Malware removal help

[Brian1]

Hey there, I'm new to the forums and I need some help in getting rid of a malware in my computer.

Every time I search something in google and click a link, I get directed to another link. Also, random pop-up tabs

appear when I use firefox/internet explorer once in a while. Tried using malwarebytes but didn't remove it.

Thanks in advance.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4253

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

29/06/2010 9:13:40 PM

mbam-log-2010-06-29 (21-13-40).txt

Scan type: Quick scan

Objects scanned: 141405

Time elapsed: 31 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS.zip

Attach.zip

[Maniac]

Hello Brian1! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

• The process of cleaning your system may take some time, so please be patient.
  
• Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  
• Instructions that I give are for your system only!
  
• If you don't know or can't understand something please ask.
  
• Do not install or uninstall any software or hardware, while work on.
  
• Keep me informed about any changes.
  

Step 1

Please, uninstall the following applications:

1. Adobe Reader 7.0.7 - Korean
   

You can read, how to this here:

• Windows XP
  
• Windows Vista
  
• Windows 7
  

Step 2

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

• Double-click on JavaRa.exe to start the program.
  
• From the drop-down menu, choose English and click on Select.
  
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  
• A logfile will pop up. Please save it to a convenient location and post it back when you reply
  Then look for the following Java folders and if found delete them.
  C:\Program Files\Java
  C:\Program Files\Common Files\Java
  C:\Windows\Sun
  C:\Documents and Settings\All Users\Application Data\Java
  C:\Documents and Settings\All Users\Application Data\Sun\Java
  C:\Documents and Settings\username\Application Data\Java
  C:\Documents and Settings\username\Application Data\Sun\Java
  

Step 3

Please read the following through carefully so that you understand what to do.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  
• Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
  "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  
• If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  
• It may ask you to reboot the computer to complete the process. Allow it to do so.
  
• When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.
  

In your next reply, please include these log(s):

1. JavaRa log
   
2. TDSSKiller log
   

[Brian1]

Hi Borislav, and thanks for helping me.

Here is the contents of the two logs:

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Jun 30 15:54:34 2010

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.

16:01:23:953 3136 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48

16:01:23:953 3136 ================================================================================

16:01:23:953 3136 SystemInfo:

16:01:23:953 3136 OS Version: 5.1.2600 ServicePack: 3.0

16:01:23:953 3136 Product type: Workstation

16:01:23:953 3136 ComputerName: ERIC

16:01:23:953 3136 UserName: EricY

16:01:23:953 3136 Windows directory: C:\WINDOWS

16:01:23:953 3136 Processor architecture: Intel x86

16:01:23:953 3136 Number of processors: 2

16:01:23:953 3136 Page size: 0x1000

16:01:23:953 3136 Boot type: Normal boot

16:01:23:953 3136 ================================================================================

16:01:24:203 3136 Initialize success

16:01:24:203 3136

16:01:24:203 3136 Scanning Services ...

16:01:24:468 3136 Raw services enum returned 330 services

16:01:24:484 3136

16:01:24:484 3136 Scanning Drivers ...

16:01:25:000 3136 ACPI (62222ac54af5f74b73150cd17ec84d7e) C:\WINDOWS\system32\DRIVERS\ACPI.sys

16:01:25:031 3136 ACPIEC (0d77d50de9e4aa8e71fb06cfc303210a) C:\WINDOWS\system32\drivers\ACPIEC.sys

16:01:25:062 3136 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

16:01:25:078 3136 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys

16:01:25:171 3136 ALCXWDM (95aa37bec6c72c277c2caeaee736dd2d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

16:01:25:281 3136 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

16:01:25:281 3136 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

16:01:25:390 3136 ati2mtag (3b23691e9eef04de3364d9271371bbde) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

16:01:25:421 3136 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

16:01:25:437 3136 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

16:01:25:484 3136 AYDrvNT_ALYAC (a09a071352b5d80b8b0f6f0fde2fdd82) C:\Program Files\ESTsoft\ALYac\AYDrvNT.sys

16:01:25:515 3136 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

16:01:25:531 3136 BlueletAudio (04e84c8049ee93614a2ff6d676d1e247) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys

16:01:25:562 3136 BT (d1813668a0117ae05bc0b81c874f91d4) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys

16:01:25:609 3136 Btcsrusb (7304acc25455746912de37d7ded387ed) C:\WINDOWS\system32\Drivers\btcusb.sys

16:01:25:625 3136 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys

16:01:25:656 3136 BTHidEnum (161969d2dd1d39cd2f1edbc60c61fa99) C:\WINDOWS\system32\DRIVERS\vbtenum.sys

16:01:25:671 3136 BTHidMgr (a9164c2a39bd917b9f42ae087560ac3d) C:\WINDOWS\system32\Drivers\BTHidMgr.sys

16:01:25:703 3136 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys

16:01:25:750 3136 BTHPORT (9cc15562f0bebde733c1398062e7961b) C:\WINDOWS\system32\Drivers\BTHport.sys

16:01:25:781 3136 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys

16:01:25:843 3136 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

16:01:25:875 3136 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

16:01:25:890 3136 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

16:01:25:906 3136 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

16:01:25:937 3136 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

16:01:25:953 3136 cdspacex (846942e17efafa85f7ce15aa9a6bd43c) C:\WINDOWS\system32\DRIVERS\CDSPACEX.sys

16:01:25:984 3136 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

16:01:26:015 3136 dmboot (ece84842e5ee6cc72bead0053403b897) C:\WINDOWS\system32\drivers\dmboot.sys

16:01:26:093 3136 dmio (2394686b06896f8d654bf2f7177171d9) C:\WINDOWS\system32\drivers\dmio.sys

16:01:26:109 3136 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

16:01:26:125 3136 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

16:01:26:156 3136 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

16:01:26:187 3136 EAPPkt (efacd8d57a42a93e244a0dbd357e8cb8) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys

16:01:26:203 3136 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

16:01:26:218 3136 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

16:01:26:234 3136 Fips (627e8f9e167d5903764396ae1a2f84d4) C:\WINDOWS\system32\drivers\Fips.sys

16:01:26:234 3136 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

16:01:26:250 3136 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

16:01:26:265 3136 FsVga (7cb1a1f0cb7996f95b35e1bb3be5e3ad) C:\WINDOWS\system32\DRIVERS\fsvga.sys

16:01:26:281 3136 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

16:01:26:281 3136 Ftdisk (869fe1b01ac3bf08555d7a6d7d605aee) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

16:01:26:343 3136 GarenaPEngine (97590bdd20e90546045982f6ea24eb1e) C:\DOCUME~1\EricY\LOCALS~1\Temp\VUV42.tmp

16:01:26:359 3136 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

16:01:26:375 3136 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

16:01:26:390 3136 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

16:01:26:421 3136 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

16:01:26:484 3136 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

16:01:26:515 3136 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

16:01:26:546 3136 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

16:01:26:593 3136 i8042prt (77d9d8ea811fb6ffa58016d91c7e04a1) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

16:01:26:609 3136 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

16:01:26:625 3136 intelppm (75965eaa3974aace20d5d3d822462a19) C:\WINDOWS\system32\DRIVERS\intelppm.sys

16:01:26:656 3136 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

16:01:26:671 3136 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

16:01:26:687 3136 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

16:01:26:703 3136 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

16:01:26:718 3136 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

16:01:26:718 3136 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

16:01:26:734 3136 isapnp (246cdb478268834b0963cd656cfe32b3) C:\WINDOWS\system32\DRIVERS\isapnp.sys

16:01:26:750 3136 Kbdclass (2bd0c11590b8023140ea8368894dabc2) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

16:01:26:781 3136 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys

16:01:26:812 3136 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

16:01:26:812 3136 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys

16:01:26:828 3136 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

16:01:26:843 3136 Modem (62c09b7ef13f1ebbf49061dd16c16ecb) C:\WINDOWS\system32\drivers\Modem.sys

16:01:26:875 3136 Mouclass (a4e8012bff6d6a136833d6b69300635d) C:\WINDOWS\system32\DRIVERS\mouclass.sys

16:01:26:890 3136 mouhid (fe9f5189d425465373850ed362f8e817) C:\WINDOWS\system32\DRIVERS\mouhid.sys

16:01:26:890 3136 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

16:01:26:921 3136 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

16:01:26:953 3136 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

16:01:26:984 3136 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

16:01:27:000 3136 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

16:01:27:000 3136 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

16:01:27:015 3136 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

16:01:27:031 3136 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

16:01:27:078 3136 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

16:01:27:109 3136 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

16:01:27:125 3136 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

16:01:27:140 3136 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

16:01:27:171 3136 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

16:01:27:187 3136 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

16:01:27:203 3136 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

16:01:27:203 3136 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

16:01:27:218 3136 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

16:01:27:234 3136 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

16:01:27:250 3136 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

16:01:27:265 3136 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

16:01:27:281 3136 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

16:01:27:312 3136 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

16:01:27:328 3136 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

16:01:27:343 3136 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

16:01:27:359 3136 Parport (7e85d4423f665309e23158bd32b8a627) C:\WINDOWS\system32\DRIVERS\parport.sys

16:01:27:375 3136 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

16:01:27:390 3136 ParVdm (93868ff47f04e1137ad510eec0955e45) C:\WINDOWS\system32\drivers\ParVdm.sys

16:01:27:406 3136 PCI (62e8238048257d61ea2ba9f0147c3d12) C:\WINDOWS\system32\DRIVERS\pci.sys

16:01:27:421 3136 PCIIde (eeee81c859fe3f1ae769c13adccc12c8) C:\WINDOWS\system32\DRIVERS\pciide.sys

16:01:27:437 3136 Pcmcia (6bc428c74eeab7dca3c953976385122a) C:\WINDOWS\system32\drivers\Pcmcia.sys

16:01:27:500 3136 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

16:01:27:515 3136 Processor (f87595a79fa02bb9a22a2095262f8939) C:\WINDOWS\system32\DRIVERS\processr.sys

16:01:27:531 3136 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

16:01:27:531 3136 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

16:01:27:578 3136 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

16:01:27:578 3136 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

16:01:27:593 3136 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

16:01:27:593 3136 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

16:01:27:625 3136 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

16:01:27:625 3136 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

16:01:27:640 3136 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

16:01:27:671 3136 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

16:01:27:687 3136 redbook (0abecc0a8e9ec33f3da34a5bd72c16bb) C:\WINDOWS\system32\DRIVERS\redbook.sys

16:01:27:718 3136 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys

16:01:27:781 3136 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

16:01:27:812 3136 RTL8023 (31c3ebb3a71fe56b8109bfb4ed20ae69) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys

16:01:27:812 3136 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

16:01:27:828 3136 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

16:01:27:828 3136 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

16:01:27:843 3136 Serial (2defd1c1c9267ae600543b77b2e0444e) C:\WINDOWS\system32\DRIVERS\serial.sys

16:01:27:859 3136 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

16:01:27:890 3136 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

16:01:27:906 3136 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

16:01:27:921 3136 sr (a78063684d515e566611165b96a99c97) C:\WINDOWS\system32\DRIVERS\sr.sys

16:01:27:937 3136 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys

16:01:27:968 3136 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

16:01:27:968 3136 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

16:01:28:000 3136 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

16:01:28:046 3136 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

16:01:28:062 3136 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys

16:01:28:109 3136 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

16:01:28:125 3136 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

16:01:28:140 3136 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

16:01:28:171 3136 TwoRabts (6dc81114c1a1c5b151311da94f7354a1) C:\WINDOWS\system32\DRIVERS\TwoRabts.sys

16:01:28:187 3136 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

16:01:28:234 3136 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

16:01:28:281 3136 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys

16:01:28:328 3136 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

16:01:28:343 3136 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

16:01:28:359 3136 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

16:01:28:375 3136 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

16:01:28:390 3136 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

16:01:28:437 3136 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

16:01:28:453 3136 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

16:01:28:484 3136 VComm (9ebee4a060c5364a31aeaa04eac2af1e) C:\WINDOWS\system32\DRIVERS\VComm.sys

16:01:28:500 3136 VcommMgr (630bbdbf5490f8f57abe650da63661a0) C:\WINDOWS\system32\Drivers\VcommMgr.sys

16:01:28:515 3136 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

16:01:28:546 3136 VolSnap (7bad7611dc326600e36bf8c3e4f8f308) C:\WINDOWS\system32\drivers\VolSnap.sys

16:01:28:578 3136 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

16:01:28:609 3136 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

16:01:28:640 3136 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

16:01:28:656 3136 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

16:01:28:671 3136 XSPACEWG (45f9b87ac4c904fa66c7380681a2bdb6) C:\WINDOWS\System32\drivers\XSpaceWg.sys

16:01:28:671 3136 Suspicious file (Forged): C:\WINDOWS\System32\drivers\XSpaceWg.sys. Real md5: 45f9b87ac4c904fa66c7380681a2bdb6, Fake md5: eda78c752843266e5955da7a94283e89

16:01:28:671 3136 File "C:\WINDOWS\System32\drivers\XSpaceWg.sys" infected by TDSS rootkit ... 16:01:30:156 3136 Backup copy not found, trying to cure infected file..

16:01:30:156 3136 Cure success, using it..

16:01:30:156 3136 will be cured on next reboot

16:01:30:156 3136 Reboot required for cure complete..

16:01:30:406 3136 Cure on reboot scheduled successfully

16:01:30:406 3136

16:01:30:406 3136 Completed

16:01:30:406 3136

16:01:30:406 3136 Results:

16:01:30:406 3136 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

16:01:30:421 3136 File objects infected / cured / cured on reboot: 1 / 0 / 1

16:01:30:421 3136

16:01:30:421 3136 KLMD(ARK) unloaded successfully

[Maniac]

How are things now?

[Brian1]

Hi Borislav,

No pop-ups have come up lately, but I'm not completely sure as it comes up at random. Tried using google searches multiple times and now I don't get

redirected to another link anymore Thanks!

[Maniac]

Hi Borislav,

No pop-ups have come up lately, but I'm not completely sure as it comes up at random. Tried using google searches multiple times and now I don't get

redirected to another link anymore Thanks!

Good work!

Last steps:

Step 1

To enable CD Emulation programs using DeFogger please perform these steps:

1. Please download DeFogger to your desktop.
   
2. Once downloaded, double-click on the DeFogger icon to start the tool.
   
3. The application window will now appear. You should now click on the Enable button to enable your CD Emulation drivers
   
4. When it prompts you whether or not you want to continue, please click on the Yes button to continue
   
5. When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
   
6. If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.
   

Step 2

Please manually delete DDS, GMER, TDSSKiller, Defogger and JavaRa.

Step 3

Please download and install the latest version of Adobe Reader from:

www.adobe.com

About Java:

www.java.com/en

Step 4

Some malware preventions:

http://forums.malwarebytes.org/index.php?showtopic=9365

Safe surfing!

[Brian1]

Thanks a bunch Borislav

[Maniac]

You're welcome!