Yahoo/Google Search Redirects

June 7, 2011 at 19:39:26
Specs: Windows XP, 1.2 1g
Im trying to get the search redirect problem of of my moms laptop for her. Ive ran spybot search and destroy and malwarebytes with no luck. Any help would really be appreciated.

See More: Yahoo/Google Search Redirects

Report •

#1
June 7, 2011 at 20:04:50
stang5_o2002,

Let's go beyond the normal scanners and see if we find any hidden files...

Please download TDSSKiller
http://support.kaspersky.com/downlo...
Save it to the Desktop.

Double-click* on TDSSKiller.exe to run the tool.
(*Vista/Windows 7 users, right-click the file, and select: Run As Administrator)

Click the Start Scan button.

Do not use the computer during the scan

If the scan completes with nothing found, click Close to exit.

When the scan finishes it displays a Scan results screen stating whether or not an infection was found on your computer.

To remove the infection, click on the Continue button.
If it does not say Cure on the results screen, leave it at the default action of Skip, and press the Continue button.

Do not change to Delete or Quarantine as it may delete infected files that are required for Windows to operate properly.

Reboot to finish the cleaning process.

If no reboot is requested, click on Report.
A log file should appear.

A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) is created and saved to the root directory (usually Local Disk C:).

>>Please provide the contents of TDSSKiller in your reply.<<


Also download aswMBR:
http://public.avast.com/~gmerek/asw...
Save to the Desktop.

If the file does not download, copy the following to the address bar of your browser. Do not include the brackets!
[http://public.avast.com/~gmerek/aswMBR.exe]

Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button
Save it to the Desktop.

>>Also post the aswMBR log in your reply.<<


Note:
Anti-virus and Anti-malware programs may prevent the tools we need to use from fixing an infected system. Please disable (temporarily) any Anti-virus and Anti-malware programs you have running (right click the program's Taskbar icon, or access each program through Start - Programs to disable), or, allow any changes when prompted…


Report •

#2
June 7, 2011 at 20:26:59
Thank you. Here are the logs you requested:


2011/06/07 23:10:38.0875 0628 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/07 23:10:39.0375 0628 ================================================================================
2011/06/07 23:10:39.0375 0628 SystemInfo:
2011/06/07 23:10:39.0375 0628
2011/06/07 23:10:39.0375 0628 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/07 23:10:39.0375 0628 Product type: Workstation
2011/06/07 23:10:39.0375 0628 ComputerName: HOME-34C37B443E
2011/06/07 23:10:39.0375 0628 UserName: Owner
2011/06/07 23:10:39.0375 0628 Windows directory: C:\WINDOWS
2011/06/07 23:10:39.0375 0628 System windows directory: C:\WINDOWS
2011/06/07 23:10:39.0375 0628 Processor architecture: Intel x86
2011/06/07 23:10:39.0375 0628 Number of processors: 1
2011/06/07 23:10:39.0375 0628 Page size: 0x1000
2011/06/07 23:10:39.0375 0628 Boot type: Normal boot
2011/06/07 23:10:39.0375 0628 ================================================================================
2011/06/07 23:10:51.0328 0628 Initialize success
2011/06/07 23:12:07.0968 3916 ================================================================================
2011/06/07 23:12:07.0968 3916 Scan started
2011/06/07 23:12:07.0968 3916 Mode: Manual;
2011/06/07 23:12:07.0968 3916 ================================================================================
2011/06/07 23:12:09.0031 3916 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/07 23:12:09.0218 3916 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/07 23:12:09.0437 3916 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/06/07 23:12:09.0593 3916 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/07 23:12:09.0671 3916 AFD (38d7b715504da4741df35e3594fe2099) C:\WINDOWS\System32\drivers\afd.sys
2011/06/07 23:12:09.0906 3916 AgereSoftModem (a7d5c71ff4a5b8fee626fe65b39d71d0) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/06/07 23:12:10.0531 3916 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/07 23:12:10.0687 3916 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/07 23:12:10.0828 3916 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/07 23:12:10.0984 3916 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/07 23:12:11.0140 3916 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/07 23:12:11.0375 3916 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/06/07 23:12:11.0468 3916 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2011/06/07 23:12:11.0656 3916 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/06/07 23:12:11.0859 3916 BTHPORT (51d05d5a8a7d93ab0b1a8d6a38db3ca4) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/06/07 23:12:12.0078 3916 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/06/07 23:12:12.0156 3916 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/07 23:12:12.0437 3916 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/07 23:12:12.0625 3916 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/07 23:12:12.0781 3916 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/07 23:12:12.0953 3916 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/07 23:12:13.0156 3916 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/07 23:12:13.0546 3916 dfmirage (d8cd6a2a94f545858eec6117f0d5dff4) C:\WINDOWS\system32\DRIVERS\dfmirage.sys
2011/06/07 23:12:13.0781 3916 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/07 23:12:14.0015 3916 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/07 23:12:14.0203 3916 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/07 23:12:14.0390 3916 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/07 23:12:14.0546 3916 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/07 23:12:14.0703 3916 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/07 23:12:14.0859 3916 drvmcdb (7f056a52bcba3102d2d37a4a2646c807) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/06/07 23:12:14.0921 3916 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/06/07 23:12:15.0140 3916 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/07 23:12:15.0375 3916 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/07 23:12:15.0546 3916 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/07 23:12:15.0593 3916 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/07 23:12:15.0734 3916 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/07 23:12:15.0812 3916 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/07 23:12:15.0953 3916 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/07 23:12:16.0031 3916 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/07 23:12:16.0203 3916 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/07 23:12:16.0312 3916 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/07 23:12:16.0546 3916 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/07 23:12:16.0687 3916 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/07 23:12:16.0750 3916 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/07 23:12:16.0937 3916 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/07 23:12:17.0187 3916 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/07 23:12:17.0515 3916 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/07 23:12:17.0765 3916 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/07 23:12:17.0921 3916 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/07 23:12:18.0000 3916 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/07 23:12:18.0171 3916 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/07 23:12:18.0250 3916 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/07 23:12:18.0484 3916 iPodDrv (cf79ff3d10864f73660a34e006b6b8f8) C:\WINDOWS\system32\drivers\iPodDrv.sys
2011/06/07 23:12:18.0687 3916 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/07 23:12:18.0843 3916 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/07 23:12:18.0921 3916 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/07 23:12:19.0125 3916 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/07 23:12:19.0375 3916 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/07 23:12:19.0562 3916 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/07 23:12:19.0750 3916 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/07 23:12:20.0046 3916 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/07 23:12:20.0265 3916 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/07 23:12:20.0546 3916 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/06/07 23:12:20.0718 3916 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/07 23:12:20.0906 3916 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/07 23:12:21.0000 3916 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/07 23:12:21.0156 3916 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/06/07 23:12:21.0890 3916 MpKsl483eba27 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{046C2814-2235-4E44-A80A-F4CED1727B26}\MpKsl483eba27.sys
2011/06/07 23:12:23.0671 3916 MRxDAV (65e818c473e220b6ab762e1966296fd1) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/07 23:12:23.0859 3916 MRxSmb (fb7dfd15d760ad339837a470f0e780d3) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/07 23:12:24.0078 3916 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/07 23:12:24.0156 3916 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/07 23:12:24.0453 3916 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/07 23:12:24.0609 3916 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/07 23:12:24.0781 3916 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/07 23:12:24.0953 3916 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/07 23:12:25.0171 3916 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/07 23:12:25.0578 3916 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/07 23:12:25.0703 3916 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/07 23:12:25.0765 3916 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/07 23:12:25.0937 3916 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/07 23:12:26.0015 3916 Netaapl (29c45722e20572b6440b57e3359e73ee) C:\WINDOWS\system32\DRIVERS\netaapl.sys
2011/06/07 23:12:26.0171 3916 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/07 23:12:26.0250 3916 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/07 23:12:26.0531 3916 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/07 23:12:26.0640 3916 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/07 23:12:26.0843 3916 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/07 23:12:26.0921 3916 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/07 23:12:27.0046 3916 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/07 23:12:27.0125 3916 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/06/07 23:12:27.0531 3916 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/07 23:12:27.0687 3916 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/07 23:12:27.0828 3916 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/07 23:12:27.0953 3916 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/07 23:12:28.0062 3916 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/07 23:12:28.0234 3916 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/06/07 23:12:28.0781 3916 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/07 23:12:28.0968 3916 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/07 23:12:29.0046 3916 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/07 23:12:29.0218 3916 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/06/07 23:12:29.0812 3916 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/07 23:12:29.0984 3916 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/07 23:12:30.0156 3916 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/07 23:12:30.0453 3916 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/07 23:12:30.0640 3916 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/07 23:12:30.0812 3916 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/07 23:12:31.0000 3916 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/07 23:12:31.0140 3916 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/07 23:12:31.0484 3916 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/06/07 23:12:31.0656 3916 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
2011/06/07 23:12:31.0859 3916 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/07 23:12:31.0937 3916 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/06/07 23:12:32.0125 3916 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/07 23:12:32.0406 3916 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/07 23:12:32.0609 3916 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/07 23:12:32.0765 3916 SiS315 (cff5e2a076286519a08cf32c6e8602a9) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/06/07 23:12:32.0937 3916 sisagp (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2011/06/07 23:12:33.0000 3916 SiSkp (741f2c7c62b9f55526e30c61701a31ac) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2011/06/07 23:12:33.0171 3916 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2011/06/07 23:12:33.0328 3916 smwdm (48a061aa55c6884547fe6c76d6d45790) C:\WINDOWS\system32\drivers\smwdm.sys
2011/06/07 23:12:33.0531 3916 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/07 23:12:33.0734 3916 sp_rsdrv2 (8831252bcf05fcfb5abd116a22e552d8) C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011/06/07 23:12:33.0843 3916 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/07 23:12:34.0031 3916 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/07 23:12:34.0218 3916 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/06/07 23:12:34.0406 3916 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/06/07 23:12:34.0500 3916 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/07 23:12:34.0671 3916 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/07 23:12:34.0906 3916 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/07 23:12:35.0109 3916 Tcpip (367de8e5f638c091f49273144274f629) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/07 23:12:35.0359 3916 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/07 23:12:35.0531 3916 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/07 23:12:35.0687 3916 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/07 23:12:35.0796 3916 tfsnboio (c229bf90443be8d3bd2b65d7f3ac0f35) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/06/07 23:12:35.0968 3916 tfsncofs (79ee9fcd7728e54ab8fbc30962f0416f) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/06/07 23:12:36.0156 3916 tfsndrct (9efb37e7de17d783a059b653f7e8afad) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/06/07 23:12:36.0390 3916 tfsndres (130254995ebedcb34d62e8d78ec9dbd0) C:\WINDOWS\system32\dla\tfsndres.sys
2011/06/07 23:12:36.0562 3916 tfsnifs (9b40e1e4aeed849812a2e43a388a7e77) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/06/07 23:12:36.0625 3916 tfsnopio (818047ad850b312705aa17ca96b9427d) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/06/07 23:12:36.0812 3916 tfsnpool (4603e813bcc6dd465cd8d2afd37fa90d) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/06/07 23:12:36.0984 3916 tfsnudf (6fc2cd904a9a55acfdfc780a611a75ed) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/06/07 23:12:37.0156 3916 tfsnudfa (d4afa4d00f8db3fd1c15b3fe49c3a96c) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/06/07 23:12:37.0453 3916 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/07 23:12:37.0687 3916 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/07 23:12:37.0906 3916 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/07 23:12:37.0968 3916 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/07 23:12:38.0109 3916 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/07 23:12:38.0171 3916 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/07 23:12:38.0578 3916 usbohci (c5e11cd822adf0019a5a862d9c4e2222) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/07 23:12:38.0796 3916 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/07 23:12:38.0953 3916 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/07 23:12:39.0015 3916 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/07 23:12:39.0203 3916 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/07 23:12:39.0421 3916 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/07 23:12:39.0515 3916 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/07 23:12:39.0718 3916 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/06/07 23:12:39.0953 3916 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/07 23:12:40.0500 3916 WPC54GSv2 (e679fe7890c366f3418963e289d273cf) C:\WINDOWS\system32\DRIVERS\WPC54GSv2.SYS
2011/06/07 23:12:40.0671 3916 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/06/07 23:12:40.0750 3916 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/06/07 23:12:40.0921 3916 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/07 23:12:40.0984 3916 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/07 23:12:41.0203 3916 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/06/07 23:12:41.0218 3916 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/07 23:12:41.0234 3916 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
2011/06/07 23:12:41.0265 3916 ================================================================================
2011/06/07 23:12:41.0265 3916 Scan finished
2011/06/07 23:12:41.0265 3916 ================================================================================
2011/06/07 23:12:41.0312 2616 Detected object count: 1
2011/06/07 23:12:41.0312 2616 Actual detected object count: 1
2011/06/07 23:13:11.0750 2616 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/07 23:13:11.0750 2616 \Device\Harddisk0\DR0 - ok
2011/06/07 23:13:11.0750 2616 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/07 23:13:52.0062 1780 Deinitialize success

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-07 23:25:01
-----------------------------
23:25:01.140 OS Version: Windows 5.1.2600 Service Pack 3
23:25:01.140 Number of processors: 1 586 0x209
23:25:01.140 ComputerName: HOME-34C37B443E UserName: Owner
23:25:02.250 Initialize success
23:25:08.062 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:25:08.062 Disk 0 Vendor: IC25N030ATMR04-0 MOAOAD4A Size: 28615MB BusType: 3
23:25:10.093 Disk 0 MBR read successfully
23:25:10.093 Disk 0 MBR scan
23:25:10.093 Disk 0 Windows XP default MBR code
23:25:12.093 Disk 0 scanning sectors +58589055
23:25:12.109 Disk 0 scanning C:\WINDOWS\system32\drivers
23:25:18.750 Service scanning
23:25:20.437 Disk 0 trace - called modules:
23:25:20.468 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:25:20.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82b71ab8]
23:25:20.468 3 CLASSPNP.SYS[f7f18fd7] -> nt!IofCallDriver -> \Device\00000080[0x82bd6f18]
23:25:20.468 5 ACPI.sys[f7e8f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82be43e0]
23:25:20.468 Scan finished successfully
23:25:50.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
23:25:50.906 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"



Report •

#3
June 7, 2011 at 20:32:38
Good job, stang5_o2002!! ;-)

This is a nasty one:
2011/06/07 23:13:11.0750 2616 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) User select action: Cure

How is the computer running now. Are you still having redirections?


Report •

Related Solutions

#4
June 7, 2011 at 20:44:07
I just tried a few quick searches using yahoo and google. Both worked perfectly without any redirects. Thank you so much! Is there anything I can do to prevent this from happening? The only antivirus she is running right now is microsoft security essentials. I just installed it yesterday. She had AVG free before that.

Report •

#5
June 7, 2011 at 21:05:40
I will get back with you tomorrow with some suggestions. It is time to get some ZZZzzzsss. ;-)

Report •

#6
June 8, 2011 at 10:16:54
stang5_o2002,

Here are some suggestions to keep your computer safe, and clean of malware:
http://malwarecrypt.com/index.php?t...


Malware is normally installed through vulnerabilities found in outdated and insecure programs on a computer.

You can use the Secunia Personal Software Inspector to scan for vulnerable programs:
http://secunia.com/vulnerability_sc...

The following screenshots of the Secunia PSI version 2.0 give you a glimpse at some of its functionality:
http://secunia.com/vulnerability_sc...

Secunia Support Forums:
http://secunia.com/community/forum/


Java is very often used by malware:
Clear the Java Cache
Click on Start > Control Panel > Java
On the General tab, under Temporary Internet Files, click: Settings
Next, click on the Delete Files button
There are two options in the window to clear the cache - Leave both checked:
-Applications and Applets
-Trace and Log Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the Cache.
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.


Use a Temp File Cleaner (TFC):
Download: http://oldtimer.geekstogo.com/TFC.exe
Save TFC to your desktop,
Save any unsaved work, as TFC will close all open applications.
Double-click TFC.exe to run the program.
If prompted, click Yes to reboot.

Use Security software:
Run Malwarebytes' Anti-Malware as needed:
http://download.cnet.com/Malwarebyt...

SuperAntiSpyware is another good choice:
http://www.superantispyware.com/sup...

Have a great week, stang5_o2002. If you have any additional problems, let us know. ;-)


Report •

Ask Question