Solved Google redirect is back

[Broni]

Go ahead.

I still need TDSSKiller log.

 

[Shambo9]

2011/06/26 15:36:05.0982 22604 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/26 15:36:06.0549 22604 ================================================================================
2011/06/26 15:36:06.0550 22604 SystemInfo:
2011/06/26 15:36:06.0550 22604
2011/06/26 15:36:06.0550 22604 OS Version: 6.0.6001 ServicePack: 1.0
2011/06/26 15:36:06.0550 22604 Product type: Workstation
2011/06/26 15:36:06.0550 22604 ComputerName: THOMAS-PC
2011/06/26 15:36:06.0551 22604 UserName: thomas
2011/06/26 15:36:06.0551 22604 Windows directory: C:\Windows
2011/06/26 15:36:06.0551 22604 System windows directory: C:\Windows
2011/06/26 15:36:06.0551 22604 Processor architecture: Intel x86
2011/06/26 15:36:06.0551 22604 Number of processors: 2
2011/06/26 15:36:06.0551 22604 Page size: 0x1000
2011/06/26 15:36:06.0551 22604 Boot type: Normal boot
2011/06/26 15:36:06.0551 22604 ================================================================================
2011/06/26 15:36:08.0324 22604 Initialize success
2011/06/26 15:36:33.0710 23264 ================================================================================
2011/06/26 15:36:33.0710 23264 Scan started
2011/06/26 15:36:33.0710 23264 Mode: Manual;
2011/06/26 15:36:33.0710 23264 ================================================================================
2011/06/26 15:36:37.0119 23264 18968181 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\Windows\system32\DRIVERS\18968181.sys
2011/06/26 15:36:37.0205 23264 18968182 (a305fad3719c5db0c13d1c2bfd08a04d) C:\Windows\system32\DRIVERS\18968182.sys
2011/06/26 15:36:37.0316 23264 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/06/26 15:36:37.0404 23264 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/06/26 15:36:37.0507 23264 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/06/26 15:36:37.0615 23264 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/06/26 15:36:37.0684 23264 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/06/26 15:36:37.0776 23264 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
2011/06/26 15:36:37.0953 23264 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/06/26 15:36:38.0080 23264 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/06/26 15:36:38.0137 23264 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/26 15:36:38.0202 23264 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/06/26 15:36:38.0254 23264 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/06/26 15:36:38.0303 23264 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/06/26 15:36:38.0409 23264 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/06/26 15:36:38.0458 23264 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/06/26 15:36:38.0664 23264 appliand (05eda44c080ebaf758f8a318488ffd75) C:\Windows\system32\DRIVERS\appliand.sys
2011/06/26 15:36:38.0696 23264 appliandMP (05eda44c080ebaf758f8a318488ffd75) C:\Windows\system32\DRIVERS\appliand.sys
2011/06/26 15:36:38.0772 23264 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/06/26 15:36:38.0824 23264 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/06/26 15:36:38.0971 23264 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/26 15:36:39.0010 23264 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2011/06/26 15:36:39.0148 23264 athr (8899bbd6740fefbdffd38eb88693dd26) C:\Windows\system32\DRIVERS\athr.sys
2011/06/26 15:36:39.0399 23264 atikmdag (a2b6478963451a99c28da8133b648142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/26 15:36:39.0619 23264 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/06/26 15:36:39.0704 23264 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/06/26 15:36:39.0768 23264 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/06/26 15:36:39.0894 23264 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/26 15:36:39.0967 23264 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/06/26 15:36:40.0091 23264 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/26 15:36:40.0212 23264 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/26 15:36:40.0265 23264 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/26 15:36:40.0331 23264 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/26 15:36:40.0381 23264 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/26 15:36:40.0430 23264 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/26 15:36:40.0549 23264 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/26 15:36:40.0599 23264 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/26 15:36:40.0883 23264 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/26 15:36:40.0932 23264 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/26 15:36:41.0235 23264 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/06/26 15:36:41.0327 23264 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/06/26 15:36:41.0465 23264 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/26 15:36:41.0539 23264 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/06/26 15:36:41.0599 23264 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/26 15:36:41.0661 23264 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/06/26 15:36:41.0715 23264 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/06/26 15:36:41.0908 23264 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
2011/06/26 15:36:42.0006 23264 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/06/26 15:36:42.0143 23264 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/26 15:36:42.0285 23264 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/26 15:36:42.0399 23264 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/26 15:36:42.0473 23264 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/06/26 15:36:42.0639 23264 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/06/26 15:36:42.0747 23264 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/06/26 15:36:42.0883 23264 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/06/26 15:36:43.0022 23264 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/06/26 15:36:43.0103 23264 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/26 15:36:43.0217 23264 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/26 15:36:43.0303 23264 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/26 15:36:43.0377 23264 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/26 15:36:43.0454 23264 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/06/26 15:36:43.0514 23264 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/26 15:36:43.0624 23264 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
2011/06/26 15:36:43.0686 23264 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/26 15:36:43.0775 23264 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/06/26 15:36:43.0914 23264 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/06/26 15:36:43.0986 23264 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/26 15:36:44.0071 23264 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/26 15:36:44.0269 23264 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/26 15:36:44.0367 23264 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/26 15:36:44.0465 23264 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/26 15:36:44.0585 23264 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/06/26 15:36:44.0671 23264 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/06/26 15:36:44.0772 23264 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/06/26 15:36:44.0828 23264 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/26 15:36:44.0934 23264 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/06/26 15:36:45.0083 23264 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/26 15:36:45.0339 23264 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/26 15:36:45.0514 23264 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/26 15:36:45.0583 23264 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/26 15:36:45.0650 23264 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/26 15:36:45.0765 23264 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/26 15:36:45.0862 23264 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/26 15:36:45.0968 23264 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/26 15:36:46.0025 23264 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/06/26 15:36:46.0127 23264 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/26 15:36:46.0225 23264 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/26 15:36:46.0287 23264 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/26 15:36:46.0387 23264 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
2011/06/26 15:36:46.0457 23264 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/26 15:36:46.0508 23264 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/06/26 15:36:46.0620 23264 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
2011/06/26 15:36:46.0700 23264 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
2011/06/26 15:36:46.0776 23264 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/26 15:36:46.0939 23264 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/26 15:36:47.0073 23264 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/26 15:36:47.0124 23264 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/26 15:36:47.0223 23264 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/26 15:36:47.0310 23264 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/26 15:36:47.0378 23264 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/06/26 15:36:47.0496 23264 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/06/26 15:36:47.0680 23264 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/26 15:36:47.0782 23264 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/26 15:36:47.0818 23264 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/26 15:36:47.0888 23264 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/26 15:36:47.0940 23264 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/26 15:36:48.0056 23264 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/06/26 15:36:48.0106 23264 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/26 15:36:48.0171 23264 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/26 15:36:48.0229 23264 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/06/26 15:36:48.0361 23264 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/26 15:36:48.0494 23264 mrxsmb10 (cf6e972f8e0d0f2970360a17572b366b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/26 15:36:48.0558 23264 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/26 15:36:48.0659 23264 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/06/26 15:36:48.0715 23264 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/06/26 15:36:48.0812 23264 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/26 15:36:48.0917 23264 msisadrv (1e00b9b8601f24a96ad71a7d0fc5f136) C:\Windows\system32\drivers\msisadrv.sys
2011/06/26 15:36:49.0001 23264 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/26 15:36:49.0064 23264 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/26 15:36:49.0109 23264 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/26 15:36:49.0218 23264 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/06/26 15:36:49.0298 23264 mssmbios (215634cf935b696e3ebca813d02e9165) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/26 15:36:49.0342 23264 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/26 15:36:49.0389 23264 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/06/26 15:36:49.0499 23264 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/26 15:36:49.0570 23264 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/06/26 15:36:49.0673 23264 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/26 15:36:49.0712 23264 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/26 15:36:49.0774 23264 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/26 15:36:49.0821 23264 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/26 15:36:49.0915 23264 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/26 15:36:50.0072 23264 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/26 15:36:50.0309 23264 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/26 15:36:50.0416 23264 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/06/26 15:36:50.0486 23264 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/26 15:36:50.0627 23264 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/06/26 15:36:50.0762 23264 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/26 15:36:50.0823 23264 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/26 15:36:50.0902 23264 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/06/26 15:36:51.0013 23264 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/06/26 15:36:51.0084 23264 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/06/26 15:36:51.0250 23264 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/06/26 15:36:51.0444 23264 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/26 15:36:51.0517 23264 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/06/26 15:36:51.0572 23264 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/26 15:36:51.0643 23264 pci (eca39351296d905baa4fa3244c152b00) C:\Windows\system32\drivers\pci.sys
2011/06/26 15:36:51.0728 23264 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/06/26 15:36:51.0790 23264 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/26 15:36:51.0893 23264 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/26 15:36:52.0285 23264 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/26 15:36:52.0371 23264 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/06/26 15:36:52.0460 23264 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/26 15:36:52.0621 23264 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/06/26 15:36:52.0696 23264 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/26 15:36:52.0774 23264 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/06/26 15:36:52.0925 23264 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/26 15:36:52.0989 23264 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/26 15:36:53.0040 23264 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/26 15:36:53.0166 23264 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/26 15:36:53.0270 23264 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/26 15:36:53.0317 23264 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/26 15:36:53.0447 23264 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/26 15:36:53.0491 23264 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/26 15:36:53.0578 23264 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/06/26 15:36:53.0695 23264 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/26 15:36:53.0770 23264 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/06/26 15:36:53.0970 23264 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/26 15:36:54.0017 23264 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/06/26 15:36:54.0077 23264 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
2011/06/26 15:36:54.0146 23264 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/26 15:36:54.0295 23264 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
2011/06/26 15:36:54.0396 23264 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/26 15:36:54.0502 23264 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/26 15:36:54.0551 23264 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/26 15:36:54.0663 23264 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/26 15:36:54.0800 23264 setup_9.0.0.722_25.06.2011_03-02drv (64d93ec1218765498c40619427a85a91) C:\Windows\system32\DRIVERS\1896818.sys
2011/06/26 15:36:54.0919 23264 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/06/26 15:36:55.0042 23264 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/26 15:36:55.0114 23264 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/26 15:36:55.0172 23264 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/26 15:36:55.0310 23264 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/06/26 15:36:55.0411 23264 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/06/26 15:36:55.0489 23264 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/06/26 15:36:55.0640 23264 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/06/26 15:36:55.0736 23264 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/26 15:36:55.0904 23264 spvads (32984933252f171f5ac5b79701a4d91b) C:\Windows\system32\drivers\spvads.sys
2011/06/26 15:36:56.0023 23264 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/06/26 15:36:56.0103 23264 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/26 15:36:56.0215 23264 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/26 15:36:56.0330 23264 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/06/26 15:36:56.0473 23264 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys
2011/06/26 15:36:56.0599 23264 swenum (97e089971a6aba49ad5592bd6298e416) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/26 15:36:56.0709 23264 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/26 15:36:56.0768 23264 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/26 15:36:56.0835 23264 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/26 15:36:56.0961 23264 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/26 15:36:57.0153 23264 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/06/26 15:36:57.0330 23264 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/26 15:36:57.0443 23264 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/26 15:36:57.0526 23264 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/06/26 15:36:57.0576 23264 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/26 15:36:57.0691 23264 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/26 15:36:57.0759 23264 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/26 15:36:57.0809 23264 TermDD (718b2f4355cd8eb2844741addac0e622) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/26 15:36:57.0960 23264 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
2011/06/26 15:36:58.0157 23264 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/26 15:36:58.0227 23264 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/26 15:36:58.0331 23264 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/26 15:36:58.0460 23264 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/06/26 15:36:58.0532 23264 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/06/26 15:36:58.0589 23264 udfs (c985b36e127ea9b8a92396120bff52d8) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/26 15:36:58.0769 23264 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/26 15:36:58.0823 23264 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/06/26 15:36:58.0888 23264 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/26 15:36:59.0002 23264 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/26 15:36:59.0054 23264 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/26 15:36:59.0145 23264 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/26 15:36:59.0248 23264 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/26 15:36:59.0342 23264 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/26 15:36:59.0392 23264 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/26 15:36:59.0499 23264 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/26 15:36:59.0542 23264 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/26 15:36:59.0601 23264 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/06/26 15:36:59.0663 23264 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/26 15:36:59.0787 23264 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/26 15:36:59.0852 23264 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/26 15:36:59.0914 23264 UVCFTR (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS
2011/06/26 15:37:00.0064 23264 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/26 15:37:00.0115 23264 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/26 15:37:00.0171 23264 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/06/26 15:37:00.0220 23264 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/06/26 15:37:00.0334 23264 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/06/26 15:37:00.0398 23264 volmgr (bdd98bbe7323fc0975a26373d8050471) C:\Windows\system32\drivers\volmgr.sys
2011/06/26 15:37:00.0471 23264 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/06/26 15:37:00.0552 23264 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/06/26 15:37:00.0666 23264 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/06/26 15:37:00.0796 23264 wacmoumonitor (026d58e9d7701f6b26b0b499f1705334) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
2011/06/26 15:37:00.0852 23264 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/06/26 15:37:00.0968 23264 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/26 15:37:01.0048 23264 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/06/26 15:37:01.0097 23264 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/26 15:37:01.0137 23264 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/26 15:37:01.0279 23264 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/06/26 15:37:01.0376 23264 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/26 15:37:01.0705 23264 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/26 15:37:01.0845 23264 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/26 15:37:02.0036 23264 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/26 15:37:02.0142 23264 MBR (0x1B8) (ef1fb3fbba60e54cf5e5a0c96abf6c5b) \Device\Harddisk0\DR0
2011/06/26 15:37:02.0155 23264 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/26 15:37:02.0156 23264 ================================================================================
2011/06/26 15:37:02.0156 23264 Scan finished
2011/06/26 15:37:02.0156 23264 ================================================================================
2011/06/26 15:37:02.0213 23336 Detected object count: 1
2011/06/26 15:37:02.0213 23336 Actual detected object count: 1
2011/06/26 15:37:18.0646 23336 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/26 15:37:18.0647 23336 \Device\Harddisk0\DR0 - ok
2011/06/26 15:37:18.0653 23336 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/26 15:37:26.0827 26616 Deinitialize success

 

[Broni]

How is redirection?

 

[Shambo9]

Redirection is gone. Also no more pop ups as far as I can tell....Also, is this normal (screenshot attached)? Can I delete all those "bronis"?

ALSO, I keep getting a notification in my taskbar, it says "Windows blocked some programs." I tried clicking it but only an error window pops up. How do I get rid of this thing?

 

[Broni]

We'll run couple more scans, but.....if I see you downloading anything (except for my stuff) before we're done here, I'll close this topic.

Update MBAM, post fresh log.

Delete your Combofix file, download fresh one and post new log.

 

[Shambo9]

The redirects are actually still happening, but very rarely. (Stopzilla and stuff like that)

 

[Shambo9]

Malwarebytes log for now, Combofix coming soon

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6955

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

6/26/2011 5:03:00 PM
mbam-log-2011-06-26 (17-03-00).txt

Scan type: Quick scan
Objects scanned: 180223
Time elapsed: 18 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cleanddm (Trojan.Qhost.CD) -> Value: cleanddm -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Shambo9]

Combofix still closes out when it starts the actual scan. It creates the system restore point just fine, waits for a few minutes, then shuts off. Is there anything besides Avira that I should be disabling?

 

[Broni]

What do you mean by "Stopzilla and stuff like that"?

Run Combofix from safe mode.

 

[Shambo9]

The redirects I've been encountering are for Stopzilla and yellowpages.com

 

[Broni]

Go ahead with Combofix in safe mode.

 

[Shambo9]

I think we're getting somewhere, but this is what happens (attached screenies)

 

[Broni]

Leave it running.

 

[Shambo9]

Its been stuck on that screenshot for half an hour now. How long should I keep it running?

 

[Broni]

Stop it and try again.

 

[Shambo9]

It's now gone back to shutting off a few minutes after "System is now scanning". Sorry.

 

[Broni]

Re-run TDSSKiller.

 

[Shambo9]

I ran TDSSKiller. Nothing found. I tried rkill and this is what the log said:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 06/27/2011 at 19:11:44.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:

C:\Windows\System32\rundll32.exe
.exe


Rkill completed on 06/27/2011 at 19:11:47.

 

[Broni]

Delete your Combofix file.
Download this one: HERE
I renamed it already (broni.com).

Restart in Safe Mode.
Run rKill first, then broni.com

 

[Shambo9]

Same results.

One new thing I notice...it says Avira might interfere but it's not even running (not that I know of). I don't see it in task manager either. What shall I do?

 

[Broni]

Explain "same result".

 

[Shambo9]

It says "Access Denied. Administrator privileges are needed to use the selected options. use an administrator prompt to complete these tasks."

After that, it says it's going to scan and it can take 10 minutes. It stays there for a while and then closes itself after a minute or two.

 

[Broni]

Is the redirection still gone?

 

[Shambo9]

Seemingly, yes

 

[Broni]

Good
We won't worry about Combofix then.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.