Yahoo browser redirecting

2010/09/20 10:38:42.0656 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/20 10:38:42.0656 ================================================================================
2010/09/20 10:38:42.0656 SystemInfo:
2010/09/20 10:38:42.0656
2010/09/20 10:38:42.0656 OS Version: 5.1.2600 ServicePack: 2.0
2010/09/20 10:38:42.0656 Product type: Workstation
2010/09/20 10:38:42.0656 ComputerName: RREICHE03
2010/09/20 10:38:42.0656 UserName: rreiche
2010/09/20 10:38:42.0656 Windows directory: C:\WINDOWS
2010/09/20 10:38:42.0656 System windows directory: C:\WINDOWS
2010/09/20 10:38:42.0656 Processor architecture: Intel x86
2010/09/20 10:38:42.0656 Number of processors: 2
2010/09/20 10:38:42.0656 Page size: 0x1000
2010/09/20 10:38:42.0656 Boot type: Normal boot
2010/09/20 10:38:42.0656 ================================================================================
2010/09/20 10:38:43.0062 Initialize success
2010/09/20 10:38:53.0218 ================================================================================
2010/09/20 10:38:53.0218 Scan started
2010/09/20 10:38:53.0218 Mode: Manual;
2010/09/20 10:38:53.0218 ================================================================================
2010/09/20 10:38:54.0656 Aavmker4 (467f062f76e07512ecc1f5f60aab2988) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/09/20 10:38:54.0937 Accelerometer (558a0039f0ef634397e1f61055504478) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
2010/09/20 10:38:55.0062 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/20 10:38:55.0156 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/09/20 10:38:55.0328 ADIHdAudAddService (1600cb3056c984af1987627128874e39) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2010/09/20 10:38:55.0484 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
2010/09/20 10:38:55.0625 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2010/09/20 10:38:55.0718 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2010/09/20 10:38:55.0843 AgereSoftModem (90456051c422e09bc36e6340dd891f0c) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/09/20 10:38:56.0593 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/20 10:38:57.0187 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/09/20 10:38:57.0250 aswMon2 (aa504fa592c9ed79174cb06b8ae340aa) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/09/20 10:38:57.0375 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/09/20 10:38:57.0500 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys
2010/09/20 10:38:57.0625 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/09/20 10:38:57.0703 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/20 10:38:57.0859 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/20 10:38:58.0218 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/20 10:38:58.0453 ATSWPDRV (4c42e4697f3a4ea0cd73a85116d7af7f) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
2010/09/20 10:38:58.0578 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/20 10:38:58.0765 b57w2k (133ad3794572bce689763a8356c7ed06) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/09/20 10:38:58.0890 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/09/20 10:38:59.0015 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/20 10:38:59.0203 btaudio (3aa4bf555c00c5b87fd48dd7bdbd4e97) C:\WINDOWS\system32\drivers\btaudio.sys
2010/09/20 10:38:59.0312 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys
2010/09/20 10:38:59.0484 BTKRNL (ba57f31eab93dc597d772f6f5b9ed54f) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2010/09/20 10:38:59.0625 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2010/09/20 10:38:59.0718 btwhid (6beb0adaa3d2b80e6515eec5d03b7540) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2010/09/20 10:38:59.0828 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/09/20 10:39:00.0140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/20 10:39:00.0421 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/20 10:39:00.0531 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/20 10:39:00.0656 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/20 10:39:01.0031 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/09/20 10:39:01.0234 COH_Mon (de88a385898f6d13026f94f749fbaed2) C:\WINDOWS\system32\Drivers\COH_Mon.sys
2010/09/20 10:39:01.0343 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/20 10:39:01.0890 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/20 10:39:02.0031 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2010/09/20 10:39:02.0093 DLABOIOM (d4587063acea776699251e177d719586) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/09/20 10:39:02.0171 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/09/20 10:39:02.0265 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\WINDOWS\system32\DLA\DLADResM.SYS
2010/09/20 10:39:02.0328 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/09/20 10:39:02.0421 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/09/20 10:39:02.0500 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/09/20 10:39:02.0578 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2010/09/20 10:39:02.0656 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/09/20 10:39:02.0750 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/09/20 10:39:02.0921 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/20 10:39:03.0031 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
2010/09/20 10:39:03.0109 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/20 10:39:03.0281 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/20 10:39:03.0562 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/20 10:39:03.0687 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/09/20 10:39:03.0875 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/09/20 10:39:04.0000 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
2010/09/20 10:39:04.0234 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/09/20 10:39:04.0296 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/09/20 10:39:04.0546 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/20 10:39:04.0734 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2010/09/20 10:39:04.0812 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/20 10:39:04.0906 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/09/20 10:39:05.0046 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/20 10:39:05.0218 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/20 10:39:05.0312 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/20 10:39:05.0390 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/20 10:39:05.0515 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
2010/09/20 10:39:05.0609 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/20 10:39:05.0765 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/20 10:39:05.0968 HP24X (04ebefe45b300a4edee5a38dc2791291) C:\WINDOWS\system32\DRIVERS\HP24X.sys
2010/09/20 10:39:06.0093 hpdskflt (5953c0952e4dd2b25b9adef05ab0285c) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
2010/09/20 10:39:06.0375 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/09/20 10:39:06.0500 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/09/20 10:39:06.0609 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/09/20 10:39:06.0765 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/20 10:39:07.0140 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/20 10:39:07.0437 IFXTPM (2cdf483f8fc2bf3f7b93e3bdd734cfbd) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
2010/09/20 10:39:07.0609 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/20 10:39:08.0015 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/20 10:39:08.0140 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/20 10:39:08.0250 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/20 10:39:08.0375 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/20 10:39:08.0515 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/20 10:39:08.0609 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/20 10:39:08.0750 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/20 10:39:08.0937 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/20 10:39:09.0093 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/20 10:39:09.0218 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/20 10:39:09.0312 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/20 10:39:09.0781 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
2010/09/20 10:39:09.0953 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/20 10:39:10.0125 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/20 10:39:10.0218 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/20 10:39:10.0312 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/20 10:39:10.0437 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/20 10:39:10.0671 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/20 10:39:10.0828 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/20 10:39:10.0968 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/20 10:39:11.0125 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/20 10:39:11.0250 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/20 10:39:11.0375 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/20 10:39:11.0531 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/20 10:39:11.0640 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/20 10:39:11.0859 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100916.002\NAVENG.SYS
2010/09/20 10:39:11.0984 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100916.002\NAVEX15.SYS
2010/09/20 10:39:12.0140 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/20 10:39:12.0234 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/20 10:39:12.0343 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/20 10:39:12.0437 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/20 10:39:12.0546 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/20 10:39:12.0687 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/20 10:39:12.0828 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/20 10:39:13.0093 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/20 10:39:13.0218 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/20 10:39:13.0359 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/20 10:39:13.0500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/20 10:39:13.0609 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/20 10:39:13.0734 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/20 10:39:13.0875 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/20 10:39:14.0093 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/20 10:39:14.0171 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/20 10:39:14.0265 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/20 10:39:14.0359 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/20 10:39:14.0593 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/20 10:39:14.0703 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/09/20 10:39:14.0828 PCTINDIS5 (a31c8ce8d17b4ee912479c8a2aba23f7) C:\WINDOWS\system32\PCTINDIS5.SYS
2010/09/20 10:39:15.0765 PersonalSecureDrive (0d8848fbe1765a3e27b69b5bef6d429f) C:\WINDOWS\System32\drivers\psd.sys
2010/09/20 10:39:16.0015 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/20 10:39:16.0140 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/09/20 10:39:16.0218 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/20 10:39:16.0375 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/20 10:39:16.0500 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/20 10:39:17.0000 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/20 10:39:17.0281 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/20 10:39:17.0453 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/20 10:39:17.0546 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/20 10:39:17.0687 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/20 10:39:17.0750 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/20 10:39:17.0937 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/20 10:39:18.0078 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/20 10:39:18.0203 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/20 10:39:18.0390 RimSerPort (32d6ab810537ce38cbffe04ed9f6709a) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/09/20 10:39:18.0484 RimUsb (c48ed71f500f07a01aa8ac274e144e93) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/09/20 10:39:18.0578 RimVSerPort (32d6ab810537ce38cbffe04ed9f6709a) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/09/20 10:39:18.0718 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/09/20 10:39:18.0953 RsvLock (874ed329b959e7ca77168fd0f1b837e2) C:\WINDOWS\system32\drivers\RsvLock.sys
2010/09/20 10:39:19.0125 SafeBoot (bf2d1bc0649aedbe8caa47d2f89e8d47) C:\WINDOWS\system32\drivers\SafeBoot.sys
2010/09/20 10:39:19.0125 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\SafeBoot.sys. md5: bf2d1bc0649aedbe8caa47d2f89e8d47
2010/09/20 10:39:19.0171 SafeBoot - detected Locked file (1)
2010/09/20 10:39:19.0234 SbAlg (f6367fb350f8e5d3f6dd8040e4c0e33b) C:\WINDOWS\system32\drivers\SbAlg.sys
2010/09/20 10:39:19.0359 SBHR (6b91a8fb259db9b9f50e964b4f425296) C:\WINDOWS\system32\drivers\sbhr.sys
2010/09/20 10:39:19.0609 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/20 10:39:19.0796 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/20 10:39:19.0921 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2010/09/20 10:39:20.0109 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/20 10:39:20.0671 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/09/20 10:39:20.0796 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/20 10:39:20.0921 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/20 10:39:21.0046 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2010/09/20 10:39:21.0203 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2010/09/20 10:39:21.0375 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2010/09/20 10:39:21.0515 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/20 10:39:21.0718 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/20 10:39:21.0953 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/20 10:39:22.0109 swmx02 (5753f4def80535e8d8ba753a18cb6a20) C:\WINDOWS\system32\DRIVERS\swmx02.sys
2010/09/20 10:39:22.0484 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/09/20 10:39:22.0593 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2010/09/20 10:39:22.0671 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/09/20 10:39:23.0015 SynTP (5876072999220ef2fba1ddec86d2b97e) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/09/20 10:39:23.0156 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/20 10:39:23.0328 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/20 10:39:23.0453 Tcpip6 (4d58bb1ae8841aafd8790ad7e1e3b8ea) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/09/20 10:39:23.0593 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/20 10:39:23.0718 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/20 10:39:23.0828 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/20 10:39:24.0156 tunmp (87a0e9e18c10a9e454238e3330e2a26d) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/09/20 10:39:24.0281 U2SP (228d8e60bc9c5238587b0bf1654ec580) C:\WINDOWS\system32\DRIVERS\u2s2kxp.sys
2010/09/20 10:39:24.0453 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/20 10:39:24.0703 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/20 10:39:24.0890 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/20 10:39:25.0015 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/20 10:39:25.0109 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/20 10:39:25.0218 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/09/20 10:39:25.0343 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/20 10:39:25.0453 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/20 10:39:25.0578 usb_rndisx (ae4df3b7d1db9373b08db4ed224e26b6) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2010/09/20 10:39:25.0750 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/09/20 10:39:25.0984 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/20 10:39:26.0140 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/20 10:39:26.0343 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/20 10:39:26.0750 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/09/20 10:39:26.0953 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/09/20 10:39:27.0406 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/20 10:39:27.0515 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/20 10:39:27.0906 ================================================================================
2010/09/20 10:39:27.0906 Scan finished
2010/09/20 10:39:27.0906 ================================================================================
2010/09/20 10:39:27.0984 Detected object count: 1
2010/09/20 10:40:16.0328 Locked file(SafeBoot) - User select action: Skip

Still redirecting as well.

Please download RenewMyDNS by DragonMaster Jay.

• Save it to your Desktop.
  
• Right-click on the file and select Extract All...
  
• Choose a location to save extracted files and keep pressing Next until Finish.
  
• Double-click RenewMyDNS folder, then double-click RenewMyDNS.bat to start the program.
  
• Follow the prompts, and when finished it will launch a log.
  
• Post that log in your next reply.
  
• After posting the log, delete the folder RenewMyDNS.

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.1.4 - November 2009

Microsoft Windows XP [Version 5.1.2600]


(((((((((((((((((((( Network and DNS Information ))))))))))))))))))))




Windows IP Configuration



Host Name . . . . . . . . . . . . : rreiche03

Primary Dns Suffix . . . . . . . : GJGrewe.local

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : GJGrewe.local

GJGrewe.local



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Broadcom 4321AG 802.11a/b/g/draft-n Wi-Fi Adapter

Physical Address. . . . . . . . . : 00-1A-73-74-65-BF

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.0.15

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::21a:73ff:fe74:65bf%4

Default Gateway . . . . . . . . . : 10.0.0.1

DHCP Server . . . . . . . . . . . : 10.0.0.1

DNS Servers . . . . . . . . . . . : 213.109.64.53

213.109.73.74

fec0:0:0:ffff::1%2

fec0:0:0:ffff::2%2

fec0:0:0:ffff::3%2

Lease Obtained. . . . . . . . . . : Tuesday, September 21, 2010 8:49:18 AM

Lease Expires . . . . . . . . . . : Wednesday, September 22, 2010 8:49:18 AM



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : GJGrewe.local

Description . . . . . . . . . . . : Broadcom NetLink Gigabit Ethernet

Physical Address. . . . . . . . . : 00-22-64-6F-28-86

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.1.35.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::222:64ff:fe6f:2886%5

Default Gateway . . . . . . . . . : 10.1.35.254

DHCP Server . . . . . . . . . . . : 10.1.35.1

DNS Servers . . . . . . . . . . . : 24.217.0.4

fec0:0:0:ffff::1%3

fec0:0:0:ffff::2%3

fec0:0:0:ffff::3%3

Primary WINS Server . . . . . . . : 10.1.35.1

Secondary WINS Server . . . . . . : 10.1.35.2

Lease Obtained. . . . . . . . . . : Tuesday, September 21, 2010 9:52:52 AM

Lease Expires . . . . . . . . . . : Wednesday, September 29, 2010 9:52:52 AM



Ethernet adapter Bluetooth Network:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Bluetooth LAN Access Server Driver

Physical Address. . . . . . . . . : 00-1A-6B-AF-4F-DE



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5445:5245:444f%6

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . : GJGrewe.local

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 0A-01-23-65

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:10.1.35.101%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%3

fec0:0:0:ffff::2%3

fec0:0:0:ffff::3%3

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 0A-00-00-0F

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:10.0.0.15%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%2

fec0:0:0:ffff::2%2

fec0:0:0:ffff::3%2

NetBIOS over Tcpip. . . . . . . . : Disabled


(((((((((((((((((((( DNS-Fake Request Testing and Flush ))))))))))))))))))))

... Requests made were successful


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.



(((((((((((((((((((( Speed-test - Ping ))))))))))))))))))))


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 98.137.149.56:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),



Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 64.202.189.170:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),



Pinging facebook.com [69.63.189.11] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 69.63.189.11:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),



Pinging microsoft.com [207.46.232.182] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 207.46.232.182:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


********************
EOF

Your router has been hacked by a malware author...aka hacker.

It has placed illegitimate DNS addresses in to the DNS servers boxes, making websites you go to check with these fake addresses first.

If the hacker chooses to do so, you will be redirected. I have to conclude that your router configuration has been hacked.

Routers can be hacked from inside the network, which means if there is malware on your computer, it can trace itself back to your router, log in to your router, and change settings.

These IP addresses:
-Static DNS 1: 213.109.64.7
-Static DNS 2: 213.109.72.139

are Russian IP addresses from a company called ProLite LTD. They have been the core issue of hacked routers on the Internet for a few months now.

What we need to do is a 30/30/30 reset for the router. It is a type of reset that will return it to firmware defaults....in other words...remove the malicious code from it and restores its original configuration.

You will need a paper clip, or something as small as a paper clip head (like a safety pin or needle).


While doing this, it may be appropriate to have someone help you, or be near the plug in for the router.

On the back of the router, there will be a reset button...use the pin/needle to hold down the reset button for 30 seconds...while you have the button held down unplug the router from the outlet...continue holding reset button for 30 seconds...plug the router back in and continue holding reset button for 30 more seconds. After that, release the reset button.

You router should recognize most types of configuration and you should be able to use it right away.

Re-set up your router as you did when you first got it. I know it is a time-based task, however, to defeat this infection, the router needs to be fully reset.

If you have done this all successfully, let me know. Test out the Internet and tell me of any redirects.

If you have any issues reconnecting the router, or getting it to work on your network, then do the following:

unplug the (usually yellow) Internet cable that is run from the modem to the router, and plug that cable directly in to your computer. You should be able to access the Internet from that temporarily so you can communicate with me.

Let me know how you got through all of this.

So far, from other hacked routers, they have been successfully reset, and the infection disappeared.

If I'm reading this correctly, I'm not sure that this makes sense. He can be home, on the road or at work and this happens. Isn't a router stationary? I *think* it is when he is using wi-fi but I will need to double check with him to see if it happens when logged in to his own private account at home as well.

Your computer should not have redirects while away from your normal location. But, in your normal location, the router is causing issues. By resetting the router, and throwing it back to its defaults, you can rid the infection.

I asked him today and he can be at home on his personal account, he can be at Starbucks, he can be tethered to his phone, he can be at work and using local wi-fi. The only time it does not happen (and I have confirmed this in as many of those places as possible) is when it is plugged in to the network cable at work.

so do I reset the home router?

Try that first, then we will search for more malware on the system.