Jump to content

Redirect virus


Recommended Posts

My web pages are being redirected to some random website or i am getting 500 error, from past few days. I have tried malwarebytes, superantispyware, hitman pro 3.5, avira antivirus, avg and nothing is detecting the virus/malware/trojan or whatever it is.

I tried the basic steps which is posted. I disabled CD-Rom emulation and then downloaded DDS and saved the 2 logs.

When i tried to scan using GMER rootkit scanner, after few minutes i got a blue screen with some text and then the computer restarted. i tried rootkit again this time the system got hung up, i had to switch off the comp and start again.

I have only the DDS and Attach file.

Please help me.

DDS (Ver_10-03-17.01) - NTFSx86

Run by swetha at 20:55:23.68 on Wed 07/21/2010

Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_21

Microsoft

Attach.zip

Link to post
Share on other sites

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows Vista

Version 6.0.6000

Number of processors #2

==============================================

>Drivers

==============================================

0x8B5FC000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6307840 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)

0x81C00000 C:\Windows\system32\ntkrnlpa.exe 3805184 bytes (Microsoft Corporation, NT Kernel & System)

0x81C00000 PnpManager 3805184 bytes

0x81C00000 RAW 3805184 bytes

0x81C00000 WMIxWDM 3805184 bytes

0x8BFD8000 C:\Windows\system32\DRIVERS\NETw4v32.sys 2260992 bytes (Intel Corporation, Intel

Link to post
Share on other sites

swetha,

icon11.gif Please download GooredFixfrom one of the locations below and save it to your desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

icon11.gif Download TDSSKiller and save it to your Desktop.

  • Extract the file and run it.
  • Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)
  • Please post the content of that log TDSSKiller

Please include the following in your next post:

  • GooredFix log
  • TDSSKiller log

Link to post
Share on other sites

GooredFix by jpshortstuff (03.07.10.1)

Log created at 20:27 on 22/07/2010 (swetha)

Firefox version 3.6.6 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [12:29 15/07/2010]

{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [15:08 18/07/2010]

C:\Users\swetha\Application Data\Mozilla\Firefox\Profiles\asopv3ka.default\extensions\

{20a82645-c095-46ed-80e3-08825760534b} [07:15 20/07/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [05:53 19/07/2010]

"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG9\Firefox" [17:57 20/07/2010]

"avg@igeared"="C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared" [17:57 20/07/2010]

-=E.O.F=-

20:31:24:500 6032 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49

20:31:24:500 6032 ================================================================================

20:31:24:500 6032 SystemInfo:

20:31:24:500 6032 OS Version: 6.0.6000 ServicePack: 0.0

20:31:24:500 6032 Product type: Workstation

20:31:24:500 6032 ComputerName: SWETHA-PC

20:31:24:515 6032 UserName: swetha

20:31:24:515 6032 Windows directory: C:\Windows

20:31:24:515 6032 System windows directory: C:\Windows

20:31:24:515 6032 Processor architecture: Intel x86

20:31:24:515 6032 Number of processors: 2

20:31:24:515 6032 Page size: 0x1000

20:31:24:515 6032 Boot type: Normal boot

20:31:24:515 6032 ================================================================================

20:31:24:999 6032 Initialize success

20:31:24:999 6032

20:31:24:999 6032 Scanning Services ...

20:31:25:701 6032 Raw services enum returned 406 services

20:31:25:717 6032

20:31:25:717 6032 Scanning Drivers ...

20:31:26:153 6032 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys

20:31:26:185 6032 ACPIVPC (66aabe301244294c412dfb5797f5f47f) C:\Windows\system32\DRIVERS\AcpiVpc.sys

20:31:26:247 6032 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

20:31:26:387 6032 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

20:31:26:419 6032 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

20:31:26:465 6032 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

20:31:26:606 6032 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys

20:31:26:637 6032 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

20:31:26:653 6032 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

20:31:26:793 6032 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

20:31:26:824 6032 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

20:31:26:840 6032 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

20:31:26:871 6032 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

20:31:26:996 6032 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

20:31:27:027 6032 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

20:31:27:043 6032 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

20:31:27:074 6032 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys

20:31:27:121 6032 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys

20:31:27:292 6032 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys

20:31:27:417 6032 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys

20:31:27:479 6032 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\system32\Drivers\avgtdix.sys

20:31:27:620 6032 b57nd60x (aa6b367ca7da571dfc3374ec137d87a5) C:\Windows\system32\DRIVERS\b57nd60x.sys

20:31:27:667 6032 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys

20:31:27:807 6032 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys

20:31:27:838 6032 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

20:31:27:901 6032 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

20:31:27:963 6032 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

20:31:27:994 6032 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

20:31:28:072 6032 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

20:31:28:119 6032 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

20:31:28:166 6032 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

20:31:28:259 6032 CapFilt (8ad2e8bf80c495c79f8dbf0d5d787a04) C:\Windows\system32\drivers\CapFilt.sys

20:31:28:306 6032 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys

20:31:28:322 6032 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys

20:31:28:353 6032 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

20:31:28:447 6032 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys

20:31:28:509 6032 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys

20:31:28:540 6032 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

20:31:28:603 6032 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys

20:31:28:618 6032 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

20:31:28:649 6032 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

20:31:28:681 6032 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys

20:31:28:727 6032 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys

20:31:28:821 6032 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys

20:31:28:899 6032 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys

20:31:29:024 6032 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

20:31:29:055 6032 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys

20:31:29:086 6032 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

20:31:29:227 6032 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys

20:31:29:258 6032 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

20:31:29:383 6032 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys

20:31:29:414 6032 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys

20:31:29:445 6032 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

20:31:29:570 6032 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys

20:31:29:617 6032 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys

20:31:29:710 6032 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

20:31:29:773 6032 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

20:31:29:804 6032 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys

20:31:29:913 6032 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

20:31:29:944 6032 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

20:31:29:960 6032 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys

20:31:30:069 6032 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

20:31:30:116 6032 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys

20:31:30:256 6032 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

20:31:30:303 6032 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys

20:31:30:381 6032 iaStor (5df93509037399b53d3ecaa8a67b6c58) C:\Windows\system32\DRIVERS\iaStor.sys

20:31:30:443 6032 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

20:31:30:584 6032 igfx (b3bf4555e6bc33b3ade8d7d7c2aa9b39) C:\Windows\system32\DRIVERS\igdkmd32.sys

20:31:30:755 6032 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

20:31:30:849 6032 IntcAzAudAddService (34b8b4a442046e3d5fdd0b17926cf3f1) C:\Windows\system32\drivers\RTKVHDA.sys

20:31:30:989 6032 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys

20:31:31:021 6032 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

20:31:31:130 6032 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:31:31:161 6032 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

20:31:31:208 6032 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys

20:31:31:317 6032 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys

20:31:31:348 6032 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

20:31:31:379 6032 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys

20:31:31:504 6032 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

20:31:31:520 6032 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

20:31:31:567 6032 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys

20:31:31:691 6032 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys

20:31:31:723 6032 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\Windows\system32\drivers\klmd.sys

20:31:31:785 6032 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys

20:31:31:910 6032 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys

20:31:31:957 6032 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

20:31:31:972 6032 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

20:31:32:081 6032 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

20:31:32:113 6032 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys

20:31:32:159 6032 lvvflt (684f18fb4ececd63c82955943b35c180) C:\Windows\system32\DRIVERS\lvvflt.sys

20:31:32:284 6032 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

20:31:32:331 6032 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys

20:31:32:409 6032 MODEMCSA (7e222a1baaa42c8559db2ce8a12ad828) C:\Windows\system32\drivers\MODEMCSA.sys

20:31:32:456 6032 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys

20:31:32:503 6032 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys

20:31:32:581 6032 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys

20:31:32:612 6032 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys

20:31:32:643 6032 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

20:31:32:674 6032 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys

20:31:32:752 6032 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

20:31:32:815 6032 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys

20:31:32:846 6032 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:31:32:908 6032 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:31:32:955 6032 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:31:32:986 6032 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

20:31:33:002 6032 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

20:31:33:080 6032 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys

20:31:33:127 6032 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys

20:31:33:158 6032 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys

20:31:33:205 6032 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys

20:31:33:236 6032 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys

20:31:33:267 6032 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys

20:31:33:298 6032 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys

20:31:33:314 6032 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys

20:31:33:392 6032 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys

20:31:33:423 6032 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys

20:31:33:470 6032 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys

20:31:33:532 6032 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys

20:31:33:610 6032 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys

20:31:33:673 6032 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys

20:31:33:704 6032 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys

20:31:33:782 6032 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys

20:31:33:829 6032 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys

20:31:33:875 6032 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys

20:31:33:985 6032 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys

20:31:34:219 6032 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys

20:31:34:390 6032 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

20:31:34:421 6032 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys

20:31:34:437 6032 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys

20:31:34:609 6032 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys

20:31:34:718 6032 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

20:31:34:733 6032 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys

20:31:34:765 6032 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

20:31:34:811 6032 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

20:31:34:889 6032 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

20:31:34:936 6032 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys

20:31:34:952 6032 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

20:31:34:967 6032 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys

20:31:35:014 6032 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

20:31:35:092 6032 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys

20:31:35:108 6032 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys

20:31:35:123 6032 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

20:31:35:217 6032 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

20:31:35:342 6032 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys

20:31:35:389 6032 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

20:31:35:451 6032 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys

20:31:35:529 6032 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

20:31:35:669 6032 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

20:31:35:716 6032 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys

20:31:35:732 6032 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys

20:31:35:872 6032 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:31:35:903 6032 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys

20:31:35:935 6032 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys

20:31:36:059 6032 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:31:36:075 6032 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

20:31:36:091 6032 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys

20:31:36:122 6032 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys

20:31:36:231 6032 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys

20:31:36:247 6032 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys

20:31:36:278 6032 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys

20:31:36:309 6032 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys

20:31:36:356 6032 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

20:31:36:387 6032 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

20:31:36:481 6032 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

20:31:36:527 6032 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys

20:31:36:559 6032 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

20:31:36:590 6032 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

20:31:36:637 6032 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

20:31:36:730 6032 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys

20:31:36:777 6032 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

20:31:36:808 6032 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

20:31:36:886 6032 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

20:31:36:917 6032 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

20:31:36:949 6032 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

20:31:36:980 6032 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

20:31:37:042 6032 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

20:31:37:105 6032 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys

20:31:37:183 6032 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys

20:31:37:323 6032 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys

20:31:37:385 6032 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys

20:31:37:510 6032 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys

20:31:37:541 6032 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys

20:31:37:573 6032 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys

20:31:37:666 6032 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

20:31:37:697 6032 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

20:31:37:729 6032 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

20:31:37:853 6032 SynTP (760e4f5a1e754bbe4a1bd2a0b54f6aa6) C:\Windows\system32\DRIVERS\SynTP.sys

20:31:37:916 6032 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys

20:31:38:087 6032 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys

20:31:38:228 6032 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys

20:31:38:259 6032 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys

20:31:38:275 6032 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys

20:31:38:399 6032 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys

20:31:38:431 6032 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys

20:31:38:446 6032 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:31:38:571 6032 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys

20:31:38:587 6032 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys

20:31:38:618 6032 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

20:31:38:711 6032 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys

20:31:38:758 6032 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

20:31:38:867 6032 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

20:31:38:914 6032 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

20:31:39:023 6032 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

20:31:39:039 6032 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys

20:31:39:086 6032 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\DRIVERS\usbccgp.sys

20:31:39:195 6032 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

20:31:39:226 6032 usbehci (63fe924d8a1113c3ba6750693fbec7d3) C:\Windows\system32\DRIVERS\usbehci.sys

20:31:39:257 6032 usbhub (5edec5510592c905e91817707dce62a2) C:\Windows\system32\DRIVERS\usbhub.sys

20:31:39:367 6032 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

20:31:39:382 6032 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

20:31:39:429 6032 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:31:39:523 6032 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

20:31:39:554 6032 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys

20:31:39:601 6032 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

20:31:39:694 6032 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys

20:31:39:725 6032 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

20:31:39:757 6032 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

20:31:39:850 6032 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

20:31:39:866 6032 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys

20:31:39:897 6032 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys

20:31:39:944 6032 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys

20:31:40:037 6032 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

20:31:40:069 6032 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

20:31:40:100 6032 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

20:31:40:100 6032 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

20:31:40:209 6032 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

20:31:40:256 6032 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys

20:31:40:381 6032 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

20:31:40:412 6032 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys

20:31:40:443 6032 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:31:40:443 6032

20:31:40:443 6032 Completed

20:31:40:443 6032

20:31:40:443 6032 Results:

20:31:40:443 6032 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

20:31:40:443 6032 File objects infected / cured / cured on reboot: 0 / 0 / 0

20:31:40:443 6032

20:31:40:443 6032 KLMD(ARK) unloaded successfully

Link to post
Share on other sites

swetha,

Not much is showing up in your logs. Are you still having issues with redirects? Are you in India, (I ask because your DNS servers are from New Delhi)? Please run these for me next:

icon11.gif You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

icon11.gif Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

    [*]Click on My Computer under the green Scan bar to the left to start the scan.

    [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    [*]Click View report... at the bottom.

    [*] Click the Save report... button.

    [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Please include the following in your next post:

  • MBAM log
  • Kaspersky log

Link to post
Share on other sites

Hi RPMcMurphy,

Yes I am from India. I still am being redirected to a particular website or i get 500 error, but this is only in the morning my computer works fine at night. I know this is weird but its been more then a week since i have this redirect problem. I even tried connecting to another comp and the same thing happened, so i got both the system reformatted. It was of no use the problems still persists. Initially i found virus like tracking cookies, i had deleted those. why am i still having redirect problem when there are no viruses?Could it be a problem with the router?(I thought it couldn't be a problem network problem since i am being redirected to a particular page.)

Before running Kaspersky online scanner i got this message "The application digital signature has an error. Do you want to run the application"?. I clicked on run after this.

Here are the log files attached,

mbam_log.txt.txt

KasReport.txt

Link to post
Share on other sites

swetha,

Tracking cookies won't cause redirects, but the router is a possibility. I'd suggest doing a hard reset of your router back to the factory settings (if the problem is in your router a simple power cycle or reboot won't do - you have to do a hard reset). Most routers have a tiny hole in the back that you need to stick a pin or paperclip into for several seconds to do the reset. Check your router's documentation, or the manufacturer's web site if you aren't sure. When you set the router back up, be sure to change the default login and password. Let me know how it goes.

Link to post
Share on other sites

Thanks a lot for your time and assistance. Its working fine now. I am not getting 500 error or being redirected to another website now. But my comp has become very slow. Can i delete all the files i have downloaded through this process? Can i re-enable CD-ROM emulation?

I have super anti-spyware, malwrebytes and avg anti-virus, is it ok to have all the three on the system. Any suggestions on how to speed up the system?

Link to post
Share on other sites

swetha,

Great! All that we have left to do is some important cleanup:

icon11.gif To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

icon11.gif Uninstall ComboFix

  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall

Combofix_uninstall_image.jpg

icon11.gif Delete the following tools along with any other logs you saved from our work:

  • DDS
  • GMER
  • Rootkit Unhooker
  • GooredFix
  • TDSSKiller

icon11.gif If your computer still seems sluggish, try running StartUpLight. The program allows you to disable or remove unnecessary startup entries from your computer.

icon11.gif Finally, I'd like to make a couple of suggestions to help you stay clean in the future:

  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application current and updated. Also, hang on to MBAM. Scan with them at least weekly.
  • Avoid using P2P programs. Refer back to my earlier post for more information.
  • Consider running in a limited user account. See this post for more information.
  • Please carefully review the information in our Security - Best Practices and Prevention forum located HERE

Please post once more so I know you are all set and I can close this thread. Good luck and stay safe!

Link to post
Share on other sites

Hi,

I was asked to downloaded GooredFix, TDSSKiller and i ran Kaspersky scan. I don't have ComboFix downloaded. how do i delete these downloaded software?

While re-enabling CD-ROM emulation driver there was no error but i wasn't prompted to reboot the system. I restarted the computer later on. Is it ok?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.