Solved Google redirect issue

[Mercy20]

So for the last week or so my google links have been randomly redirecting me to different search engines and the like.

I've read the 8 steps and have included my malware and dds logs. If I can ever get gmer to work I'll post that as well.

 

[Broni]

Regarding GMER...

If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

 

[Mercy20]

Finally was able to save the gmer log I got it to run without issues, but everytime I tried to save the file my machine completely froze up. Anyway, only scanned the E drive as that's my boot. If you want an entire system scan, let me know.

 

[Broni]

Very good

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Mercy20]

Here is the log from my first combofix run. Thanks for your help.

 

[Broni]

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
When it is done, a log file should be created on your C: drive called TDSSKiller.txt please copy and paste the contents of that file here.

 

[Mercy20]

23:05:54:531 4004 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
23:05:54:531 4004 ================================================================================
23:05:54:531 4004 SystemInfo:

23:05:54:531 4004 OS Version: 5.1.2600 ServicePack: 3.0
23:05:54:531 4004 Product type: Workstation
23:05:54:531 4004 ComputerName: SHQN1
23:05:54:531 4004 UserName: Shelly
23:05:54:531 4004 Windows directory: E:\WINDOWS
23:05:54:531 4004 Processor architecture: Intel x86
23:05:54:531 4004 Number of processors: 2
23:05:54:531 4004 Page size: 0x1000
23:05:54:531 4004 Boot type: Normal boot
23:05:54:531 4004 ================================================================================
23:05:55:046 4004 Initialize success
23:05:55:046 4004
23:05:55:046 4004 Scanning Services ...
23:05:55:109 4004 Raw services enum returned 343 services
23:05:55:109 4004
23:05:55:109 4004 Scanning Drivers ...
23:05:55:625 4004 ACPI (8fd99680a539792a30e97944fdaecf17) E:\WINDOWS\system32\DRIVERS\ACPI.sys
23:05:55:671 4004 ACPIEC (9859c0f6936e723e4892d7141b1327d5) E:\WINDOWS\system32\drivers\ACPIEC.sys
23:05:55:703 4004 aec (8bed39e3c35d6a489438b8141717a557) E:\WINDOWS\system32\drivers\aec.sys
23:05:55:750 4004 AFD (7e775010ef291da96ad17ca4b17137d7) E:\WINDOWS\System32\drivers\afd.sys
23:05:55:828 4004 AmdK8 (59301936898ae62245a6f09c0aba9475) E:\WINDOWS\system32\DRIVERS\AmdK8.sys
23:05:55:859 4004 Arp1394 (b5b8a80875c1dededa8b02765642c32f) E:\WINDOWS\system32\DRIVERS\arp1394.sys
23:05:55:890 4004 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) E:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:05:55:921 4004 atapi (9f3a2f5aa6875c72bf062c712cfa2674) E:\WINDOWS\system32\DRIVERS\atapi.sys
23:05:56:031 4004 ati2mtag (8763ede3e0cd40f5c3450571ac57f205) E:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:05:56:156 4004 Atmarpc (9916c1225104ba14794209cfa8012159) E:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:05:56:203 4004 audstub (d9f724aa26c010a217c97606b160ed68) E:\WINDOWS\system32\DRIVERS\audstub.sys
23:05:56:250 4004 AvgLdx86 (9c0a7e6d3cb9a8a7ad4e4575d9a42e94) E:\WINDOWS\System32\Drivers\avgldx86.sys
23:05:56:296 4004 AvgMfx86 (53b3f979930a786a614d29cafe99f645) E:\WINDOWS\System32\Drivers\avgmfx86.sys
23:05:56:343 4004 AvgTdiX (6e11bbc8dc5af836adc9c5f682fa3186) E:\WINDOWS\System32\Drivers\avgtdix.sys
23:05:56:390 4004 Beep (da1f27d85e0d1525f6621372e7b685e9) E:\WINDOWS\system32\drivers\Beep.sys
23:05:56:453 4004 CamDrL (0f5ca31bb3fdb5c1e63c170cfbecc93b) E:\WINDOWS\system32\DRIVERS\Camdrl.sys
23:05:56:578 4004 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) E:\WINDOWS\system32\drivers\cbidf2k.sys
23:05:56:609 4004 CCDECODE (0be5aef125be881c4f854c554f2b025c) E:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:05:56:687 4004 Cdaudio (c1b486a7658353d33a10cc15211a873b) E:\WINDOWS\system32\drivers\Cdaudio.sys
23:05:56:718 4004 Cdfs (c885b02847f5d2fd45a24e219ed93b32) E:\WINDOWS\system32\drivers\Cdfs.sys
23:05:56:750 4004 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) E:\WINDOWS\system32\DRIVERS\cdrom.sys
23:05:56:796 4004 Disk (044452051f3e02e7963599fc8f4f3e25) E:\WINDOWS\system32\DRIVERS\disk.sys
23:05:56:843 4004 dmboot (d992fe1274bde0f84ad826acae022a41) E:\WINDOWS\system32\drivers\dmboot.sys
23:05:56:921 4004 dmio (7c824cf7bbde77d95c08005717a95f6f) E:\WINDOWS\system32\drivers\dmio.sys
23:05:56:953 4004 dmload (e9317282a63ca4d188c0df5e09c6ac5f) E:\WINDOWS\system32\drivers\dmload.sys
23:05:56:968 4004 DMusic (8a208dfcf89792a484e76c40e5f50b45) E:\WINDOWS\system32\drivers\DMusic.sys
23:05:57:000 4004 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) E:\WINDOWS\system32\drivers\drmkaud.sys
23:05:57:015 4004 Fastfat (38d332a6d56af32635675f132548343e) E:\WINDOWS\system32\drivers\Fastfat.sys
23:05:57:031 4004 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) E:\WINDOWS\system32\DRIVERS\fdc.sys
23:05:57:062 4004 Fips (d45926117eb9fa946a6af572fbe1caa3) E:\WINDOWS\system32\drivers\Fips.sys
23:05:57:078 4004 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) E:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:05:57:109 4004 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) E:\WINDOWS\system32\drivers\fltmgr.sys
23:05:57:156 4004 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) E:\WINDOWS\system32\drivers\Fs_Rec.sys
23:05:57:171 4004 Ftdisk (6ac26732762483366c3969c9e4d2259d) E:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:05:57:203 4004 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) E:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:05:57:234 4004 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) E:\WINDOWS\system32\DRIVERS\msgpc.sys
23:05:57:265 4004 HDAudBus (573c7d0a32852b48f3058cfd8026f511) E:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:05:57:296 4004 hidusb (ccf82c5ec8a7326c3066de870c06daf1) E:\WINDOWS\system32\DRIVERS\hidusb.sys
23:05:57:343 4004 HTTP (f80a415ef82cd06ffaf0d971528ead38) E:\WINDOWS\system32\Drivers\HTTP.sys
23:05:57:390 4004 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) E:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:05:57:406 4004 Imapi (083a052659f5310dd8b6a6cb05edcf8e) E:\WINDOWS\system32\DRIVERS\imapi.sys
23:05:57:578 4004 IntcAzAudAddService (e2c822adacfa7b2e788e675d9309bd18) E:\WINDOWS\system32\drivers\RtkHDAud.sys
23:05:57:640 4004 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) E:\WINDOWS\system32\drivers\ip6fw.sys
23:05:57:671 4004 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) E:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:05:57:718 4004 IpInIp (b87ab476dcf76e72010632b5550955f5) E:\WINDOWS\system32\DRIVERS\ipinip.sys
23:05:57:750 4004 IpNat (cc748ea12c6effde940ee98098bf96bb) E:\WINDOWS\system32\DRIVERS\ipnat.sys
23:05:57:781 4004 IPSec (23c74d75e36e7158768dd63d92789a91) E:\WINDOWS\system32\DRIVERS\ipsec.sys
23:05:57:812 4004 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) E:\WINDOWS\system32\DRIVERS\irenum.sys
23:05:57:828 4004 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) E:\WINDOWS\system32\DRIVERS\isapnp.sys
23:05:57:859 4004 Kbdclass (463c1ec80cd17420a542b7f36a36f128) E:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:05:57:875 4004 kbdhid (9ef487a186dea361aa06913a75b3fa99) E:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:05:57:921 4004 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) E:\WINDOWS\system32\drivers\klmd.sys
23:05:57:968 4004 kmixer (692bcf44383d056aed41b045a323d378) E:\WINDOWS\system32\drivers\kmixer.sys
23:05:58:031 4004 KSecDD (b467646c54cc746128904e1654c750c1) E:\WINDOWS\system32\drivers\KSecDD.sys
23:05:58:078 4004 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) E:\WINDOWS\system32\drivers\libusb0.sys
23:05:58:171 4004 LVcKap (9a3d4fc6b86e7e36473079ab76ac703d) E:\WINDOWS\system32\DRIVERS\LVcKap.sys
23:05:58:265 4004 LVMVDrv (0acbc11f19320af6c19f2e20013d9095) E:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
23:05:58:328 4004 LVUSBSta (be5e104be263921d6842c555db6a5c23) E:\WINDOWS\system32\drivers\LVUSBSta.sys
23:05:58:359 4004 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) E:\WINDOWS\system32\drivers\mnmdd.sys
23:05:58:390 4004 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) E:\WINDOWS\system32\drivers\Modem.sys
23:05:58:453 4004 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) E:\WINDOWS\system32\drivers\Monfilt.sys
23:05:58:562 4004 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) E:\WINDOWS\system32\DRIVERS\mouclass.sys
23:05:58:593 4004 mouhid (b1c303e17fb9d46e87a98e4ba6769685) E:\WINDOWS\system32\DRIVERS\mouhid.sys
23:05:58:609 4004 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) E:\WINDOWS\system32\drivers\MountMgr.sys
23:05:58:640 4004 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) E:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:05:58:687 4004 MRxSmb (f3aefb11abc521122b67095044169e98) E:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:05:58:734 4004 Msfs (c941ea2454ba8350021d774daf0f1027) E:\WINDOWS\system32\drivers\Msfs.sys
23:05:58:765 4004 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) E:\WINDOWS\system32\drivers\MSKSSRV.sys
23:05:58:781 4004 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) E:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:05:58:796 4004 MSPQM (bad59648ba099da4a17680b39730cb3d) E:\WINDOWS\system32\drivers\MSPQM.sys
23:05:58:843 4004 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) E:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:05:58:859 4004 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) E:\WINDOWS\system32\drivers\MSTEE.sys
23:05:58:890 4004 Mup (2f625d11385b1a94360bfc70aaefdee1) E:\WINDOWS\system32\drivers\Mup.sys
23:05:58:921 4004 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:05:58:953 4004 NDIS (1df7f42665c94b825322fae71721130d) E:\WINDOWS\system32\drivers\NDIS.sys
23:05:58:984 4004 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) E:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:05:59:000 4004 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) E:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:05:59:015 4004 Ndisuio (f927a4434c5028758a842943ef1a3849) E:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:05:59:046 4004 NdisWan (edc1531a49c80614b2cfda43ca8659ab) E:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:05:59:062 4004 NDProxy (6215023940cfd3702b46abc304e1d45a) E:\WINDOWS\system32\drivers\NDProxy.sys
23:05:59:093 4004 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) E:\WINDOWS\system32\DRIVERS\netbios.sys
23:05:59:109 4004 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) E:\WINDOWS\system32\DRIVERS\netbt.sys
23:05:59:156 4004 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) E:\WINDOWS\system32\DRIVERS\nic1394.sys
23:05:59:171 4004 nm (1e421a6bcf2203cc61b821ada9de878b) E:\WINDOWS\system32\DRIVERS\NMnt.sys
23:05:59:203 4004 Npfs (3182d64ae053d6fb034f44b6def8034a) E:\WINDOWS\system32\drivers\Npfs.sys
23:05:59:234 4004 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) E:\WINDOWS\system32\drivers\Ntfs.sys
23:05:59:265 4004 Null (73c1e1f395918bc2c6dd67af7591a3ad) E:\WINDOWS\system32\drivers\Null.sys
23:05:59:546 4004 nv (cb0ce8de9f66a297cd86eb98921b8e58) E:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:05:59:921 4004 nvata (5055b03ede11109f6266b39c3244dbcc) E:\WINDOWS\system32\DRIVERS\nvata.sys
23:05:59:921 4004 Suspicious file (Forged): E:\WINDOWS\system32\DRIVERS\nvata.sys. Real md5: 5055b03ede11109f6266b39c3244dbcc, Fake md5: c03e15101f6d9e82cd9b0e7d715f5de3
23:05:59:921 4004 File "E:\WINDOWS\system32\DRIVERS\nvata.sys" infected by TDSS rootkit ... 23:06:00:062 4004 Backup copy found, using it..
23:06:00:093 4004 will be cured on next reboot
23:06:00:109 4004 NVENETFD (b9333604527e02cd2223f200c0bae7e0) E:\WINDOWS\system32\DRIVERS\NVENETFD.sys
23:06:00:140 4004 nvnetbus (5e9e55f7ee644c7c5fd78a206fbe37ab) E:\WINDOWS\system32\DRIVERS\nvnetbus.sys
23:06:00:171 4004 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) E:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:06:00:203 4004 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) E:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:06:00:250 4004 ohci1394 (ca33832df41afb202ee7aeb05145922f) E:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:06:00:281 4004 Parport (5575faf8f97ce5e713d108c2a58d7c7c) E:\WINDOWS\system32\DRIVERS\parport.sys
23:06:00:312 4004 PartMgr (beb3ba25197665d82ec7065b724171c6) E:\WINDOWS\system32\drivers\PartMgr.sys
23:06:00:328 4004 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) E:\WINDOWS\system32\drivers\ParVdm.sys
23:06:00:343 4004 PCI (a219903ccf74233761d92bef471a07b1) E:\WINDOWS\system32\DRIVERS\pci.sys
23:06:00:390 4004 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) E:\WINDOWS\system32\DRIVERS\pciide.sys
23:06:00:421 4004 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) E:\WINDOWS\system32\drivers\Pcmcia.sys
23:06:00:484 4004 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) E:\WINDOWS\system32\DRIVERS\raspptp.sys
23:06:00:515 4004 Processor (a32bebaf723557681bfc6bd93e98bd26) E:\WINDOWS\system32\DRIVERS\processr.sys
23:06:00:531 4004 PSched (09298ec810b07e5d582cb3a3f9255424) E:\WINDOWS\system32\DRIVERS\psched.sys
23:06:00:562 4004 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) E:\WINDOWS\system32\DRIVERS\ptilink.sys
23:06:00:609 4004 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) E:\WINDOWS\system32\Drivers\PxHelp20.sys
23:06:00:656 4004 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) E:\WINDOWS\system32\DRIVERS\rasacd.sys
23:06:00:687 4004 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) E:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:06:00:718 4004 RasPppoe (5bc962f2654137c9909c3d4603587dee) E:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:06:00:734 4004 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) E:\WINDOWS\system32\DRIVERS\raspti.sys
23:06:00:765 4004 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) E:\WINDOWS\system32\DRIVERS\rdbss.sys
23:06:00:796 4004 RDPCDD (4912d5b403614ce99c28420f75353332) E:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:06:00:812 4004 rdpdr (15cabd0f7c00c47c70124907916af3f1) E:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:06:00:843 4004 RDPWD (6728e45b66f93c08f11de2e316fc70dd) E:\WINDOWS\system32\drivers\RDPWD.sys
23:06:00:875 4004 redbook (f828dd7e1419b6653894a8f97a0094c5) E:\WINDOWS\system32\DRIVERS\redbook.sys
23:06:00:906 4004 Secdrv (90a3935d05b494a5a39d37e71f09a677) E:\WINDOWS\system32\DRIVERS\secdrv.sys
23:06:00:921 4004 serenum (0f29512ccd6bead730039fb4bd2c85ce) E:\WINDOWS\system32\DRIVERS\serenum.sys
23:06:00:937 4004 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) E:\WINDOWS\system32\DRIVERS\serial.sys
23:06:00:968 4004 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) E:\WINDOWS\system32\drivers\Sfloppy.sys
23:06:01:015 4004 SLIP (866d538ebe33709a5c9f5c62b73b7d14) E:\WINDOWS\system32\DRIVERS\SLIP.sys
23:06:01:031 4004 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) E:\WINDOWS\system32\drivers\splitter.sys
23:06:01:046 4004 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) E:\WINDOWS\system32\DRIVERS\sr.sys
23:06:01:109 4004 Srv (89220b427890aa1dffd1a02648ae51c3) E:\WINDOWS\system32\DRIVERS\srv.sys
23:06:01:203 4004 streamip (77813007ba6265c4b6098187e6ed79d2) E:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:06:01:218 4004 swenum (3941d127aef12e93addf6fe6ee027e0f) E:\WINDOWS\system32\DRIVERS\swenum.sys
23:06:01:234 4004 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) E:\WINDOWS\system32\drivers\swmidi.sys
23:06:01:265 4004 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) E:\WINDOWS\system32\drivers\sysaudio.sys
23:06:01:312 4004 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) E:\WINDOWS\system32\DRIVERS\tcpip.sys
23:06:01:343 4004 TDPIPE (6471a66807f5e104e4885f5b67349397) E:\WINDOWS\system32\drivers\TDPIPE.sys
23:06:01:375 4004 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) E:\WINDOWS\system32\drivers\TDTCP.sys
23:06:01:390 4004 TermDD (88155247177638048422893737429d9e) E:\WINDOWS\system32\DRIVERS\termdd.sys
23:06:01:421 4004 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) E:\WINDOWS\system32\drivers\Udfs.sys
23:06:01:484 4004 Update (402ddc88356b1bac0ee3dd1580c76a31) E:\WINDOWS\system32\DRIVERS\update.sys
23:06:01:531 4004 usbaudio (e919708db44ed8543a7c017953148330) E:\WINDOWS\system32\drivers\usbaudio.sys
23:06:01:562 4004 usbccgp (173f317ce0db8e21322e71b7e60a27e8) E:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:06:01:578 4004 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) E:\WINDOWS\system32\DRIVERS\usbehci.sys
23:06:01:593 4004 usbhub (1ab3cdde553b6e064d2e754efe20285c) E:\WINDOWS\system32\DRIVERS\usbhub.sys
23:06:01:625 4004 usbohci (0daecce65366ea32b162f85f07c6753b) E:\WINDOWS\system32\DRIVERS\usbohci.sys
23:06:01:656 4004 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) E:\WINDOWS\system32\DRIVERS\usbscan.sys
23:06:01:687 4004 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:06:01:703 4004 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) E:\WINDOWS\System32\drivers\vga.sys
23:06:01:734 4004 VolSnap (4c8fcb5cc53aab716d810740fe59d025) E:\WINDOWS\system32\drivers\VolSnap.sys
23:06:01:781 4004 Wanarp (e20b95baedb550f32dd489265c1da1f6) E:\WINDOWS\system32\DRIVERS\wanarp.sys
23:06:01:796 4004 wdmaud (6768acf64b18196494413695f0c3a00f) E:\WINDOWS\system32\drivers\wdmaud.sys
23:06:01:843 4004 WSTCODEC (c98b39829c2bbd34e454150633c62c78) E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:06:01:859 4004 Reboot required for cure complete..
23:06:01:875 4004 Cure on reboot scheduled successfully
23:06:01:875 4004
23:06:01:875 4004 Completed
23:06:01:875 4004
23:06:01:875 4004 Results:
23:06:01:875 4004 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
23:06:01:875 4004 File objects infected / cured / cured on reboot: 1 / 0 / 1
23:06:01:875 4004
23:06:01:875 4004 KLMD(ARK) unloaded successfully

 

[Mercy20]

Well for some reason it keeps saying a mod has to approve my post so I guess it'll show up when that occurs.

 

[Mercy20]

Sorry, attached the wrong file.

 

[Broni]

I got it. Hold on...

 

[Broni]

Very good
How is redirection issue?

Delete your GMER file, download fresh one and give me new log.

 

[Mercy20]

Redirects appear to have stopped. Downloading new GMER file. Getting new log could take a bit, but keep your fingers crossed

 

[Broni]

No problem

 

[Mercy20]

Ha. No issues getting this log. Just takes a while to scan my drive, apparently.

 

[Broni]

Looks good

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

=======================================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Mercy20]

Both files exceeded the character limit so I've attached them instead.

 

[Broni]

Verify your Java version here: http://www.java.com/en/download/installed.jsp
Update, if necessary.
Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista/7).

=====================================================================

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.


2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

• Spyware, Adware, Dialers, and other potentially dangerous programs
  [*] Archives
  [*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

 

[Mercy20]

This will likely take some time so I am going to let it run while I head off to bed. I'll post the log in the morning.

 

[Broni]

No problem
Wake up!....LOL

 

[Mercy20]

Good morning!

Here is the results of the online Kaspersky scan.

 

[Broni]

As you can see from Kaspersky's scan, you have some bad files in your Outlook Express mail.
Since I don't want to delete whole folders and mess up your mail, I suggest, you empty Deleted Items and Deleted Items folders, then be careful with dealing with a mail already in your inbox, especially, if any attachment is involved.

Now...

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

when done...


Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run defrag at your convenience.

8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

9. Please, let me know, how is your computer doing.

 

[Mercy20]

I'll have to check, but I think the outlook folders on my C drive are a leftover from an old install and can probably be deleted without causing any problems. Thank you so much for all your assistance

 

[Broni]

and can probably be deleted without causing any problems

Very well. You can do it manually.
How is computer doing?

 

[Mercy20]

Seems to be feeling much, much better and no more annoying redirects.

Not sure which step fixed it but thank you for all your assistance

 

[Broni]

Yes!!

Good luck and stay safe