16:31:30.0198 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/17 16:31:30.0250 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
2010/11/17 16:31:30.0338 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/17 16:31:30.0586 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/17 16:31:30.0590 ================================================================================
2010/11/17 16:31:30.0590 Scan finished
2010/11/17 16:31:30.0590 ================================================================================
2010/11/17 16:31:30.0601 Detected object count: 1
2010/11/17 16:32:32.0851 \HardDisk0 - will be cured after reboot
2010/11/17 16:32:32.0851 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/11/17 16:32:49.0948 Deinitialize success
-
Ok. Let's run this scan to see if all the rootkits are gone.
Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
- Click NO
- In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
- Now click the Scan button.
- Once the scan is complete, you may receive another notice about rootkit activity.
- Click OK.
- GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
- Save it where you can easily find it, such as your desktop.
-
When I run the program, i think it started running like you said but then after nothing happen after that. Then I clicked scan and after it finished there was no log showing up.
-
When I run the program, i think it started running like you said but then after nothing happen after that. Then I clicked scan and after it finished there was no log showing up.
You can try looking on your C drive for the log or do a search for *.txt This will show all the txt files on your computer.
If you can't find it, we'll try another tool.
-
i can't find the log. and it seems that the popup is gone since the rookit was removed with GMER scan :)
-
Ok. Please run the ESET scan again as recommended in Reply # 3
-
there isnt any threats found on ESET scan so there's no export log option
-
Ok. How's your computer running now?
-
it goes back to normal now. no more redirect or ads. thank you very much dave
-
That good. It's time for some cleanup.
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
- Click the CleanUp button.
- Select Yes when the "Begin cleanup Process?" prompt appears.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
******************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***************************************
To set a new Restore Point.
Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
********************************************
Some information about third-party firewalls.
Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.
Remember only install ONE firewall
1) Comodo Personal Firewall (http://www.majorgeeks.com/Comodo_Personal_Firewall_d5033.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor (http://www.majorgeeks.com/Online_Armor_Free_d4872.html)
3) Agnitum Outpost (http://www.majorgeeks.com/Outpost_Firewall_Free_d1056.html)
4) PC Tools Firewall Plus (http://www.majorgeeks.com/PC_Tools_Firewall_Plus_d5470.html)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
**********************************************
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
So should I keep both the Superantimalware and MBAM or just one of them and download the Spybot-search and destroy?
And which of the firewall would you most recommend? :D Comodo personal firewall?
-
So should I keep both the Superantimalware and MBAM or just one of them and download the Spybot-search and destroy?
Yes. It wouldn't hurt to run their scans every so often to keep the bugs out.
And which of the firewall would you most recommend? Comodo personal firewall?
I'm running Comodo now. It takes a bit of getting used but after a while you don't know it's even there. It's the price you pay for being secure.
-
thanks for answering my questions. I have one more question if you don't mind answering. Is the spywareblaster and spybot have similar function? Do I need to have both of them?
-
They target different malware.
-
ok got it. thanks a lot for your help again :D