WiredWX Hobby Weather ToolsLog in

 


Being redirected when using any search engine

2 posters

descriptionBeing redirected when using any search engine EmptyBeing redirected when using any search engine

more_horiz
Hello! Any help I can get with this problem is appreciated. I'm being redirected to random sites when using any search engine. I had a virus and even though that's been conquered, I'm a frequent search engine user, so this is incredibly annoying. I can copy and paste without a problem, but clicking on the site takes me elsewhere. Thanks!

descriptionBeing redirected when using any search engine EmptyRe: Being redirected when using any search engine

more_horiz
Hi.Welcome to the forum


Please run all these programs..


Download the TDSSKiller.exe and extract to your Desktop.


Execute TDSSKiller.exe by doubleclicking on it. You may be prompted to restart your machine. Type Y at the prompt.

Once complete, a log will be produced at root. It will be named

UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_27.1.2010_15.31.43_log.txt.


Attach that log here please.



====================================================


Please download Malwarebytes' Anti-Malware from one of these places:

Majorgeeks or Besttechie


Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.Do so.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.



===============================================



Download Combofix from Bleepingcomputer or Geekstogo and place it on your Desktop

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing before it starts scanning.Just leave it,it will start.

You can get help on disabling your protection programs here : http://www.bleepingcomputer.com/forums/topic114351.html

Please include the C:\ComboFix.txt in your next reply for further review.


Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a qualified helper







descriptionBeing redirected when using any search engine EmptyRe: Being redirected when using any search engine

more_horiz
Thanks so much for assisting, Pancake. I just began the process but if you could, let me know where I find the log. I'm unfamiliar with "Root". Thanks!

descriptionBeing redirected when using any search engine EmptyRe: Being redirected when using any search engine

more_horiz
Root is the the main drive.Just click Start/Explore and then click on Local Disk [C:]. It should be right at the top of the list.

descriptionBeing redirected when using any search engine EmptyRe: Being redirected when using any search engine

more_horiz
Hello again! I've restarted but see nothing that resembles that particular log. I've actually downloaded twice in case something went wrong the first time. Any idea what's going wrong? Thanks in advance!

descriptionBeing redirected when using any search engine EmptyRe: Being redirected when using any search engine

more_horiz
Do a scan for ComboFix.txt .If you still cannot find it run the MBAM and post that log.

descriptionBeing redirected when using any search engine EmptyRe: Being redirected when using any search engine

more_horiz
Finally! Had to uninstall IE and reinstall.


2011/01/28 07:29:17.0953 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/28 07:29:17.0953 ================================================================================
2011/01/28 07:29:17.0953 SystemInfo:
2011/01/28 07:29:17.0953
2011/01/28 07:29:17.0953 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/28 07:29:17.0953 Product type: Workstation
2011/01/28 07:29:17.0953 ComputerName: PRINCESS
2011/01/28 07:29:17.0953 UserName: Sherry
2011/01/28 07:29:17.0953 Windows directory: C:\WINDOWS
2011/01/28 07:29:17.0953 System windows directory: C:\WINDOWS
2011/01/28 07:29:17.0953 Processor architecture: Intel x86
2011/01/28 07:29:17.0953 Number of processors: 2
2011/01/28 07:29:17.0953 Page size: 0x1000
2011/01/28 07:29:17.0953 Boot type: Normal boot
2011/01/28 07:29:17.0953 ================================================================================
2011/01/28 07:29:18.0765 Initialize success
2011/01/28 07:29:26.0421 ================================================================================
2011/01/28 07:29:26.0421 Scan started
2011/01/28 07:29:26.0421 Mode: Manual;
2011/01/28 07:29:26.0421 ================================================================================
2011/01/28 07:29:29.0234 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/01/28 07:29:29.0453 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/28 07:29:29.0515 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/01/28 07:29:29.0609 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/01/28 07:29:29.0671 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/01/28 07:29:29.0734 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/01/28 07:29:29.0937 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/01/28 07:29:29.0968 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/28 07:29:30.0078 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/01/28 07:29:30.0125 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/01/28 07:29:30.0156 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/01/28 07:29:30.0203 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/01/28 07:29:30.0265 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/01/28 07:29:30.0328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/28 07:29:30.0359 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/28 07:29:30.0406 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/28 07:29:30.0484 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/28 07:29:30.0609 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/28 07:29:30.0671 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/28 07:29:30.0703 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/28 07:29:30.0796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/28 07:29:30.0828 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/28 07:29:30.0875 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/28 07:29:30.0953 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/01/28 07:29:30.0984 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/01/28 07:29:31.0125 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/28 07:29:31.0203 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/28 07:29:31.0265 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
2011/01/28 07:29:31.0296 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/28 07:29:31.0328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/28 07:29:31.0375 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/28 07:29:31.0421 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/28 07:29:31.0515 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/28 07:29:31.0546 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/01/28 07:29:31.0640 FdRedir (4689d92c5cab65f0b30be002c5f38a10) C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
2011/01/28 07:29:31.0656 FileDisk2 (18f2985ad068892b61bf08f78e5b390d) C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
2011/01/28 07:29:31.0718 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/28 07:29:31.0781 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/01/28 07:29:31.0875 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/28 07:29:32.0000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/28 07:29:32.0109 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/28 07:29:32.0187 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/01/28 07:29:32.0250 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/28 07:29:32.0296 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/28 07:29:32.0406 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/01/28 07:29:32.0484 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/01/28 07:29:32.0640 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/28 07:29:32.0750 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/28 07:29:32.0875 ialm (81efe1c5542afb2570758f39ae3b1151) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/01/28 07:29:33.0031 IFXTPM (0a359837e021bc04a04a6fd189492c65) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
2011/01/28 07:29:33.0093 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/28 07:29:33.0218 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/28 07:29:33.0250 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/28 07:29:33.0281 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/28 07:29:33.0312 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/28 07:29:33.0343 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/28 07:29:33.0390 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/28 07:29:33.0437 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/28 07:29:33.0500 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/28 07:29:33.0562 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/28 07:29:33.0609 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/28 07:29:33.0671 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/28 07:29:33.0796 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/01/28 07:29:33.0859 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/28 07:29:33.0890 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/28 07:29:33.0937 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/28 07:29:33.0968 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/28 07:29:34.0015 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/28 07:29:34.0093 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/28 07:29:34.0156 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/28 07:29:34.0203 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/28 07:29:34.0234 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/28 07:29:34.0250 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/28 07:29:34.0296 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/28 07:29:34.0359 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/28 07:29:34.0406 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/28 07:29:34.0484 Mvc25U870_VID_1262&PID_25FD (e88e7e9aa0ab34b6c664a4a43cea6316) C:\WINDOWS\system32\Drivers\Mvc25U870.sys
2011/01/28 07:29:34.0531 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/28 07:29:34.0593 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/28 07:29:34.0609 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/28 07:29:34.0671 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/28 07:29:34.0687 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/28 07:29:34.0734 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/28 07:29:34.0765 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/28 07:29:34.0796 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/28 07:29:34.0843 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/28 07:29:34.0921 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/01/28 07:29:34.0968 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
2011/01/28 07:29:34.0984 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/28 07:29:35.0031 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/28 07:29:35.0109 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/28 07:29:35.0312 nv (7d504e6fd9a69efd4bc8f8f4db66a01b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/01/28 07:29:35.0531 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/28 07:29:35.0546 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/28 07:29:35.0609 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/01/28 07:29:35.0687 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/01/28 07:29:35.0703 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/28 07:29:35.0750 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/28 07:29:35.0796 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/28 07:29:35.0859 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/28 07:29:35.0890 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/01/28 07:29:36.0078 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/28 07:29:36.0093 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/28 07:29:36.0156 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/28 07:29:36.0187 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/28 07:29:36.0328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/28 07:29:36.0390 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/28 07:29:36.0406 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/28 07:29:36.0453 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/28 07:29:36.0515 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/28 07:29:36.0578 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/28 07:29:36.0640 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/28 07:29:36.0703 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/28 07:29:36.0750 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/28 07:29:36.0828 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/01/28 07:29:36.0859 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/01/28 07:29:36.0937 s24trans (662c9f09076a2e1224c8833def1f5cb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/01/28 07:29:37.0046 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/01/28 07:29:37.0062 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/01/28 07:29:37.0125 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/28 07:29:37.0156 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/01/28 07:29:37.0203 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/01/28 07:29:37.0265 shpf (b8e1ac2cdad522572bfc73781d0e37e2) C:\WINDOWS\system32\DRIVERS\shpf.sys
2011/01/28 07:29:37.0312 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/28 07:29:37.0390 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
2011/01/28 07:29:37.0421 SonyImgF (f4ed73c7f82dfe11d6ebbf025a49cea1) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
2011/01/28 07:29:37.0484 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/01/28 07:29:37.0531 SPI (ad9436c46c10222b8f03405628a8cd86) C:\WINDOWS\system32\DRIVERS\SonyPI.sys
2011/01/28 07:29:37.0593 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/28 07:29:37.0640 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/28 07:29:37.0703 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/28 07:29:37.0750 ssfmonm (83a1fe75211bb59645fe53e469ad61c8) C:\WINDOWS\system32\DRIVERS\ssfmonm.sys
2011/01/28 07:29:37.0765 sshrmd (6fb311640254a0fc65fc70f4f58fb9b1) C:\WINDOWS\system32\DRIVERS\sshrmd.sys
2011/01/28 07:29:37.0828 ssidrv (16cd11a307389db133e08229ed300861) C:\WINDOWS\system32\DRIVERS\ssidrv.sys
2011/01/28 07:29:37.0953 STHDA (bbbc5bf9a5f1fb5d57e91b944d2e51a5) C:\WINDOWS\system32\drivers\sthda.sys
2011/01/28 07:29:38.0046 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/28 07:29:38.0093 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/28 07:29:38.0125 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/28 07:29:38.0281 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/28 07:29:38.0375 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/28 07:29:38.0437 TcUsb (63e7729e6ebc6f136f648d293b2ffaac) C:\WINDOWS\system32\Drivers\tcusb.sys
2011/01/28 07:29:38.0468 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/28 07:29:38.0484 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/28 07:29:38.0531 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/28 07:29:38.0609 ti21sony (403d3ed8b7f5e5a47e1e51fe5297c640) C:\WINDOWS\system32\drivers\ti21sony.sys
2011/01/28 07:29:38.0718 tosporte (6a404454c6133e749be33892eb6ffa35) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2011/01/28 07:29:38.0750 Tosrfbd (e4901804c4d8d613fa3560de2c2e0261) C:\WINDOWS\system32\Drivers\tosrfbd.sys
2011/01/28 07:29:38.0765 Tosrfbnp (613e09572f4c5b92ca6be8bdc4cc5b7d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2011/01/28 07:29:38.0812 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2011/01/28 07:29:38.0828 Tosrfhid (7726332391d8fca1a491a17f592fd6b3) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/01/28 07:29:38.0859 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2011/01/28 07:29:38.0890 Tosrfusb (7414a6461bc83a22b0ae009ace3e375b) C:\WINDOWS\system32\Drivers\tosrfusb.sys
2011/01/28 07:29:38.0984 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/28 07:29:39.0078 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/28 07:29:39.0156 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/28 07:29:39.0187 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/28 07:29:39.0265 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/28 07:29:39.0281 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/01/28 07:29:39.0312 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/28 07:29:39.0343 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/28 07:29:39.0406 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/01/28 07:29:39.0453 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/28 07:29:39.0593 w39n51 (b9be39d0c7419247e31138a070072299) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/01/28 07:29:39.0734 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/28 07:29:39.0781 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/28 07:29:39.0875 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/01/28 07:29:40.0015 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/01/28 07:29:40.0046 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/01/28 07:29:40.0078 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/28 07:29:40.0140 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/28 07:29:40.0156 wudfrd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
2011/01/28 07:29:40.0265 yukonwxp (96982cb3611bd4db9ed7a5ff2c29219f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/01/28 07:29:40.0328 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/28 07:29:40.0328 ================================================================================
2011/01/28 07:29:40.0328 Scan finished
2011/01/28 07:29:40.0328 ================================================================================
2011/01/28 07:29:40.0343 Detected object count: 1
2011/01/28 07:29:51.0343 \HardDisk0 - will be cured after reboot
2011/01/28 07:29:51.0343 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

descriptionBeing redirected when using any search engine EmptyRe: Being redirected when using any search engine

more_horiz
Malwarebytes is scanning now. Will attach report when it's finished. Thanks for helping me!

descriptionBeing redirected when using any search engine EmptyRe: Being redirected when using any search engine

more_horiz
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5633

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/28/2011 8:06:31 AM
mbam-log-2011-01-28 (08-06-31).txt

Scan type: Quick scan
Objects scanned: 199151
Time elapsed: 1 hour(s), 22 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Sherry\local settings\Temp\40.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\Sherry\local settings\Temp\a1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Sherry\local settings\Temp\0.10112282389137206.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Sherry\local settings\Temp\0.30508480425524687.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

descriptionBeing redirected when using any search engine EmptyRe: Being redirected when using any search engine

more_horiz
Downloaded ComboFix and now trying to disable CyberDefender Internet Security. I don't see it anywhere in my programs so I'm not sure how to do it. All other anti-virus programs have been disabled. Once I have this accomplished, I'll be ready to finish the ComboFix process.

descriptionBeing redirected when using any search engine EmptyRe: Being redirected when using any search engine

more_horiz
All systems are go, except I've been told i have a corrupt ComboFix file. Is there a way to delete it and re-download ComboFix? Every time I try it again, it downloads it with the next consecutive number. I'm now at ComboFix3 and that seems to be a problem. I also have never gotten a Desktop Icon with any download.

descriptionBeing redirected when using any search engine EmptyRe: Being redirected when using any search engine

more_horiz
Pancake, I'm not sure how this happened, but in the midst of this process, I don't appear to have the redirect problem anymore. I just tested it and everything seems to be working fine. Thanks for your help and if I encounter any problems later, I'll send a message in hopes that we can continue.

descriptionBeing redirected when using any search engine EmptyRe: Being redirected when using any search engine

more_horiz
Your redirect has been fixed.It was a root kit.

Ok.All done.I see no more malware.Log looks good! All those detections are either in quarantine or system restore, both of which we'll be cleaning out in just a minute. Congratulations, well done.


Go to :
Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK.


ComboFix /uninstall






Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.


Please download OTC to your desktop.


Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.


Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.

Afterwork

Malware Prevention

How Did I Get Infected

More Tips on Prevention

=============================


descriptionBeing redirected when using any search engine EmptyRe: Being redirected when using any search engine

more_horiz
Thanks so much. I'm doing this now. You're such a great help. I can't thank you enough!

descriptionBeing redirected when using any search engine EmptyRe: Being redirected when using any search engine

more_horiz
Glad to assist.

descriptionBeing redirected when using any search engine EmptyRe: Being redirected when using any search engine

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum