rgcsupt#6 Posted March 14, 2011 ID:399944 Share Posted March 14, 2011 I've got the same Google redirect problem I see many others have had. I've read the "I'm infected" sticky, but I can't get Malware bytes to update (Step One) so I'm posting here. Please help! Link to post Share on other sites More sharing options...
LDTate Posted March 15, 2011 ID:400257 Share Posted March 15, 2011 Please don't attach the scans / logs from these scans, use "copy/paste".DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.Vista and Windows 7 users:1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator")Stay with this topic until I give you the all clean post.You might want to print these instructions out.Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.Please download ATF Cleaner by Atribune.Download - ATF Cleaner Link to post Share on other sites More sharing options...
rgcsupt#6 Posted March 15, 2011 Author ID:400321 Share Posted March 15, 2011 Thanks for the help!Computer running fine. Haven't tried Google again yet.Here is the log--2011/03/15 13:15:24.0953 0644 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:282011/03/15 13:15:26.0578 0644 ================================================================================2011/03/15 13:15:26.0578 0644 SystemInfo:2011/03/15 13:15:26.0578 0644 2011/03/15 13:15:26.0578 0644 OS Version: 5.1.2600 ServicePack: 3.02011/03/15 13:15:26.0578 0644 Product type: Workstation2011/03/15 13:15:26.0578 0644 ComputerName: WRIGHT2011/03/15 13:15:26.0578 0644 UserName: WrightWoodall2011/03/15 13:15:26.0578 0644 Windows directory: C:\WINDOWS2011/03/15 13:15:26.0578 0644 System windows directory: C:\WINDOWS2011/03/15 13:15:26.0578 0644 Processor architecture: Intel x862011/03/15 13:15:26.0578 0644 Number of processors: 22011/03/15 13:15:26.0578 0644 Page size: 0x10002011/03/15 13:15:26.0578 0644 Boot type: Normal boot2011/03/15 13:15:26.0578 0644 ================================================================================2011/03/15 13:15:26.0921 0644 Initialize success2011/03/15 13:16:08.0843 4964 ================================================================================2011/03/15 13:16:08.0843 4964 Scan started2011/03/15 13:16:08.0843 4964 Mode: Manual; 2011/03/15 13:16:08.0843 4964 ================================================================================2011/03/15 13:16:10.0562 4964 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys2011/03/15 13:16:10.0796 4964 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS2011/03/15 13:16:10.0843 4964 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys2011/03/15 13:16:10.0875 4964 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys2011/03/15 13:16:11.0062 4964 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys2011/03/15 13:16:11.0140 4964 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys2011/03/15 13:16:11.0250 4964 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys2011/03/15 13:16:11.0265 4964 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys2011/03/15 13:16:11.0328 4964 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys2011/03/15 13:16:11.0343 4964 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys2011/03/15 13:16:11.0375 4964 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys2011/03/15 13:16:11.0390 4964 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys2011/03/15 13:16:11.0453 4964 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys2011/03/15 13:16:11.0484 4964 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys2011/03/15 13:16:11.0500 4964 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys2011/03/15 13:16:11.0531 4964 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys2011/03/15 13:16:11.0593 4964 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys2011/03/15 13:16:11.0687 4964 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS2011/03/15 13:16:11.0796 4964 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys2011/03/15 13:16:11.0859 4964 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys2011/03/15 13:16:11.0890 4964 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys2011/03/15 13:16:11.0906 4964 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys2011/03/15 13:16:12.0000 4964 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys2011/03/15 13:16:12.0031 4964 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys2011/03/15 13:16:12.0046 4964 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys2011/03/15 13:16:12.0093 4964 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys2011/03/15 13:16:12.0187 4964 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys2011/03/15 13:16:12.0250 4964 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys2011/03/15 13:16:12.0328 4964 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys2011/03/15 13:16:12.0375 4964 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys2011/03/15 13:16:12.0406 4964 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys2011/03/15 13:16:12.0562 4964 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys2011/03/15 13:16:12.0640 4964 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys2011/03/15 13:16:12.0703 4964 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys2011/03/15 13:16:12.0734 4964 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys2011/03/15 13:16:12.0750 4964 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys2011/03/15 13:16:12.0781 4964 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys2011/03/15 13:16:12.0843 4964 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys2011/03/15 13:16:12.0875 4964 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys2011/03/15 13:16:13.0078 4964 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys2011/03/15 13:16:13.0140 4964 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys2011/03/15 13:16:13.0156 4964 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys2011/03/15 13:16:13.0203 4964 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys2011/03/15 13:16:13.0250 4964 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys2011/03/15 13:16:13.0265 4964 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys2011/03/15 13:16:13.0312 4964 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys2011/03/15 13:16:13.0343 4964 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS2011/03/15 13:16:13.0359 4964 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS2011/03/15 13:16:13.0390 4964 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS2011/03/15 13:16:13.0406 4964 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS2011/03/15 13:16:13.0437 4964 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS2011/03/15 13:16:13.0453 4964 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS2011/03/15 13:16:13.0484 4964 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS2011/03/15 13:16:13.0500 4964 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS2011/03/15 13:16:13.0531 4964 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS2011/03/15 13:16:13.0546 4964 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS2011/03/15 13:16:13.0609 4964 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys2011/03/15 13:16:13.0656 4964 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys2011/03/15 13:16:13.0671 4964 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys2011/03/15 13:16:13.0765 4964 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys2011/03/15 13:16:13.0843 4964 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys2011/03/15 13:16:13.0906 4964 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys2011/03/15 13:16:14.0140 4964 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS2011/03/15 13:16:14.0171 4964 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS2011/03/15 13:16:14.0312 4964 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys2011/03/15 13:16:14.0359 4964 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys2011/03/15 13:16:14.0390 4964 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys2011/03/15 13:16:14.0421 4964 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys2011/03/15 13:16:14.0453 4964 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys2011/03/15 13:16:14.0656 4964 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys2011/03/15 13:16:14.0781 4964 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys2011/03/15 13:16:14.0812 4964 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys2011/03/15 13:16:14.0921 4964 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys2011/03/15 13:16:15.0015 4964 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys2011/03/15 13:16:15.0078 4964 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys2011/03/15 13:16:15.0156 4964 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys2011/03/15 13:16:15.0218 4964 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys2011/03/15 13:16:15.0296 4964 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys2011/03/15 13:16:15.0328 4964 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys2011/03/15 13:16:15.0437 4964 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys2011/03/15 13:16:15.0484 4964 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys2011/03/15 13:16:15.0562 4964 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys2011/03/15 13:16:15.0859 4964 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys2011/03/15 13:16:16.0203 4964 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\drivers\iaStor.sys2011/03/15 13:16:16.0312 4964 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys2011/03/15 13:16:16.0390 4964 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys2011/03/15 13:16:16.0625 4964 IntcAzAudAddService (613a2b00da1d4a80de1ec8cfb52c0d89) C:\WINDOWS\system32\drivers\RtkHDAud.sys2011/03/15 13:16:16.0703 4964 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys2011/03/15 13:16:16.0734 4964 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys2011/03/15 13:16:16.0796 4964 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys2011/03/15 13:16:16.0843 4964 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys2011/03/15 13:16:16.0890 4964 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys2011/03/15 13:16:16.0953 4964 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys2011/03/15 13:16:17.0078 4964 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys2011/03/15 13:16:17.0109 4964 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys2011/03/15 13:16:17.0171 4964 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys2011/03/15 13:16:17.0265 4964 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys2011/03/15 13:16:17.0296 4964 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys2011/03/15 13:16:17.0328 4964 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys2011/03/15 13:16:17.0421 4964 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys2011/03/15 13:16:17.0578 4964 MfeAVFK (759fb4ea89c5f5721376f0fd93eeffff) C:\WINDOWS\system32\drivers\MfeAVFK.sys2011/03/15 13:16:17.0609 4964 MfeBOPK (2a01b72670db6cbb7c63ff4222df1eba) C:\WINDOWS\system32\drivers\MfeBOPK.sys2011/03/15 13:16:17.0656 4964 mfehidk (ee2edcc56b581df89380bd6937274fd4) C:\WINDOWS\system32\drivers\mfehidk.sys2011/03/15 13:16:17.0703 4964 MfeRKDK (3babac91072f9767c5a769b23c0567bf) C:\WINDOWS\system32\drivers\MfeRKDK.sys2011/03/15 13:16:17.0750 4964 mfetdik (0ec6776d213aeab2bba901b0d67da6bc) C:\WINDOWS\system32\drivers\mfetdik.sys2011/03/15 13:16:17.0843 4964 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys2011/03/15 13:16:17.0890 4964 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys2011/03/15 13:16:18.0015 4964 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys2011/03/15 13:16:18.0093 4964 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys2011/03/15 13:16:18.0140 4964 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys2011/03/15 13:16:18.0234 4964 MPFP (b53a1134237a49a10352d5dd54bb2a54) C:\WINDOWS\system32\Drivers\Mpfp.sys2011/03/15 13:16:18.0328 4964 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys2011/03/15 13:16:18.0390 4964 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys2011/03/15 13:16:18.0515 4964 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys2011/03/15 13:16:18.0562 4964 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys2011/03/15 13:16:18.0625 4964 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys2011/03/15 13:16:18.0656 4964 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys2011/03/15 13:16:18.0671 4964 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys2011/03/15 13:16:18.0750 4964 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys2011/03/15 13:16:18.0765 4964 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys2011/03/15 13:16:18.0812 4964 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys2011/03/15 13:16:18.0843 4964 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys2011/03/15 13:16:18.0875 4964 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys2011/03/15 13:16:18.0906 4964 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys2011/03/15 13:16:19.0062 4964 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys2011/03/15 13:16:19.0140 4964 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys2011/03/15 13:16:19.0203 4964 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys2011/03/15 13:16:19.0281 4964 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys2011/03/15 13:16:19.0296 4964 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys2011/03/15 13:16:19.0421 4964 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys2011/03/15 13:16:19.0625 4964 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys2011/03/15 13:16:19.0671 4964 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys2011/03/15 13:16:19.0703 4964 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys2011/03/15 13:16:19.0781 4964 O2MDRDR (948aefc4db1e6cc5a8d9fc5740aee392) C:\WINDOWS\system32\DRIVERS\o2media.sys2011/03/15 13:16:19.0875 4964 O2SDRDR (5472c48f44b49f07b16b421899e550f8) C:\WINDOWS\system32\DRIVERS\o2sd.sys2011/03/15 13:16:19.0921 4964 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys2011/03/15 13:16:20.0046 4964 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys2011/03/15 13:16:20.0078 4964 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys2011/03/15 13:16:20.0093 4964 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys2011/03/15 13:16:20.0140 4964 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys2011/03/15 13:16:20.0203 4964 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys2011/03/15 13:16:20.0218 4964 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys2011/03/15 13:16:20.0343 4964 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys2011/03/15 13:16:20.0359 4964 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys2011/03/15 13:16:20.0453 4964 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys2011/03/15 13:16:20.0484 4964 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys2011/03/15 13:16:20.0500 4964 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys2011/03/15 13:16:20.0546 4964 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys2011/03/15 13:16:20.0562 4964 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys2011/03/15 13:16:20.0578 4964 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys2011/03/15 13:16:20.0593 4964 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys2011/03/15 13:16:20.0609 4964 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys2011/03/15 13:16:20.0625 4964 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys2011/03/15 13:16:20.0671 4964 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys2011/03/15 13:16:20.0703 4964 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys2011/03/15 13:16:20.0718 4964 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys2011/03/15 13:16:20.0750 4964 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys2011/03/15 13:16:20.0781 4964 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys2011/03/15 13:16:20.0796 4964 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys2011/03/15 13:16:20.0828 4964 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys2011/03/15 13:16:20.0890 4964 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys2011/03/15 13:16:20.0906 4964 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys2011/03/15 13:16:20.0968 4964 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys2011/03/15 13:16:21.0062 4964 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys2011/03/15 13:16:21.0078 4964 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys2011/03/15 13:16:21.0187 4964 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys2011/03/15 13:16:21.0250 4964 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys2011/03/15 13:16:21.0265 4964 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys2011/03/15 13:16:21.0328 4964 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys2011/03/15 13:16:21.0421 4964 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys2011/03/15 13:16:21.0515 4964 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys2011/03/15 13:16:21.0562 4964 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys2011/03/15 13:16:21.0609 4964 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys2011/03/15 13:16:21.0656 4964 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys2011/03/15 13:16:21.0781 4964 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys2011/03/15 13:16:21.0828 4964 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys2011/03/15 13:16:21.0859 4964 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys2011/03/15 13:16:21.0937 4964 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys2011/03/15 13:16:22.0093 4964 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys2011/03/15 13:16:22.0125 4964 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys2011/03/15 13:16:22.0156 4964 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys2011/03/15 13:16:22.0218 4964 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys2011/03/15 13:16:22.0328 4964 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys2011/03/15 13:16:22.0406 4964 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys2011/03/15 13:16:22.0437 4964 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys2011/03/15 13:16:22.0500 4964 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys2011/03/15 13:16:22.0562 4964 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys2011/03/15 13:16:22.0609 4964 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys2011/03/15 13:16:22.0640 4964 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys2011/03/15 13:16:22.0718 4964 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys2011/03/15 13:16:22.0781 4964 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys2011/03/15 13:16:22.0812 4964 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys2011/03/15 13:16:22.0875 4964 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys2011/03/15 13:16:23.0078 4964 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys2011/03/15 13:16:23.0203 4964 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys2011/03/15 13:16:23.0281 4964 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS2011/03/15 13:16:23.0375 4964 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys2011/03/15 13:16:23.0437 4964 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys2011/03/15 13:16:23.0500 4964 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys2011/03/15 13:16:23.0562 4964 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys2011/03/15 13:16:23.0593 4964 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys2011/03/15 13:16:23.0640 4964 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys2011/03/15 13:16:23.0703 4964 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys2011/03/15 13:16:23.0812 4964 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys2011/03/15 13:16:23.0937 4964 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys2011/03/15 13:16:24.0109 4964 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys2011/03/15 13:16:24.0250 4964 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys2011/03/15 13:16:24.0328 4964 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)2011/03/15 13:16:24.0343 4964 ================================================================================2011/03/15 13:16:24.0343 4964 Scan finished2011/03/15 13:16:24.0343 4964 ================================================================================2011/03/15 13:16:24.0359 4396 Detected object count: 12011/03/15 13:16:46.0531 4396 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot2011/03/15 13:16:46.0531 4396 \HardDisk0 - ok2011/03/15 13:16:46.0531 4396 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/03/15 13:17:27.0484 2152 Deinitialize success Link to post Share on other sites More sharing options...
LDTate Posted March 15, 2011 ID:400325 Share Posted March 15, 2011 Please run it again to make sure the RootKit is gone Link to post Share on other sites More sharing options...
rgcsupt#6 Posted March 15, 2011 Author ID:400327 Share Posted March 15, 2011 It says no infection now. Do you need to see the log? Link to post Share on other sites More sharing options...
LDTate Posted March 15, 2011 ID:400329 Share Posted March 15, 2011 Try Google Link to post Share on other sites More sharing options...
rgcsupt#6 Posted March 15, 2011 Author ID:400332 Share Posted March 15, 2011 Seems to be working now.Thanks again! Link to post Share on other sites More sharing options...
LDTate Posted March 15, 2011 ID:400334 Share Posted March 15, 2011 Good job If you used DeFoggerTo re-enable your Emulation drivers, double click DeFogger to run the tool. The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OKIMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.Your Emulation drivers are now re-enabled.Here's my usual all clean postTo be on the safe side, I would also change all my passwords. This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.Log looks good Make your Internet Explorer more secure - This can be done by following these simple instructions:From within Internet Explorer click on the Tools menu and then click on Options.Click once on the Security tabClick once on the Internet icon so it becomes highlighted.Click once on the Custom Level button.Change the Download signed ActiveX controls to PromptChange the Download unsigned ActiveX controls to DisableChange the Initialize and script ActiveX controls not marked as safe to DisableChange the Installation of desktop items to PromptChange the Launching programs and files in an IFRAME to PromptChange the Navigate sub-frames across different domains to PromptWhen all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button.Next press the Apply button and then the OK to exit the Internet Properties page.[*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week(Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.[*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.Without a firewall your computer is succeptible to being hacked and taken over.I am very serious about this and see it happen almost every day with my clients.Simply using a Firewall in its default configuration can lower your risk greatly.[*] WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:Green to go Yellow for caution Red to stop WOT has an addon available for both Firefox and IE.[*] JAVA Click this link and click on the Free JAVA Download[*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.This will ensure your computer has always the latest security updates available installed on your computer.If there are new updates to install, install them immediately, reboot your computer, and revisit the siteuntil there are no more critical updates.Only run one Anti-Virus and Firewall program.I would suggest you read:PC Safety and Security--What Do I Need?.How to Prevent Malware:The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & ServersMalware Execution PreventionSave yourself the hassle and get protected. Link to post Share on other sites More sharing options...
rgcsupt#6 Posted March 15, 2011 Author ID:400383 Share Posted March 15, 2011 I didn't do anything with DeFogger. Is that something I missed? Link to post Share on other sites More sharing options...
LDTate Posted March 15, 2011 ID:400386 Share Posted March 15, 2011 I didn't do anything with DeFogger. Is that something I missed?Don't worry about it then,You're good to go Link to post Share on other sites More sharing options...
LDTate Posted March 16, 2011 ID:400910 Share Posted March 16, 2011 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts