dreaded redirect virus as well. (Please Help)

September 24, 2011 at 11:18:52
Specs: Windows XP 64bit
I have a quad core machine win xp 64 bit. I have read all the thread on this site and they all say to use combofix but I cant with a 64bit system if anyone could please help me that would be great!

2011/09/22 12:56:53.0233 2576 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
2011/09/22 12:56:53.0733 2576 ================================================================================
2011/09/22 12:56:53.0733 2576 SystemInfo:
2011/09/22 12:56:53.0733 2576
2011/09/22 12:56:53.0733 2576 OS Version: 5.2.3790 ServicePack: 2.0
2011/09/22 12:56:53.0733 2576 Product type: Workstation
2011/09/22 12:56:53.0733 2576 ComputerName: COMPANY-481D439
2011/09/22 12:56:53.0733 2576 UserName: Administrator
2011/09/22 12:56:53.0733 2576 Windows directory: C:\WINDOWS
2011/09/22 12:56:53.0733 2576 System windows directory: C:\WINDOWS
2011/09/22 12:56:53.0733 2576 Running under WOW64
2011/09/22 12:56:53.0733 2576 Processor architecture: Intel x64
2011/09/22 12:56:53.0733 2576 Number of processors: 4
2011/09/22 12:56:53.0733 2576 Page size: 0x1000
2011/09/22 12:56:53.0733 2576 Boot type: Normal boot
2011/09/22 12:56:53.0733 2576 ================================================================================
2011/09/22 12:56:53.0999 2576 Initialize success
2011/09/22 12:56:56.0874 6124 ================================================================================
2011/09/22 12:56:56.0874 6124 Scan started
2011/09/22 12:56:56.0874 6124 Mode: Manual;
2011/09/22 12:56:56.0874 6124 ================================================================================
2011/09/22 12:56:57.0218 6124 ACPI (0cc42d1fb637112de6f6196ddaf83dec) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/22 12:56:57.0265 6124 ACPIEC (a4d4f508bc6613442b0c32cde443e382) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/22 12:56:57.0343 6124 aec (92500bc3a6e241bbc357f532dd500a75) C:\WINDOWS\system32\drivers\aec.sys
2011/09/22 12:56:57.0390 6124 AFD (2b61d15cbbcb45057304307c4a541c19) C:\WINDOWS\System32\drivers\afd.sys
2011/09/22 12:56:57.0468 6124 AmdPPM64 (cce290f816a286a6632530da169f5545) C:\WINDOWS\system32\DRIVERS\AmdPPM64.sys
2011/09/22 12:56:57.0515 6124 androidusb (9c59bf508c5d408bb348254e0ba2ee30) C:\WINDOWS\system32\Drivers\androidusb.sys
2011/09/22 12:56:57.0562 6124 Arp1394 (fda73c1ecd1ec4f366ff0ab85abf816d) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/22 12:56:57.0608 6124 aswFsBlk (b76182f203e0bd5eb6a5f6538f0faee4) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/09/22 12:56:57.0640 6124 aswMonFlt (a88e9544edda1ce83825dd22d6a8b5f9) C:\WINDOWS\system32\drivers\aswMonFlt.sys
2011/09/22 12:56:57.0671 6124 aswRdr (cfad2fb33b22e7039c9dc233baacbf8b) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/09/22 12:56:57.0687 6124 aswSP (594365e887f4a5ad3970870b352eb887) C:\WINDOWS\system32\drivers\aswSP.sys
2011/09/22 12:56:57.0718 6124 aswTdi (4ba0a0e1d36f88f536180ffe5efd8b7c) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/09/22 12:56:57.0765 6124 AsyncMac (7380acdd2d8e6621392e56d9a0467fe4) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/22 12:56:57.0796 6124 atapi (7a1814d0d112f50f828e25557a1ed29f) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/22 12:56:57.0812 6124 Atmarpc (62d65fce5695b53a2ddf92e83111ea06) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/22 12:56:57.0843 6124 audstub (1437089f59dba75fee4ed959077a938e) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/22 12:56:57.0890 6124 b57nd (b2dd529736ff6062917aaf84719c73f1) C:\WINDOWS\system32\DRIVERS\b57amd64.sys
2011/09/22 12:56:57.0921 6124 Beep (8ba2e5cdfde406dc4646afb894804844) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/22 12:56:57.0968 6124 CdaC15BA (982563cf02cd6d4e5d8e0f4b5cbb9b6a) C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys
2011/09/22 12:56:57.0983 6124 CdaD10BA (9067d96899d98ca4535a76e8c8b2e3a5) C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys
2011/09/22 12:56:57.0983 6124 Cdfs (4d99e36322fb51a8d1b2b6d6b69d9889) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/22 12:56:58.0015 6124 Cdrom (11663fe50e499ffee77979542b285f38) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/22 12:56:58.0062 6124 crcdisk (423f7a6e3af4c2a73c8c8ad945f72cba) C:\WINDOWS\system32\DRIVERS\crcdisk.sys
2011/09/22 12:56:58.0108 6124 Disk (417d7b9c6f36685a417e54690f8bd7b2) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/22 12:56:58.0124 6124 dmboot (19d704c92c2e2bd4dc99db18a3523918) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/22 12:56:58.0140 6124 dmio (b293ce1c9243219f6b9e5dbcaa75b962) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/22 12:56:58.0140 6124 dmload (c294e31d6cb7407a43c96ec1fec1f8a4) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/22 12:56:58.0202 6124 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
2011/09/22 12:56:58.0218 6124 Fastfat (7c713b9f6f968f135d3d819492882cdd) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/22 12:56:58.0233 6124 Fdc (7e35d423ff10ab5b8af1d3de86236690) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/22 12:56:58.0249 6124 Fips (73ea9000f8fb2e060954eb7c3377a3c7) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/22 12:56:58.0265 6124 Flpydisk (8ac77974378eac3548330951a5deeebf) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/22 12:56:58.0296 6124 FltMgr (087db260f98056ac40261acae4240882) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/22 12:56:58.0312 6124 Fs_Rec (70df80567a55a97894b4e8952ec5e7fc) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/22 12:56:58.0312 6124 Ftdisk (e90aa7c073519dd8571670818cb85ccb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/22 12:56:58.0358 6124 Gpc (865d4d0b4e3730ef8040000cfb846d9f) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/22 12:56:58.0390 6124 HDAudBus (d36e47728cdbc8d17a77d36a6cbc29bb) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/22 12:56:58.0405 6124 hidusb (f32bec5614a61bbb2bede070d279f88b) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/22 12:56:58.0437 6124 HTTP (b54738df11d0e06072bf9c332db1d254) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/22 12:56:58.0468 6124 i8042prt (50fd608643d9b56c4c75c0784513f77e) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/22 12:56:58.0515 6124 imapi (d2e541613b72ff9fcedf37b166930706) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/22 12:56:58.0608 6124 IntcAzAudAddService (2fa245b0d36dcff8fe4e32cc4b8259f0) C:\WINDOWS\system32\drivers\RTKHDA64.SYS
2011/09/22 12:56:58.0718 6124 Ip6Fw (6601a43ee389d0adb11aaede9a98036b) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/22 12:56:58.0718 6124 IpFilterDriver (1b1b4654a5492a42d2e1bf5b2b22d32b) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/22 12:56:58.0749 6124 IpNat (088ecb04137df1f52ec10c29d57a8cca) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/22 12:56:58.0765 6124 IPSec (db841ec6f027c780002ef47aabfddf86) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/22 12:56:58.0812 6124 irda (372fd41360303914ff9a6b4175a5509e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/09/22 12:56:58.0843 6124 IRENUM (8b7015ea0171242cca03c2fb48ccc771) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/22 12:56:58.0843 6124 irsir (1d821952457697bd165bda89fb84c677) C:\WINDOWS\system32\DRIVERS\irsir.sys
2011/09/22 12:56:58.0858 6124 isapnp (d994162e4d8e931fc16a892a87852bbb) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/22 12:56:58.0874 6124 Kbdclass (e85095372008a9194c7ed6206cb782da) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/22 12:56:58.0890 6124 kmixer (1b280b3b4c10cc2e3ec3aec17eb6b658) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/22 12:56:58.0890 6124 KSecDD (4d9faef159d1e704d3d8986b6831838b) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/22 12:56:58.0921 6124 ksthunk (5cb302b6caace41af70c34b56eb3db23) C:\WINDOWS\system32\drivers\ksthunk.sys
2011/09/22 12:56:58.0937 6124 mnmdd (ad6bc1efa0c1b53409947f06de87fc89) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/22 12:56:58.0968 6124 Modem (9a67a96a0cbc2bc658abf8c9b5ee065a) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/22 12:56:58.0983 6124 Mouclass (12acf32edf03e46805347817acb9f64c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/22 12:56:58.0999 6124 mouhid (a0c4e4a79c5d6f418315c33177f2b5bc) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/22 12:56:59.0015 6124 MountMgr (7e9cc7e4282a8e7a480560a6f817c177) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/22 12:56:59.0062 6124 MRxDAV (3d33208e5a7414d8633d34d24f119173) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/22 12:56:59.0124 6124 MRxSmb (9385e695b33068b90cf419186ecaa3de) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/22 12:56:59.0140 6124 Msfs (983f4ab7a50d56cd33e2061ee733bd55) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/22 12:56:59.0155 6124 MSKSSRV (308ec6fbef38871cb2c4cace9c8f4808) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/22 12:56:59.0171 6124 MSPCLOCK (8d3226738479719aab3b6d2617d7a55c) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/22 12:56:59.0171 6124 MSPQM (058d63e8d000ae678d4549bfa8eb0deb) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/22 12:56:59.0187 6124 mssmbios (5992d1f9ed64017a76afee2b79f5cfb9) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/22 12:56:59.0218 6124 MTsensor (cac3bb575e4a0417bff28d3196e44d3a) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/09/22 12:56:59.0249 6124 Mup (5902c8e565fe346076786f43103ef02e) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/22 12:56:59.0265 6124 NDIS (6fe83d05aebef7930d7ce91568dc99df) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/22 12:56:59.0312 6124 NdisTapi (389cfab53aa9807ea4536cb0b03609c3) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/22 12:56:59.0343 6124 Ndisuio (49c1207c1ae8c6958f1c1747132814c2) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/22 12:56:59.0374 6124 NdisWan (6157a7aeae6d2b948ff2e872ffac765b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/22 12:56:59.0390 6124 NDProxy (01b8acf7c9afa9005db6378077137bce) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/22 12:56:59.0405 6124 NetBIOS (b1cee06471a069149b11fada23ff00fd) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/22 12:56:59.0421 6124 NetBT (fedaafb6cd700b9e0787c94d81c07db5) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/22 12:56:59.0468 6124 NIC1394 (dafc30299e872cd7ed3795ea0fa08f67) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/22 12:56:59.0468 6124 Npfs (81819038621a2c524781ec503d400287) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/22 12:56:59.0515 6124 Ntfs (c8904b5f90ab2236692e83d491c4d426) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/22 12:56:59.0546 6124 Null (501039187c444fa7ab9d97b6a6c667b3) C:\WINDOWS\system32\drivers\Null.sys
2011/09/22 12:56:59.0733 6124 nv (b8444db3041357c47cab0b107ed7074b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/22 12:56:59.0921 6124 nvgts64 (5dd3f908eb9e604555a56471c071e3a8) C:\WINDOWS\system32\DRIVERS\nvgts64.sys
2011/09/22 12:56:59.0952 6124 NVHDA (72c176bd7200a6dbf93217476ed3e28c) C:\WINDOWS\system32\drivers\nvhda64.sys
2011/09/22 12:56:59.0983 6124 nvrd64 (57a5cded5683fcfc4eda3fc47dc37ec2) C:\WINDOWS\system32\DRIVERS\nvrd64.sys
2011/09/22 12:57:00.0030 6124 nvsmu (f6c6d8298dd85507f680437ec2e6899c) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
2011/09/22 12:57:00.0030 6124 ohci1394 (f8160ac8ae516a33221427c2353a7d12) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/22 12:57:00.0046 6124 Parport (7ddaa09186da9f1d304e819b5a6bbc5a) C:\WINDOWS\system32\drivers\Parport.sys
2011/09/22 12:57:00.0062 6124 PartMgr (5f9a703240468a0c35a629d17ffca847) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/22 12:57:00.0124 6124 pbfilter (0fa574776564125146f0336088d67696) C:\Program Files\PeerBlock\pbfilter.sys
2011/09/22 12:57:00.0124 6124 PCI (5b2c8d6971d8df4937c2fa013cd4c00d) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/22 12:57:00.0140 6124 PCIIde (f1978c7849a0047306db3b8bb94f0764) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/22 12:57:00.0171 6124 Pcmcia (037f3a19f49a4c6a320c4154ebd6ee9d) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/22 12:57:00.0233 6124 PptpMiniport (e176f640ee6bf550f61faa9ce9a683f4) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/22 12:57:00.0249 6124 Processor (1f6afb4d9ccf57ff90eb4932b672d1e6) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/09/22 12:57:00.0265 6124 PSched (01aae06e543c0956ac247546a8f2dafe) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/22 12:57:00.0265 6124 Ptilink (35e39a969d227c2a56c1dc98361d8e35) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/22 12:57:00.0296 6124 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\WINDOWS\system32\Drivers\PxHlpa64.sys
2011/09/22 12:57:00.0312 6124 RasAcd (d646a315e6386dac1d96c8ce8a4bfee7) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/22 12:57:00.0327 6124 Rasirda (45439f9f470dfcb96709d6f38baf9102) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/09/22 12:57:00.0327 6124 Rasl2tp (d81fdc53ee9c0f68d709e504342d1d74) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/22 12:57:00.0343 6124 RasPppoe (31fa5ab662c58cc5cf92396224f6b29a) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/22 12:57:00.0358 6124 Raspti (701493f9a6ede759af8d3fa7c08bab3b) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/22 12:57:00.0374 6124 Rdbss (f1c8347f0e437e145b2e30a6f29e45bd) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/22 12:57:00.0390 6124 RDPCDD (c013379d04060318c3b2e4967d82739a) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/22 12:57:00.0437 6124 rdpdr (0482a9be0be2098a12a61464306bf24b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/22 12:57:00.0483 6124 RDPWD (a7b23272893f8c98c74b3a2fa54a9491) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/22 12:57:00.0515 6124 redbook (1d793394201000d2d56e848c18fe9a62) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/22 12:57:00.0577 6124 Secdrv (3ea8a16169c26afbeb544e0e48421186) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/22 12:57:00.0608 6124 Serenum (111b29f3fcf9fb61c903a01e3706f7dc) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/22 12:57:00.0640 6124 Serial (c0dc97399576fccff5fe877ec2d8dacc) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/22 12:57:00.0687 6124 Sfloppy (c6eacc8920a31b8d5842d1f7a28e2113) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/22 12:57:00.0733 6124 splitter (17ec29105989101db536c49e1279a0eb) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/22 12:57:00.0765 6124 sr (dae1d5553d42a06034001d6ef4f5cb36) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/22 12:57:00.0812 6124 Srv (2a08328562d0ba596b699eeb90b511d1) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/22 12:57:00.0843 6124 swenum (b6536185feeb8f0c86ad3bf2fbab4f2f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/22 12:57:00.0858 6124 swmidi (8e9e35b36a27ad154a5f92397cde343c) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/22 12:57:00.0937 6124 sysaudio (2e843f129daf4c789df7acd40e26208f) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/22 12:57:00.0999 6124 Tcpip (34d970b38e9e835009e1ad07c5422b58) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/22 12:57:01.0062 6124 TDPIPE (da1e9cd22238fa4db565ef41c7312e1b) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/22 12:57:01.0077 6124 TDTCP (47d24ebb1c442dcc18d89b8b89bafb49) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/22 12:57:01.0093 6124 TermDD (8ab9ad44907d4c57ad10e175c8720ecf) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/22 12:57:01.0155 6124 Udfs (a6dd2dfcc44ec61d18aa645620cd8f63) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/22 12:57:01.0171 6124 Update (70ca9db8119fff67d9938f2ab2b8d50c) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/22 12:57:01.0233 6124 usbaudio (88354ba123549c6b0016592866063837) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/22 12:57:01.0249 6124 usbccgp (3421b0691a0e365a020836369a296f0c) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/22 12:57:01.0249 6124 usbehci (ae6521a1c79fc955ff26be9ca5521b51) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/22 12:57:01.0265 6124 usbhub (d63cb1b59d54f9c2bb8a4107584a664f) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/22 12:57:01.0280 6124 usbohci (fa9c0d7c2dc899d3e7c2a8721d17a3f8) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/09/22 12:57:01.0312 6124 usbprint (040f6f425a6cc4fb156470502cafb31b) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/22 12:57:01.0343 6124 usbscan (280894f834f5b9910dadff7568f37b31) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/22 12:57:01.0374 6124 USBSTOR (edce8a162e8023fd1751e08e23e41948) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/22 12:57:01.0405 6124 vga (b40cfd2ffdd838b0ce0c35ee449407bd) C:\WINDOWS\system32\DRIVERS\vgapnp.sys
2011/09/22 12:57:01.0437 6124 VgaSave (78ebfe6f11f10db8237b910e9158ca91) C:\WINDOWS\System32\drivers\vga.sys
2011/09/22 12:57:01.0452 6124 VolSnap (fd6d28d1bbf31c719d9c5ec2d20fb5c2) C:\WINDOWS\system32\DRIVERS\volsnap.sys
2011/09/22 12:57:01.0468 6124 Wanarp (d2a01d73fe4a455c1d741b48c56763b2) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/22 12:57:01.0515 6124 Wdf01000 (4a8e02f3b8fde6d2546e392d61c67427) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/09/22 12:57:01.0577 6124 wdmaud (daff7e89c84079022b9606f83e1bd29a) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/22 12:57:01.0624 6124 WmiAcpi (ea6a8317c29120ede0e422286712d769) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/09/22 12:57:01.0655 6124 WS2IFSL (13c901a30b4c248d640c4f32919cb920) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/09/22 12:57:01.0702 6124 yukonx64 (dfaf7fea7683b8bbb515c1b32b455551) C:\WINDOWS\system32\DRIVERS\yk51x64.sys
2011/09/22 12:57:01.0749 6124 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/09/22 12:57:01.0937 6124 Boot (0x1200) (a133857eb8c062b887e664614933ea89) \Device\Harddisk0\DR0\Partition0
2011/09/22 12:57:01.0952 6124 ================================================================================
2011/09/22 12:57:01.0952 6124 Scan finished
2011/09/22 12:57:01.0952 6124 ================================================================================
2011/09/22 12:57:01.0952 3884 Detected object count: 0
2011/09/22 12:57:01.0952 3884 Actual detected object count: 0
2011/09/22 12:58:53.0515 6224 Deinitialize success


See More: dreaded redirect virus as well. (Please Help)

Report •


#1
September 24, 2011 at 11:19:58
Im Headed to work right now I will be back in 8 hours and be able to check this board. Any help would be great. Thanks - Rexor

Report •

#2
September 24, 2011 at 19:52:09
rexor,

It is best to run the following tool to obtain information on what is going on with your system, and then determine what other programs need to be run:

Please download DDS from one of these locations:
http://download.bleepingcomputer.co...
http://download.bleepingcomputer.co...

Save to your Desktop

XP - Double click the file to run the program.

When done, DDS opens two logs:
-DDS.txt
-Attach.txt

Save both reports to your Desktop.

Since these reports are large, please go to the Uploading website:
http://uploading.com/files/upload/

In: 'Select files to upload', click 'Browse', and 'Look in' the Desktop.

Select the DDS.txt, and click on 'Open'
You will see the following:
"Your file has been uploaded successfully: (Name and size of the file)"

Please copy the 'Download link'.

Do the same uploading for the Attach.txt.

Please copy the 'Download link', for each report, and provide them in your reply.

Thanks!

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#3
September 24, 2011 at 20:10:18
Downloaded both saved both to desktop and couldn't run either. I made a screen shot of the situation .. It said that it didn't support my operating system winxp (64bit) it supported vista and win7 64 bit though.

[url=http://uploading.com/files/7195m93b/untitled.JPG/]untitled.JPG - 20.9 KB[/url]

untitled.JPG - 20.9 KB

ps. Thank you for taking the time to help me. I hope we can fix this.

pps. my aim is rexor774 if you want to message me directly.


Report •

Related Solutions

#4
September 24, 2011 at 21:15:46
rexor,

Are you running Windows XP Professional x64 Edition which is basically a Server 2003 OS?

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#5
September 24, 2011 at 21:26:59
yes winxp pro 64bit

2003
service pack 2
quad core processor
2.50 GHz
7.75 GB ram


Report •

#6
September 24, 2011 at 21:53:56
Trying to find something that runs there is going to be a tough one.

Try the Kaspersky Virus Removal Tool:

Download:
http://www.kaspersky.com/antivirus-...

Download the program distributive.

Click on 'Run' in the download prompt: setup_<build_number>_<date>_<time>.exe (example setup_9.0.0.722_22.01.2010_10-04.exe)

Wait until the program unpacks temporary files.

In the lower part of the welcome window, select the required language to use during the installation.

Read the license agreement and check the I accept the license agreement option.

Click: Start

In the ‘Automatic Scan’ tab, click the settings gear (right top)
Under 'Scan Scope', select your C:\ drive

Click the 'Start Scanning' button to launch the application.

When the scan is finished, click on: 'Reports' icon (next to the gear icon)

Select: 'Automatic Scan Report'

Click on Save, and save to the Desktop

Please provide the Kaspersky Virus Removal Tool report in your reply.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#7
September 24, 2011 at 23:31:39
big file. 86mb. hope it helps.

http://uploading.com/files/c8197684...

kaspersky report.txt - 86.0 MB


Report •

#8
September 25, 2011 at 10:09:10
404 not found is all that shows up.

Did you see where it removed any malware?

We need to see some information about what is happening in your Windows Server 2003 system, and the following program has run on this Operating System.

Please do the following:
Download OTL:
http://oldtimer.geekstogo.com/OTL.exe

Save to the Desktop.
Double click the OTL icon to run the program.

Click: Scan All Users
Press the Quick Scan button.

When done, two reports open:
OTListIt.txt <- Opens
Extra.txt <- Is minimized

Since these reports can also be large (but not 86MB!!), please go to the ‘Uploading’ website:
http://uploading.com/files/upload/

In: Select files to upload, click 'Browse', and 'Look in' the Desktop.
Select the OTListIt report, and click on 'Open'
You will see the following:
“Your file has been uploaded successfully: (Name and size of the file)”

Please copy the 'Download link', and provide it in your reply.

Do the same for the 'Extra.txt' report.

Next, download Rootkit Unhooker:
http://www.kernelmode.info/ARKs/RKU...
Save it to the Desktop.

Double-click on RKUnhookerLE.exe to run it.
Click the Report tab, and then click Scan

Check (Tick) Drivers, Stealth and uncheck the rest.
Click 'OK'

Wait until the scanner finishes and then click File, Save Report
Save the report on the Desktop.
Click: 'Close'

Please upload this report also, and provide the download link in your reply.

Note - if you get the following warning, just ignore:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
Click on 'Cancel', then 'Accept'

While we are doing all these diagnostics, please, do not install any new programs or perform any other scans.

Thank you.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#9
September 25, 2011 at 11:02:34
When running Kaspersky Virus Removal Tool I didn't see any malware removed. I did watch it run for the first couple of minutes and saw a couple files that couldn't be scanned due to password protection?


OTL ran just fine here are the two files that came out of it.

OTL .txt
http://uploading.com/files/8621fddc...
[url=http://uploading.com/files/8621fddc/OTL.Txt/]OTL.Txt - 78.4 KB[/url]


Extras.txt
http://uploading.com/files/8b3adm9b...
[url=http://uploading.com/files/8b3adm9b/Extras.Txt/]Extras.Txt - 81.5 KB[/url]


Next, download Rootkit Unhooker: while running this i got a error message that wouldn't let it run :
Exception code : 0xC0000005
Instruction address : 0x00402EAA
Attempt to read at address : 0xFFFFFFFF


If you have trouble with either of the files let me know they aren't very large i can just post them here.


Report •

#10
September 25, 2011 at 14:28:03
rexor,,

Is this a work computer, and is there an IT department there?

The OTL report did not provide a lot of information, but, the little that was there leads me to believe that there may be a Rootkit in the works.

To be very honest with you, I have no clue as to whether any of the tools that I am familiar with will work with your system, and i am not interested in using you as a guinea pig. Any of the tools may wipe out all sorts of critical files, and that will be the end of your system, as well as a very irresponsible action on my behalf.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#11
September 25, 2011 at 14:45:38
damn. damn.

no this is my own personal computer. I built it myself with the things i wanted. Im with you that its a rootkit problem. im usually pretty good with this sort of thing i fix most of my friends computers. Like you im at a loss. I dont even remember what i did to cause it. oh well. My biggest fear is logging into my banking website without a wipe and fresh install.


Report •

#12
September 25, 2011 at 15:10:15
rexor,

What happened to cause it is really water under the bridge now...I'm sure it was not intentional.

You are probably right in following your gut feeling of doing a wipe of the entire hard drive, and a fresh install.

Do some googling of how to format and install when possibly infected with a Rootkit. There are considerations that need to be taken when that is the case. It is normally not a simple format/install.

You might also want to consider installing a different Operating System. This one may be very unique, but, if you cannot fix it with the tools that are currently available, where does that leave you? Bottom line is your choice, but just bringing up a few thought if it were my computer.

I apologize for my ignorance, but I am just not familiar with how to work on a Windows Server 2003, and any efforts checked on other forums did not succeed.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE and the
Alliance of Security Analysis Professionals


Report •


Ask Question