TechSpot

Google redirect issue

By Mercy20
Jun 11, 2010
  1. So for the last week or so my google links have been randomly redirecting me to different search engines and the like.

    I've read the 8 steps and have included my malware and dds logs. If I can ever get gmer to work I'll post that as well.
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Regarding GMER...

    If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.
     
  3. Mercy20

    Mercy20 TS Rookie Topic Starter

    Finally was able to save the gmer log :p I got it to run without issues, but everytime I tried to save the file my machine completely froze up. Anyway, only scanned the E drive as that's my boot. If you want an entire system scan, let me know.
     

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Very good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. Mercy20

    Mercy20 TS Rookie Topic Starter

    Here is the log from my first combofix run. Thanks for your help.
     

    Attached Files:

  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download TDSSKiller and save it to your Desktop.
    Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
    Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

    If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
    When it is done, a log file should be created on your C: drive called TDSSKiller.txt please copy and paste the contents of that file here.
     
  7. Mercy20

    Mercy20 TS Rookie Topic Starter

    23:05:54:531 4004 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
    23:05:54:531 4004 ================================================================================
    23:05:54:531 4004 SystemInfo:

    23:05:54:531 4004 OS Version: 5.1.2600 ServicePack: 3.0
    23:05:54:531 4004 Product type: Workstation
    23:05:54:531 4004 ComputerName: SHQN1
    23:05:54:531 4004 UserName: Shelly
    23:05:54:531 4004 Windows directory: E:\WINDOWS
    23:05:54:531 4004 Processor architecture: Intel x86
    23:05:54:531 4004 Number of processors: 2
    23:05:54:531 4004 Page size: 0x1000
    23:05:54:531 4004 Boot type: Normal boot
    23:05:54:531 4004 ================================================================================
    23:05:55:046 4004 Initialize success
    23:05:55:046 4004
    23:05:55:046 4004 Scanning Services ...
    23:05:55:109 4004 Raw services enum returned 343 services
    23:05:55:109 4004
    23:05:55:109 4004 Scanning Drivers ...
    23:05:55:625 4004 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys
    23:05:55:671 4004 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys
    23:05:55:703 4004 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys
    23:05:55:750 4004 AFD (7e775010ef291da96ad17ca4b17137d7) E:\WINDOWS\System32\drivers\afd.sys
    23:05:55:828 4004 AmdK8 (59301936898ae62245a6f09c0aba9475) E:\WINDOWS\system32\DRIVERS\AmdK8.sys
    23:05:55:859 4004 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys
    23:05:55:890 4004 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys
    23:05:55:921 4004 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys
    23:05:56:031 4004 ati2mtag (8763ede3e0cd40f5c3450571ac57f205) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    23:05:56:156 4004 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys
    23:05:56:203 4004 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys
    23:05:56:250 4004 AvgLdx86 (9c0a7e6d3cb9a8a7ad4e4575d9a42e94) E:\WINDOWS\System32\Drivers\avgldx86.sys
    23:05:56:296 4004 AvgMfx86 (53b3f979930a786a614d29cafe99f645) E:\WINDOWS\System32\Drivers\avgmfx86.sys
    23:05:56:343 4004 AvgTdiX (6e11bbc8dc5af836adc9c5f682fa3186) E:\WINDOWS\System32\Drivers\avgtdix.sys
    23:05:56:390 4004 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys
    23:05:56:453 4004 CamDrL (0f5ca31bb3fdb5c1e63c170cfbecc93b) E:\WINDOWS\system32\DRIVERS\Camdrl.sys
    23:05:56:578 4004 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys
    23:05:56:609 4004 CCDECODE (0be5aef125be881c4f854c554f2b025c) E:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    23:05:56:687 4004 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys
    23:05:56:718 4004 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys
    23:05:56:750 4004 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys
    23:05:56:796 4004 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys
    23:05:56:843 4004 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys
    23:05:56:921 4004 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys
    23:05:56:953 4004 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys
    23:05:56:968 4004 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys
    23:05:57:000 4004 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys
    23:05:57:015 4004 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys
    23:05:57:031 4004 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys
    23:05:57:062 4004 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys
    23:05:57:078 4004 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys
    23:05:57:109 4004 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys
    23:05:57:156 4004 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys
    23:05:57:171 4004 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys
    23:05:57:203 4004 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    23:05:57:234 4004 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys
    23:05:57:265 4004 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    23:05:57:296 4004 hidusb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys
    23:05:57:343 4004 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys
    23:05:57:390 4004 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys
    23:05:57:406 4004 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys
    23:05:57:578 4004 IntcAzAudAddService (e2c822adacfa7b2e788e675d9309bd18) E:\WINDOWS\system32\drivers\RtkHDAud.sys
    23:05:57:640 4004 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys
    23:05:57:671 4004 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    23:05:57:718 4004 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys
    23:05:57:750 4004 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys
    23:05:57:781 4004 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys
    23:05:57:812 4004 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys
    23:05:57:828 4004 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys
    23:05:57:859 4004 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys
    23:05:57:875 4004 kbdhid (9ef487a186dea361aa06913a75b3fa99) E:\WINDOWS\system32\DRIVERS\kbdhid.sys
    23:05:57:921 4004 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) E:\WINDOWS\system32\drivers\klmd.sys
    23:05:57:968 4004 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys
    23:05:58:031 4004 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys
    23:05:58:078 4004 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) E:\WINDOWS\system32\drivers\libusb0.sys
    23:05:58:171 4004 LVcKap (9a3d4fc6b86e7e36473079ab76ac703d) E:\WINDOWS\system32\DRIVERS\LVcKap.sys
    23:05:58:265 4004 LVMVDrv (0acbc11f19320af6c19f2e20013d9095) E:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
    23:05:58:328 4004 LVUSBSta (be5e104be263921d6842c555db6a5c23) E:\WINDOWS\system32\drivers\LVUSBSta.sys
    23:05:58:359 4004 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys
    23:05:58:390 4004 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys
    23:05:58:453 4004 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) E:\WINDOWS\system32\drivers\Monfilt.sys
    23:05:58:562 4004 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys
    23:05:58:593 4004 mouhid (b1c303e17fb9d46e87a98e4ba6769685) E:\WINDOWS\system32\DRIVERS\mouhid.sys
    23:05:58:609 4004 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys
    23:05:58:640 4004 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys
    23:05:58:687 4004 MRxSmb (f3aefb11abc521122b67095044169e98) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    23:05:58:734 4004 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys
    23:05:58:765 4004 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys
    23:05:58:781 4004 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys
    23:05:58:796 4004 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys
    23:05:58:843 4004 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys
    23:05:58:859 4004 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) E:\WINDOWS\system32\drivers\MSTEE.sys
    23:05:58:890 4004 Mup (2f625d11385b1a94360bfc70aaefdee1) E:\WINDOWS\system32\drivers\Mup.sys
    23:05:58:921 4004 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    23:05:58:953 4004 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys
    23:05:58:984 4004 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) E:\WINDOWS\system32\DRIVERS\NdisIP.sys
    23:05:59:000 4004 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys
    23:05:59:015 4004 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys
    23:05:59:046 4004 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys
    23:05:59:062 4004 NDProxy (6215023940cfd3702b46abc304e1d45a) E:\WINDOWS\system32\drivers\NDProxy.sys
    23:05:59:093 4004 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys
    23:05:59:109 4004 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys
    23:05:59:156 4004 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys
    23:05:59:171 4004 nm (1e421a6bcf2203cc61b821ada9de878b) E:\WINDOWS\system32\DRIVERS\NMnt.sys
    23:05:59:203 4004 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys
    23:05:59:234 4004 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys
    23:05:59:265 4004 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys
    23:05:59:546 4004 nv (cb0ce8de9f66a297cd86eb98921b8e58) E:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    23:05:59:921 4004 nvata (5055b03ede11109f6266b39c3244dbcc) E:\WINDOWS\system32\DRIVERS\nvata.sys
    23:05:59:921 4004 Suspicious file (Forged): E:\WINDOWS\system32\DRIVERS\nvata.sys. Real md5: 5055b03ede11109f6266b39c3244dbcc, Fake md5: c03e15101f6d9e82cd9b0e7d715f5de3
    23:05:59:921 4004 File "E:\WINDOWS\system32\DRIVERS\nvata.sys" infected by TDSS rootkit ... 23:06:00:062 4004 Backup copy found, using it..
    23:06:00:093 4004 will be cured on next reboot
    23:06:00:109 4004 NVENETFD (b9333604527e02cd2223f200c0bae7e0) E:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    23:06:00:140 4004 nvnetbus (5e9e55f7ee644c7c5fd78a206fbe37ab) E:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    23:06:00:171 4004 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    23:06:00:203 4004 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    23:06:00:250 4004 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys
    23:06:00:281 4004 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\DRIVERS\parport.sys
    23:06:00:312 4004 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys
    23:06:00:328 4004 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys
    23:06:00:343 4004 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys
    23:06:00:390 4004 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys
    23:06:00:421 4004 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys
    23:06:00:484 4004 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys
    23:06:00:515 4004 Processor (a32bebaf723557681bfc6bd93e98bd26) E:\WINDOWS\system32\DRIVERS\processr.sys
    23:06:00:531 4004 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys
    23:06:00:562 4004 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys
    23:06:00:609 4004 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) E:\WINDOWS\system32\Drivers\PxHelp20.sys
    23:06:00:656 4004 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys
    23:06:00:687 4004 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    23:06:00:718 4004 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys
    23:06:00:734 4004 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys
    23:06:00:765 4004 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys
    23:06:00:796 4004 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    23:06:00:812 4004 rdpdr (15cabd0f7c00c47c70124907916af3f1) E:\WINDOWS\system32\DRIVERS\rdpdr.sys
    23:06:00:843 4004 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys
    23:06:00:875 4004 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys
    23:06:00:906 4004 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys
    23:06:00:921 4004 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys
    23:06:00:937 4004 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys
    23:06:00:968 4004 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys
    23:06:01:015 4004 SLIP (866d538ebe33709a5c9f5c62b73b7d14) E:\WINDOWS\system32\DRIVERS\SLIP.sys
    23:06:01:031 4004 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys
    23:06:01:046 4004 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys
    23:06:01:109 4004 Srv (89220b427890aa1dffd1a02648ae51c3) E:\WINDOWS\system32\DRIVERS\srv.sys
    23:06:01:203 4004 streamip (77813007ba6265c4b6098187e6ed79d2) E:\WINDOWS\system32\DRIVERS\StreamIP.sys
    23:06:01:218 4004 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys
    23:06:01:234 4004 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys
    23:06:01:265 4004 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys
    23:06:01:312 4004 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys
    23:06:01:343 4004 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys
    23:06:01:375 4004 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys
    23:06:01:390 4004 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys
    23:06:01:421 4004 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys
    23:06:01:484 4004 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys
    23:06:01:531 4004 usbaudio (e919708db44ed8543a7c017953148330) E:\WINDOWS\system32\drivers\usbaudio.sys
    23:06:01:562 4004 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys
    23:06:01:578 4004 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys
    23:06:01:593 4004 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys
    23:06:01:625 4004 usbohci (0daecce65366ea32b162f85f07c6753b) E:\WINDOWS\system32\DRIVERS\usbohci.sys
    23:06:01:656 4004 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys
    23:06:01:687 4004 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    23:06:01:703 4004 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys
    23:06:01:734 4004 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys
    23:06:01:781 4004 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys
    23:06:01:796 4004 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys
    23:06:01:843 4004 WSTCODEC (c98b39829c2bbd34e454150633c62c78) E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    23:06:01:859 4004 Reboot required for cure complete..
    23:06:01:875 4004 Cure on reboot scheduled successfully
    23:06:01:875 4004
    23:06:01:875 4004 Completed
    23:06:01:875 4004
    23:06:01:875 4004 Results:
    23:06:01:875 4004 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
    23:06:01:875 4004 File objects infected / cured / cured on reboot: 1 / 0 / 1
    23:06:01:875 4004
    23:06:01:875 4004 KLMD(ARK) unloaded successfully
     
  8. Mercy20

    Mercy20 TS Rookie Topic Starter

    Well for some reason it keeps saying a mod has to approve my post so I guess it'll show up when that occurs.
     
  9. Mercy20

    Mercy20 TS Rookie Topic Starter

    Sorry, attached the wrong file.
     

    Attached Files:

  10. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    I got it. Hold on...
     
  11. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Very good :)
    How is redirection issue?

    Delete your GMER file, download fresh one and give me new log.
     
  12. Mercy20

    Mercy20 TS Rookie Topic Starter

    Redirects appear to have stopped. Downloading new GMER file. Getting new log could take a bit, but keep your fingers crossed :D
     
  13. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    No problem :)
     
  14. Mercy20

    Mercy20 TS Rookie Topic Starter

    Ha. No issues getting this log. Just takes a while to scan my drive, apparently.
     

    Attached Files:

  15. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Looks good :)

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.

    =======================================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  16. Mercy20

    Mercy20 TS Rookie Topic Starter

    Both files exceeded the character limit so I've attached them instead.
     

    Attached Files:

  17. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Verify your Java version here: http://www.java.com/en/download/installed.jsp
    Update, if necessary.
    Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista/7).

    =====================================================================

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
  18. Mercy20

    Mercy20 TS Rookie Topic Starter

    This will likely take some time so I am going to let it run while I head off to bed. I'll post the log in the morning.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    No problem :)
    Wake up!....LOL
     
  20. Mercy20

    Mercy20 TS Rookie Topic Starter

    Good morning!

    :D Here is the results of the online Kaspersky scan.
     

    Attached Files:

  21. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    As you can see from Kaspersky's scan, you have some bad files in your Outlook Express mail.
    Since I don't want to delete whole folders and mess up your mail, I suggest, you empty Deleted Items and Deleted Items folders, then be careful with dealing with a mail already in your inbox, especially, if any attachment is involved.

    Now...

    OTL Clean-Up
    Clean up with OTL:

    * Double-click OTL.exe to start the program.
    * Close all other programs apart from OTL as this step will require a reboot
    * On the OTL main screen, press the CLEANUP button
    * Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    when done...


    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run defrag at your convenience.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Please, let me know, how is your computer doing.
     
  22. Mercy20

    Mercy20 TS Rookie Topic Starter

    I'll have to check, but I think the outlook folders on my C drive are a leftover from an old install and can probably be deleted without causing any problems. Thank you so much for all your assistance :D
     
  23. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Very well. You can do it manually.
    How is computer doing?
     
  24. Mercy20

    Mercy20 TS Rookie Topic Starter

    Seems to be feeling much, much better and no more annoying redirects.

    Not sure which step fixed it but thank you for all your assistance :D
     
  25. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Yes!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...