Solved Search engine results redirected

Hewlett-packard / Hp compaq 6000 pro mt pc
June 14, 2011 at 07:12:28
Specs: Windows XP, 2.792 GHz / 1993 MB

I recently got an antivirus called Antimalware Doctor. After following some online instructions I installed MalwareBytes and ran the program using safe mode and then removed the virus. All future scans have revealed a clean system.

The problem I am having is anytime I do a search for instance using google when I click on the search results my page is redirected to random pages or advertisements.

I have run the following in safe mode : Malawarebytes and Super Anti Spyware
I have also run ATF cleaner to try and remove anything there as well.

My web pages are still being redirected - any help in resolving this would be greatly appreciated.
If you need more information please let me know.
Thank you


See More: Search engine results redirected

Report •


#1
June 14, 2011 at 10:51:29
harp2033,

Try the following:

Please download RKill:
[http://download.bleepingcomputer.com/grinler/rkill.scr]
Save it to the Desktop.

For XP, double click the file to run it.
For Vista/Windows 7, select: Run as Administrator

A Command window temporarily opens.
Once the tool completes its work, the window closes and a log is displayed.

>>Please post the contents of the log in your reply.<<

Now, download TDSSKiller
http://support.kaspersky.com/downlo...
Save it to the Desktop.

Double-click* on TDSSKiller.exe to run the tool.
(*Vista/Windows 7 users, right-click the file, and select: Run As Administrator)

Click the Start Scan button.

Do not use the computer during the scan

If the scan completes with nothing found, click Close to exit.

When the scan finishes it displays a Scan results screen stating whether or not an infection was found on your computer.

To remove the infection, click on the Continue button.
If it does not say Cure on the results screen, leave it at the default action of Skip, and press the Continue button.

Do not change to Delete or Quarantine as it may delete infected files that are required for Windows to operate properly.

Reboot to finish the cleaning process.

If no reboot is requested, click on Report.
A log file should appear.

A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) is created and saved to the root directory (usually Local Disk C:).

>>Please provide the contents of TDSSKiller in your reply.<<

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#2
June 14, 2011 at 11:26:55
Thanks so much for taking a look , aaflac44.

Here is the RKill:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 06/14/2011 at 14:22:06.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

Rkill completed on 06/14/2011 at 14:22:12.

and
TDSSKiller :

2011/06/14 14:25:44.0684 3484 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/14 14:25:44.0981 3484 ================================================================================
2011/06/14 14:25:44.0981 3484 SystemInfo:
2011/06/14 14:25:44.0981 3484
2011/06/14 14:25:44.0981 3484 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/14 14:25:44.0981 3484 Product type: Workstation
2011/06/14 14:25:44.0981 3484 ComputerName: JMCKINNEYDESKTO
2011/06/14 14:25:44.0981 3484 UserName: JMcKinney
2011/06/14 14:25:44.0981 3484 Windows directory: C:\WINDOWS
2011/06/14 14:25:44.0981 3484 System windows directory: C:\WINDOWS
2011/06/14 14:25:44.0981 3484 Processor architecture: Intel x86
2011/06/14 14:25:44.0981 3484 Number of processors: 2
2011/06/14 14:25:44.0981 3484 Page size: 0x1000
2011/06/14 14:25:44.0981 3484 Boot type: Normal boot
2011/06/14 14:25:44.0981 3484 ================================================================================
2011/06/14 14:25:45.0966 3484 Initialize success
2011/06/14 14:25:50.0014 3280 ================================================================================
2011/06/14 14:25:50.0014 3280 Scan started
2011/06/14 14:25:50.0014 3280 Mode: Manual;
2011/06/14 14:25:50.0014 3280 ================================================================================
2011/06/14 14:25:51.0233 3280 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/14 14:25:51.0421 3280 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/14 14:25:51.0515 3280 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/14 14:25:51.0562 3280 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/14 14:25:51.0655 3280 AnyDVD (c4cf2de04d26371d1a079b628acff1fd) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2011/06/14 14:25:51.0765 3280 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/14 14:25:51.0780 3280 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/14 14:25:51.0827 3280 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/14 14:25:51.0859 3280 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/14 14:25:51.0890 3280 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/14 14:25:51.0937 3280 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/14 14:25:51.0968 3280 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/14 14:25:51.0999 3280 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/14 14:25:52.0031 3280 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/14 14:25:52.0124 3280 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
2011/06/14 14:25:52.0187 3280 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/14 14:25:52.0234 3280 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/14 14:25:52.0281 3280 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/14 14:25:52.0328 3280 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/14 14:25:52.0359 3280 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/14 14:25:52.0390 3280 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/14 14:25:52.0406 3280 e1kexpress (90700eb149c8ee9fd8f61821e7d4b8fe) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
2011/06/14 14:25:52.0468 3280 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/06/14 14:25:52.0531 3280 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/14 14:25:52.0609 3280 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/14 14:25:52.0625 3280 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/14 14:25:52.0640 3280 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/14 14:25:52.0703 3280 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/14 14:25:52.0750 3280 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/14 14:25:52.0765 3280 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/14 14:25:52.0812 3280 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/14 14:25:52.0828 3280 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/14 14:25:52.0875 3280 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/14 14:25:52.0922 3280 HECI (88a67c34e37186665e916fd347b50d19) C:\WINDOWS\system32\DRIVERS\HECI.sys
2011/06/14 14:25:52.0984 3280 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/14 14:25:53.0047 3280 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/14 14:25:53.0093 3280 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/14 14:25:53.0219 3280 ialm (d0190bbb1b577589548aba94e66d6838) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/06/14 14:25:53.0422 3280 IFXTPM (2cdf483f8fc2bf3f7b93e3bdd734cfbd) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
2011/06/14 14:25:53.0453 3280 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/14 14:25:53.0594 3280 IntcAzAudAddService (744a7507d7a69a2a54638b8e5b630c0b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/14 14:25:53.0719 3280 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/14 14:25:53.0750 3280 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/14 14:25:53.0781 3280 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/14 14:25:53.0797 3280 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/14 14:25:53.0828 3280 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/14 14:25:53.0891 3280 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/14 14:25:53.0938 3280 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/14 14:25:53.0984 3280 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/14 14:25:54.0047 3280 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/14 14:25:54.0078 3280 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/14 14:25:54.0125 3280 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/14 14:25:54.0156 3280 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/14 14:25:54.0203 3280 LGBusEnum (170e7093a77ad586f3a012a3db651d94) C:\WINDOWS\system32\drivers\LGBusEnum.sys
2011/06/14 14:25:54.0266 3280 LGVirHid (d2dd04d1c8df65eecd1f2c7fb947d43e) C:\WINDOWS\system32\drivers\LGVirHid.sys
2011/06/14 14:25:54.0328 3280 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/14 14:25:54.0375 3280 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/14 14:25:54.0422 3280 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/14 14:25:54.0485 3280 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/14 14:25:54.0532 3280 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/14 14:25:54.0563 3280 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/14 14:25:54.0625 3280 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/14 14:25:54.0657 3280 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/14 14:25:54.0703 3280 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/14 14:25:54.0735 3280 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/14 14:25:54.0750 3280 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/14 14:25:54.0797 3280 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/14 14:25:54.0813 3280 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/14 14:25:54.0844 3280 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/14 14:25:54.0891 3280 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/14 14:25:54.0954 3280 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/14 14:25:54.0969 3280 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/14 14:25:55.0016 3280 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/14 14:25:55.0032 3280 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/14 14:25:55.0063 3280 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/14 14:25:55.0094 3280 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/14 14:25:55.0141 3280 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/14 14:25:55.0188 3280 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/14 14:25:55.0235 3280 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/14 14:25:55.0251 3280 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/14 14:25:55.0313 3280 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/14 14:25:55.0344 3280 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/14 14:25:55.0376 3280 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/14 14:25:55.0407 3280 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/14 14:25:55.0438 3280 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/14 14:25:55.0469 3280 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/14 14:25:55.0516 3280 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/06/14 14:25:55.0594 3280 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/14 14:25:55.0626 3280 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/14 14:25:55.0657 3280 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/14 14:25:55.0735 3280 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/14 14:25:55.0751 3280 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/14 14:25:55.0782 3280 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/14 14:25:55.0798 3280 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/14 14:25:55.0829 3280 Razerlow (116c340acf37602d12cac6de6b8107cd) C:\WINDOWS\system32\Drivers\Razerlow.sys
2011/06/14 14:25:55.0876 3280 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/14 14:25:55.0907 3280 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/14 14:25:55.0954 3280 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/14 14:25:56.0016 3280 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/14 14:25:56.0063 3280 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/14 14:25:56.0188 3280 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/14 14:25:56.0204 3280 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/06/14 14:25:56.0251 3280 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/14 14:25:56.0298 3280 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/14 14:25:56.0313 3280 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/14 14:25:56.0345 3280 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/14 14:25:56.0423 3280 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/14 14:25:56.0470 3280 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/14 14:25:56.0517 3280 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/14 14:25:56.0548 3280 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/14 14:25:56.0595 3280 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/14 14:25:56.0689 3280 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/14 14:25:56.0751 3280 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/14 14:25:56.0814 3280 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/14 14:25:56.0829 3280 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/14 14:25:56.0861 3280 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/14 14:25:56.0923 3280 tmactmon (ca9e9c2c04a198ed345c1752222a5f3e) C:\WINDOWS\system32\drivers\tmactmon.sys
2011/06/14 14:25:56.0970 3280 tmcomm (a3d20789b3ff0576a29462bef25bcfcc) C:\WINDOWS\system32\drivers\tmcomm.sys
2011/06/14 14:25:57.0017 3280 tmevtmgr (21f215e54770c4bf93efaf63f58fe57e) C:\WINDOWS\system32\drivers\tmevtmgr.sys
2011/06/14 14:25:57.0095 3280 TmFilter (ac940a15959be57958b91cdb914aaa6c) C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys
2011/06/14 14:25:57.0142 3280 TmPreFilter (8651a867c78bd2b69f1d5f982138a074) C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
2011/06/14 14:25:57.0189 3280 tmtdi (0d943f6afa8bd3cfc6fdb5d5a5c17e91) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
2011/06/14 14:25:57.0267 3280 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/14 14:25:57.0345 3280 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/14 14:25:57.0408 3280 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2011/06/14 14:25:57.0454 3280 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/14 14:25:57.0470 3280 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2011/06/14 14:25:57.0501 3280 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/14 14:25:57.0533 3280 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/14 14:25:57.0564 3280 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2011/06/14 14:25:57.0611 3280 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/14 14:25:57.0658 3280 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/14 14:25:57.0673 3280 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/14 14:25:57.0736 3280 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\WINDOWS\system32\DRIVERS\VClone.sys
2011/06/14 14:25:57.0783 3280 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/14 14:25:57.0845 3280 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/14 14:25:57.0986 3280 VSApiNt (71a53597bfb4bad7218ad2beaba5c564) C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
2011/06/14 14:25:58.0017 3280 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/14 14:25:58.0095 3280 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/14 14:25:58.0158 3280 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/06/14 14:25:58.0205 3280 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/06/14 14:25:58.0252 3280 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/14 14:25:58.0299 3280 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/14 14:25:58.0330 3280 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/14 14:25:58.0439 3280 ================================================================================
2011/06/14 14:25:58.0439 3280 Scan finished
2011/06/14 14:25:58.0439 3280 ================================================================================
2011/06/14 14:25:58.0455 1956 Detected object count: 0
2011/06/14 14:25:58.0455 1956 Actual detected object count: 0


Report •

#3
June 14, 2011 at 11:42:20
✔ Best Answer
This 'thing' is going to play hide and seek...

Please download ComboFix:
http://download.bleepingcomputer.co...

Save to the Desktop,
Double-click ComboFix.exe to run it

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Only on XP, install the >Recovery Console< if asked to do so.

When the scan completes, a text window with your log opens.
The CF log is also found at C:\ComboFix.txt

Because of the potential size of this report, it is very difficult to post it in this forum. Please upload it to Windows Live SkyDrive:
http://explore.live.com/windows-liv...

Go to 'Sign up now - it's free!', and sign up
If you do not have a Hotmail or Live.com email address, select: Use your own email address, and proceed with the sign-up.

Check your email address to verify the account.

When done, go back to:
http://explore.live.com/windows-liv...
Sign in with your Windows Live ID if not already signed in

Now, select: SkyDrive (at the top)
Select: View Microsoft Office files:
http://explore.live.com/windows-liv...

Go to: Add Files > Drop documents here or select documents from your computer:
http://cid-2cf9b958250feb60.office....

Click: select documents from your computer
Go to the Desktop, and select the document, then, click Open
Click: Continue

Double click the file, and, in the next screen, go to the lower right side to: Information
Under Share with everyone, copy the web address.

>>Please post the web address in your reply.<<

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

Related Solutions

#4
June 15, 2011 at 05:08:05

Trying to run Combofix but the computer has Trend Micro office scan 9.205 on it and when I try to disable or unistall it asks for a password. No idea what the password is.
Combofix does give an option to proceed anyways but thought I would check here 1st and see if I should do that.
Thanks again

Report •

#5
June 15, 2011 at 06:06:52
Try the following:

Go to Start > Run, type: cmd

At the command prompt, type:
net stop tmlisten
Press the Enter key.

Now, type:
net stop ntrtscan
Press the Enter key.

Type: exit
Press the Enter key.

To start it again, later, use the following:
net start tmlisten
net start ntrtscan

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#6
June 15, 2011 at 06:51:29
ok combofix was able to run - thanks for the help there

Here is the log
http://cid-3eef57d68268da05.office....

if you cannot view it please let me know


Report •

#7
June 15, 2011 at 08:31:46
Got it!

Have to go out for a while, but will be back late this afternoon to take a look at the info and see what else we need to do.

Are you still getting redirected after runnung CF?

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#8
June 15, 2011 at 09:49:25
Well since I ran combofix everything has been working fine. I will continue testing it out this afternoon and advise for certain.

Thank you so much for all of your help - you have been great!

*Edit : I have rebooted everything and appears that it is fixed. So I stopped office scan again and reran combofix seems this was causing a problem :
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-KOQMLYTPE7 - c:\windows\Ovymyb.exe

Just an FYI

Thank you once again


Report •

#9
June 15, 2011 at 13:53:29
Other than the MSConfigStartUp-KOQMLYTPE7 - c:\windows\Ovymyb.exe >removed< orphan, nothing else strikes me like malware on the CF Log. Guess you did some cleaning up through MSConfig at some point.

If your computer is operating correctly, uninstall ComboFix as follows:

Go to Start > Run, and in the 'Open' field type (or copy/paste): combofix /uninstall
Note there is a space between combofix and /uninstall.
Click: OK

A security warning appears asking if you are sure you want to run ComboFix.
Click on the Run button to start the program.

ComboFix will uninstall itself from your computer and remove any backups and quarantined files. When it has finished you will see a dialog box stating that ComboFix has been uninstalled.

You can now delete the ComboFix program icon from your Desktop, if still there.


Once you have used the computer and rebooted a few times to make sure everything is in working order, it is time to flush your System Restore Points, and start fresh. (Once you do this, you will not be able to go back to a point before today.)

To flush the XP System Restore Points.

Go to Start > Run and type: msconfig
Press: Enter.

When msconfig opens, click the 'Launch System Restore' button.
On the next page, click the 'System Restore Settings' link on the left.

In the next prompt, check the box labeled: 'Turn Off System Restore'

Reboot.

Go back into msconfig and Turn System Restore Back On.
A new Restore Point is created.

If you have any additional problems with redirections, do not hesitate to post back!!

Good luck, harp2033!!!

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •


Ask Question