google links redirected and other problems

**oi_fabs** · 04-06-2011

Hi,
I think I have something wrong with my computer, often link on google searches get redirected to some random page or youtube video, also i can't seem to access the website for windows update (as if I had no connection). Also I have other problems: computer is slow, sometimes breaaks down etc.

I have already posted this somewhere else in this forum and was told to try combofix, which I tried and didn't work.

[HJT log removed - Broni]

Any help would be really appreciated
thanks
Fabio

**broni** · 04-06-2011

Welcome aboard

Please, complete all steps listed here: HERE

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

**oi_fabs** · 05-06-2011

Hi,
I followed all the steps apart from the last, when opening dds it just opened a web page with a lot of strange characters and no logs where generated.

Here all the other log:

MALWAREBYTES (italia)
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Versione database: 6756

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

04/06/2011 23.00.55
mbam-log-2011-06-04 (23-00-55).txt

Tipo di scansione: Scansione veloce
Elementi esaminati: 161775
Tempo trascorso: 6 minuti, 43 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)

GMER
GMER 1.0.15.15640 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-06-05 01:02:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 ST9250421ASG rev.DEA2
Running: nh8m47th.exe; Driver: C:\DOCUME~1\FABIOR~1\IMPOST~1\Temp\ugtdypob.sys

---- System - GMER 1.0.15 ----

SSDT B87B1166 ZwCreateKey
SSDT B87B115C ZwCreateThread
SSDT B87B116B ZwDeleteKey
SSDT B87B1175 ZwDeleteValueKey
SSDT B87B117A ZwLoadKey
SSDT B87B1148 ZwOpenProcess
SSDT B87B114D ZwOpenThread
SSDT B87B1184 ZwReplaceKey
SSDT B87B117F ZwRestoreKey
SSDT B87B1170 ZwSetValueKey
SSDT B87B1157 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB5BF5360, 0x56C395, 0xE8000020]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xA4B3D400, 0x7960C, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA4BDF420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA4BDF420]
.protectÿÿÿÿhardlockunknown last code section [0xA4BDF200, 0x5049, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xA4BDF200, 0x5049, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[456] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 01A3000A
.text C:\WINDOWS\Explorer.EXE[456] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 01A4000A
.text C:\WINDOWS\Explorer.EXE[456] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 019D000C
.text C:\Programmi\Mozilla Firefox\plugin-container.exe[624] USER32.dll!SetWindowLongA 7E3AC29D 5 Bytes JMP 10698DD9 C:\Programmi\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programmi\Mozilla Firefox\plugin-container.exe[624] USER32.dll!SetWindowLongW 7E3AC2BB 5 Bytes JMP 10698D6B C:\Programmi\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programmi\Mozilla Firefox\plugin-container.exe[624] USER32.dll!GetWindowInfo 7E3AC49C 5 Bytes JMP 104C7187 C:\Programmi\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programmi\Mozilla Firefox\plugin-container.exe[624] USER32.dll!TrackPopupMenu 7E3E531E 5 Bytes JMP 104C7781 C:\Programmi\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\System32\svchost.exe[1740] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00EF000A
.text C:\WINDOWS\System32\svchost.exe[1740] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 00F0000A
.text C:\WINDOWS\System32\svchost.exe[1740] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 00EE000C
.text C:\WINDOWS\System32\svchost.exe[1740] USER32.dll!GetCursorPos 7E3A974E 5 Bytes JMP 0089000A
.text C:\WINDOWS\System32\svchost.exe[1740] USER32.dll!WindowFromPoint 7E3A9766 5 Bytes JMP 008A000A
.text C:\WINDOWS\System32\svchost.exe[1740] USER32.dll!GetForegroundWindow 7E3A9823 5 Bytes JMP 008B000A
.text C:\WINDOWS\System32\svchost.exe[1740] ole32.dll!CoCreateInstance 774CF1AC 5 Bytes JMP 01BD000A
.text C:\Programmi\Mozilla Firefox\firefox.exe[1868] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 0171000A
.text C:\Programmi\Mozilla Firefox\firefox.exe[1868] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 0172000A
.text C:\Programmi\Mozilla Firefox\firefox.exe[1868] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 0170000C

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8ACD231B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8ACD231B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8ACD231B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8ACD231B

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

MBRCHECK
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000ac

Kernel Drivers (total 144):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E6000 \WINDOWS\system32\hal.dll
0x8AC3E000 \WINDOWS\system32\KDCOM.DLL
0xB84BC000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85A8000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB7F68000 pci.sys
0xB80A8000 isapnp.sys
0xB80B8000 ohci1394.sys
0xB80C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB84C0000 compbatt.sys
0xB84C4000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80D8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB8330000 PartMgr.sys
0xB80E8000 VolSnap.sys
0xB7F31000 atapi.sys
0xB8338000 cercsr6.sys
0xB7F19000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xB80F8000 disk.sys
0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7EF9000 fltmgr.sys
0xB7EE7000 sr.sys
0xB8118000 PxHelp20.sys
0xB7ED0000 KSecDD.sys
0xB7E43000 Ntfs.sys
0xB7E16000 NDIS.sys
0xB7DFC000 Mup.sys
0xB81C8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB5BF5000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB5BE1000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB84A0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB5BBD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB84A8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB5B95000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB5B01000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xB5AD6000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xB81E8000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB5AC2000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB6D16000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xB5AAE000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xB5A5D000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xB6D06000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB84B0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB8348000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB6CF6000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB6CE6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB6CD6000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB5A3A000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8368000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB8588000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB858C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB6CC6000 \SystemRoot\System32\Drivers\tosrfcom.sys
0xB870A000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB8608000 \SystemRoot\System32\Drivers\RootMdm.sys
0xB8370000 \SystemRoot\System32\Drivers\Modem.SYS
0xB6CB6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB8590000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB5A23000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB6CA6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB6C96000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB8378000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB5A12000 \SystemRoot\system32\DRIVERS\psched.sys
0xB6C86000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8380000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8388000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8390000 \SystemRoot\system32\DRIVERS\hamachi.sys
0xB8398000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xB59E2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB664E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB59C5000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xB860E000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB5967000 \SystemRoot\system32\DRIVERS\update.sys
0xB7DCC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB83A0000 \SystemRoot\system32\DRIVERS\Rockey4.sys
0xB81F8000 \SystemRoot\system32\DRIVERS\tosporte.sys
0xB8208000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAF403000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB8638000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA8F1A000 \SystemRoot\system32\drivers\sthda.sys
0xA8EF6000 \SystemRoot\system32\drivers\portcls.sys
0xAF3F3000 \SystemRoot\system32\drivers\drmk.sys
0xA8EC2000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xA8DD0000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xA8D1D000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xB863E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB87A5000 \SystemRoot\System32\Drivers\Null.SYS
0xB8640000 \SystemRoot\System32\Drivers\Beep.SYS
0xB2524000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB251C000 \SystemRoot\System32\drivers\vga.sys
0xB8642000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xB8646000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB2514000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB250C000 \SystemRoot\System32\Drivers\Npfs.SYS
0xAA656000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA8CEA000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8C91000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA8C69000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA8C43000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA8C21000 \SystemRoot\System32\drivers\afd.sys
0xAF3D3000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB2504000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xA8BF6000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8B86000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAF3C3000 \SystemRoot\System32\Drivers\Fips.SYS
0xA8B6A000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xB864A000 \??\C:\Programmi\Avira\AntiVir Desktop\avgio.sys
0xAA636000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xAF3A3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAF038000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xAF028000 \SystemRoot\System32\Drivers\oz776.sys
0xAA205000 \SystemRoot\System32\Drivers\SMCLIB.SYS
0xA8B46000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA8B14000 \SystemRoot\System32\Drivers\Udfs.SYS
0xA8AE9000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB865C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xADCE5000 \SystemRoot\System32\drivers\Dxapi.sys
0xAF0F6000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB86F4000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBD638000 \SystemRoot\System32\ATMFD.DLL
0xA5F4B000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB47D3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA5D66000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA5D01000 \SystemRoot\system32\drivers\wdmaud.sys
0xB409E000 \SystemRoot\system32\drivers\sysaudio.sys
0xA5B03000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA4B3D000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xA4ABD000 \SystemRoot\system32\DRIVERS\srv.sys
0xA4FB9000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xADFDB000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xA2798000 \SystemRoot\System32\Drivers\HTTP.sys
0x9FCF2000 \??\C:\DOCUME~1\FABIOR~1\IMPOST~1\Temp\ugtdypob.sy s
0x9FCC7000 \SystemRoot\system32\drivers\kmixer.sys
0xADE13000 \SystemRoot\system32\DRIVERS\tosrfusb.sys
0x9E418000 \SystemRoot\system32\DRIVERS\tosrfbd.sys
0x9E405000 \SystemRoot\system32\DRIVERS\Tosrfhid.sys
0xA4FBD000 \SystemRoot\System32\Drivers\tosrfbnp.sys
0xB252C000 \SystemRoot\system32\DRIVERS\tosrfnds.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 54):
0 System Idle Process
4 System
876 C:\WINDOWS\system32\smss.exe
1224 csrss.exe
1256 C:\WINDOWS\system32\winlogon.exe
1304 C:\WINDOWS\system32\services.exe
1316 C:\WINDOWS\system32\lsass.exe
1508 C:\WINDOWS\system32\nvsvc32.exe
1536 C:\WINDOWS\system32\svchost.exe
1592 svchost.exe
1740 C:\WINDOWS\system32\svchost.exe
1916 svchost.exe
216 svchost.exe
508 C:\WINDOWS\system32\WLTRYSVC.EXE
544 C:\WINDOWS\system32\BCMWLTRY.EXE
588 C:\WINDOWS\system32\spoolsv.exe
804 scardsvr.exe
456 C:\WINDOWS\explorer.exe
1060 C:\Programmi\Avira\AntiVir Desktop\sched.exe
1128 C:\Programmi\Avira\AntiVir Desktop\avguard.exe
1552 svchost.exe
1984 C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
1992 C:\WINDOWS\system32\WLTRAY.EXE
2000 C:\Programmi\SigmaTel\C-Major Audio\WDM\stsystra.exe
2008 C:\Programmi\Dell\QuickSet\quickset.exe
2024 C:\WINDOWS\system32\rundll32.exe
2036 C:\WINDOWS\system32\rundll32.exe
180 C:\Programmi\iTunes\iTunesHelper.exe
292 C:\WINDOWS\system32\ctfmon.exe
388 C:\Programmi\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
3756 C:\Programmi\Apache Software Foundation\Apache2.2\bin\httpd.exe
2148 C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2284 C:\Programmi\Bonjour\mDNSResponder.exe
2528 C:\Programmi\LogMeIn Hamachi\hamachi-2.exe
2652 C:\Programmi\Java\jre6\bin\jqs.exe
2876 C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
3000 C:\Programmi\MySQL\MySQL Server 5.1\bin\mysqld.exe
3132 C:\Programmi\Dell\QuickSet\NicConfigSvc.exe
3364 C:\Programmi\Apache Software Foundation\Apache2.2\bin\httpd.exe
2680 C:\Programmi\SmartSVN 6\bin\statuscached.exe
2736 C:\WINDOWS\system32\svchost.exe
2648 C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
2856 wdfmgr.exe
1940 wmiprvse.exe
3784 WPFFontCache_v0400.exe
4076 C:\Programmi\iPod\bin\iPodService.exe
1308 C:\WINDOWS\system32\wbem\wmiapsrv.exe
2960 alg.exe
3036 C:\WINDOWS\system32\svchost.exe
1868 C:\Programmi\Mozilla Firefox\firefox.exe
624 C:\Programmi\Mozilla Firefox\plugin-container.exe
1100 C:\WINDOWS\Temp\nvbk\setup.exe
528 C:\Programmi\VideoLAN\VLC\vlc.exe
2308 D:\Documenti\Download\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06dd1c00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000e`ace6dc00 (NTFS)

PhysicalDrive0 Model Number: ST9250421ASG, Rev: DEA2

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 503FD2CC6F3632B90CEC9C763A09B1AF1755FCD5

Done!

**broni** · 05-06-2011

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

**oi_fabs** · 05-06-2011

Hi There,

I didn't follow your instructions yet. I switched off my computer yesterday, today I switched it back on and this is what happens:

- even though I'm not pressing anything I always need to decide in what mode I want to run windows
- with normal and secure mode I always get a blue error screen
- finally I tried running "last configuration (sure to work)" (sorry I'm translating fro Italian)

Now my computer is on, but not sure why that happened to me and if I should continue with your instructions or not.

**broni** · 05-06-2011

Absolutely. You're infected with a rootkit.

**oi_fabs** · 05-06-2011

here's my tdss log:

2011/06/05 17:43:17.0109 5632 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/05 17:43:17.0265 5632 ================================================== ==============================
2011/06/05 17:43:17.0265 5632 SystemInfo:
2011/06/05 17:43:17.0265 5632
2011/06/05 17:43:17.0265 5632 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/05 17:43:17.0265 5632 Product type: Workstation
2011/06/05 17:43:17.0265 5632 ComputerName: FABIO
2011/06/05 17:43:17.0265 5632 UserName: Fabio Rossi
2011/06/05 17:43:17.0265 5632 Windows directory: C:\WINDOWS
2011/06/05 17:43:17.0265 5632 System windows directory: C:\WINDOWS
2011/06/05 17:43:17.0265 5632 Processor architecture: Intel x86
2011/06/05 17:43:17.0265 5632 Number of processors: 2
2011/06/05 17:43:17.0265 5632 Page size: 0x1000
2011/06/05 17:43:17.0265 5632 Boot type: Normal boot
2011/06/05 17:43:17.0265 5632 ================================================== ==============================
2011/06/05 17:43:18.0468 5632 Initialize success
2011/06/05 17:43:38.0937 5664 ================================================== ==============================
2011/06/05 17:43:38.0937 5664 Scan started
2011/06/05 17:43:38.0937 5664 Mode: Manual;
2011/06/05 17:43:38.0937 5664 ================================================== ==============================
2011/06/05 17:43:39.0546 5664 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/05 17:43:39.0578 5664 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/05 17:43:39.0609 5664 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/05 17:43:39.0671 5664 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/05 17:43:39.0750 5664 akshasp (d5987b854a62867d399a3d3d744547e5) C:\WINDOWS\system32\DRIVERS\akshasp.sys
2011/06/05 17:43:39.0796 5664 aksusb (25c07de96a774622001935e36693c9c2) C:\WINDOWS\system32\DRIVERS\aksusb.sys
2011/06/05 17:43:39.0859 5664 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/06/05 17:43:39.0921 5664 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/05 17:43:39.0984 5664 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/05 17:43:40.0031 5664 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/05 17:43:40.0062 5664 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/05 17:43:40.0093 5664 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/05 17:43:40.0187 5664 avgio (594d25ef73f381fd508b8ee04883f90f) C:\Programmi\Avira\AntiVir Desktop\avgio.sys
2011/06/05 17:43:40.0203 5664 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/06/05 17:43:40.0218 5664 avipbb (33e08f43071e4a4ff6fcfb6758f85a27) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/06/05 17:43:40.0265 5664 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/06/05 17:43:40.0296 5664 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/06/05 17:43:40.0312 5664 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/05 17:43:40.0421 5664 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/05 17:43:40.0453 5664 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/05 17:43:40.0484 5664 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/05 17:43:40.0515 5664 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/05 17:43:40.0515 5664 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/05 17:43:40.0562 5664 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/06/05 17:43:40.0609 5664 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/05 17:43:40.0640 5664 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/05 17:43:40.0718 5664 CSRBC (8e1945984e147562f9f08e1d344a69cc) C:\WINDOWS\system32\Drivers\csrbcxp.sys
2011/06/05 17:43:40.0765 5664 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/05 17:43:40.0796 5664 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/05 17:43:40.0843 5664 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/05 17:43:40.0859 5664 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/05 17:43:40.0890 5664 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/05 17:43:40.0937 5664 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/05 17:43:40.0968 5664 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/05 17:43:40.0984 5664 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/05 17:43:41.0031 5664 FilterService (d59274041bbdbfbecd05b92c0c28b51f) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/06/05 17:43:41.0062 5664 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/05 17:43:41.0078 5664 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/05 17:43:41.0109 5664 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/05 17:43:41.0125 5664 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/05 17:43:41.0140 5664 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/05 17:43:41.0156 5664 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/05 17:43:41.0187 5664 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/05 17:43:41.0218 5664 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys
2011/06/05 17:43:41.0250 5664 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/06/05 17:43:41.0312 5664 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys
2011/06/05 17:43:41.0359 5664 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/05 17:43:41.0375 5664 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/05 17:43:41.0421 5664 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/06/05 17:43:41.0453 5664 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/06/05 17:43:41.0546 5664 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/05 17:43:41.0593 5664 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/05 17:43:41.0609 5664 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/05 17:43:41.0656 5664 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/05 17:43:41.0671 5664 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/05 17:43:41.0718 5664 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/05 17:43:41.0750 5664 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/05 17:43:41.0765 5664 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/05 17:43:41.0796 5664 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/05 17:43:41.0812 5664 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/05 17:43:41.0828 5664 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/05 17:43:41.0859 5664 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/05 17:43:41.0921 5664 kbdhid (4c61c226bdda2ef1672b2c5f4e56625e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/05 17:43:41.0937 5664 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/05 17:43:41.0968 5664 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/05 17:43:42.0031 5664 lvpopflt (cbf0bf6af73a704211bbb52efacaa8a0) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2011/06/05 17:43:42.0062 5664 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/06/05 17:43:42.0109 5664 LVRS (6917b407dbec11b3a078abfc2ec2ac7c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/06/05 17:43:42.0250 5664 LVUVC (44876e70e07e9a653bbe423dbfa35a1a) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/06/05 17:43:42.0421 5664 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2011/06/05 17:43:42.0453 5664 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/05 17:43:42.0484 5664 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/05 17:43:42.0500 5664 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/05 17:43:42.0500 5664 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/05 17:43:42.0531 5664 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/05 17:43:42.0546 5664 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/05 17:43:42.0843 5664 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/05 17:43:42.0859 5664 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/05 17:43:42.0921 5664 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/05 17:43:42.0937 5664 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/05 17:43:42.0968 5664 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/05 17:43:42.0984 5664 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/05 17:43:43.0015 5664 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/05 17:43:43.0046 5664 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/05 17:43:43.0062 5664 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/05 17:43:43.0109 5664 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/05 17:43:43.0125 5664 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/05 17:43:43.0140 5664 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/05 17:43:43.0171 5664 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/05 17:43:43.0187 5664 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/05 17:43:43.0187 5664 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/05 17:43:43.0218 5664 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/05 17:43:43.0234 5664 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/05 17:43:43.0250 5664 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/05 17:43:43.0296 5664 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/05 17:43:43.0312 5664 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/05 17:43:43.0328 5664 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/05 17:43:43.0375 5664 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/05 17:43:43.0562 5664 nv (7c84d59e7092f57474921c2946250b52) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/05 17:43:43.0812 5664 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/05 17:43:43.0843 5664 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/05 17:43:43.0875 5664 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/05 17:43:43.0906 5664 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/05 17:43:43.0921 5664 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/05 17:43:43.0937 5664 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/05 17:43:43.0953 5664 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/05 17:43:43.0984 5664 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/05 17:43:44.0015 5664 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/05 17:43:44.0140 5664 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/05 17:43:44.0156 5664 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/05 17:43:44.0187 5664 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/05 17:43:44.0203 5664 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/05 17:43:44.0281 5664 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/05 17:43:44.0296 5664 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/05 17:43:44.0359 5664 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/05 17:43:44.0390 5664 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/05 17:43:44.0671 5664 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/05 17:43:44.0687 5664 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/05 17:43:44.0765 5664 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/05 17:43:44.0796 5664 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/05 17:43:44.0828 5664 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/05 17:43:44.0859 5664 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/06/05 17:43:44.0875 5664 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/06/05 17:43:44.0906 5664 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/06/05 17:43:44.0921 5664 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/06/05 17:43:44.0937 5664 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/06/05 17:43:44.0953 5664 ROCKEYNT (7b9921a14be8d230148b87322cf1917a) C:\WINDOWS\system32\DRIVERS\Rockey4.sys
2011/06/05 17:43:44.0984 5664 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/06/05 17:43:45.0046 5664 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/06/05 17:43:45.0078 5664 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/05 17:43:45.0109 5664 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/05 17:43:45.0140 5664 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/06/05 17:43:45.0156 5664 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/06/05 17:43:45.0171 5664 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/05 17:43:45.0218 5664 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/05 17:43:45.0250 5664 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/05 17:43:45.0265 5664 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/05 17:43:45.0296 5664 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/05 17:43:45.0312 5664 ssmdrv (7b69466075b4da427c5ecd10e1eab72a) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/06/05 17:43:45.0359 5664 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2011/06/05 17:43:45.0390 5664 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/05 17:43:45.0406 5664 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/05 17:43:45.0421 5664 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/05 17:43:45.0500 5664 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/05 17:43:45.0531 5664 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/05 17:43:45.0578 5664 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/05 17:43:45.0609 5664 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/05 17:43:45.0625 5664 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/05 17:43:45.0656 5664 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
2011/06/05 17:43:45.0687 5664 tosrfbd (399c5e4db7bdd5a83a7d26c96389b85a) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
2011/06/05 17:43:45.0718 5664 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
2011/06/05 17:43:45.0734 5664 Tosrfcom (e90ace3b4fa7a85f992bc21eb779c407) C:\WINDOWS\system32\Drivers\tosrfcom.sys
2011/06/05 17:43:45.0765 5664 Tosrfhid (efc95c0dc6f96b228f58319776006548) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
2011/06/05 17:43:45.0781 5664 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
2011/06/05 17:43:45.0812 5664 TosRfSnd (156d63f6898e4d95f2962f2b72862868) C:\WINDOWS\system32\drivers\tosrfsnd.sys
2011/06/05 17:43:45.0859 5664 Tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
2011/06/05 17:43:45.0875 5664 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/05 17:43:46.0140 5664 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/05 17:43:46.0406 5664 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/05 17:43:46.0437 5664 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/05 17:43:46.0484 5664 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/05 17:43:46.0500 5664 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/05 17:43:46.0531 5664 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/05 17:43:46.0562 5664 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/05 17:43:46.0578 5664 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/05 17:43:46.0609 5664 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/05 17:43:46.0640 5664 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/05 17:43:46.0671 5664 V0090VID (58567a3e213209fc5d787d1f42941a06) C:\WINDOWS\system32\DRIVERS\V0090Vid.sys
2011/06/05 17:43:46.0687 5664 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/05 17:43:46.0734 5664 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/05 17:43:46.0750 5664 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/05 17:43:46.0781 5664 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/05 17:43:46.0828 5664 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/06/05 17:43:46.0890 5664 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/06/05 17:43:46.0921 5664 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/06/05 17:43:46.0968 5664 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/05 17:43:46.0984 5664 MBR (0x1B8) (cbccd2cccc2efc8ec98c0ebff4bbc0e6) \Device\Harddisk0\DR0
2011/06/05 17:43:47.0000 5664 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/05 17:43:47.0000 5664 ================================================== ==============================
2011/06/05 17:43:47.0000 5664 Scan finished
2011/06/05 17:43:47.0000 5664 ================================================== ==============================
2011/06/05 17:43:47.0015 4176 Detected object count: 1
2011/06/05 17:43:47.0015 4176 Actual detected object count: 1
2011/06/05 17:43:53.0109 4176 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/05 17:43:53.0109 4176 \Device\Harddisk0\DR0 - ok
2011/06/05 17:43:53.0109 4176 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/05 17:44:02.0062 5208 Deinitialize success

By the way thank you very very much, this is a great service!

**broni** · 05-06-2011

You're welcome

How is redirection now?

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.
Click the Report tab, then click Scan.
Check Drivers, Stealth, and uncheck the rest.
Click OK.
Wait until it's finished and then go to File > Save Report.
Save the report to your Desktop.
Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

**oi_fabs** · 05-06-2011

ok, here's the report:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB6EB5000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10260480 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 197.16 )
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 6447104 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 197.16 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2158592 bytes (Microsoft Corporation, Sistema e kernel NT)
0x804D7000 PnpManager 2158592 bytes
0x804D7000 RAW 2158592 bytes
0x804D7000 WMIxWDM 2158592 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Driver Win32 multiutente)
0xB59C4000 C:\WINDOWS\system32\drivers\sthda.sys 1171456 bytes (SigmaTel, Inc., NDRC)
0xB587A000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB57C7000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB2C05000 C:\WINDOWS\system32\drivers\hardlock.sys 688128 bytes (Aladdin Knowledge Systems Ltd., Hardlock Device Driver for Windows NT)
0xB6DC1000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 606208 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xB7E43000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB5608000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB6B87000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB5713000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB2AC1000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB6D1D000 C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0xBD638000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB142F000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB596C000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xB6C02000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB7F79000 ACPI.sys 188416 bytes (Microsoft Corporation, Driver ACPI per NT)
0xB3CAE000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB7E16000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB6D96000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 176128 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0xB0B55000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB5678000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB6E55000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB56EB000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB56C5000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB2BE1000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB59A0000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB6E7D000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB6CFA000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB56A3000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB5503000 C:\WINDOWS\system32\DRIVERS\tosrfbd.sys 135168 bytes (TOSHIBA CORPORATION, Bluetooth RF Bus Driver)
0x806E6000 ACPI_HAL 134400 bytes
0x806E6000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7EF9000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, Driver FT del disco)
0xB6BE5000 C:\WINDOWS\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0xB554C000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 114688 bytes (Avira GmbH, Avira Driver for RootKit Detection)
0xB7DFC000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7F31000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB544F000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB7F19000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB7ED0000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB6CE3000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB3C49000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB3FFB000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 81920 bytes (Avira GmbH, Avira Minifilter Driver)
0xB6D6E000 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0xB6D82000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB6EA1000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB576C000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB548F000 C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys 77824 bytes (TOSHIBA Corporation., Bluetooth HID Driver from TOSHIBA)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7EE7000 sr.sys 73728 bytes (Microsoft Corporation, Driver filtro file system Ripristino configurazione di sistema)
0xB7F68000 pci.sys 69632 bytes (Microsoft Corporation, Enumeratore PCI Plug and Play per NT)
0xB6CD2000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB54CA000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xB37E3000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB8178000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB8138000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xB80B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB82B8000 C:\WINDOWS\System32\Drivers\oz776.sys 65536 bytes (O2Micro, O2Micro USB CCID SmartCard Reader)
0xB8198000 C:\WINDOWS\System32\Drivers\tosrfcom.sys 65536 bytes (TOSHIBA Corporation, Bluetooth RFCOMM Driver)
0xB8288000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB8248000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB8188000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Driver del filtro audio Redbook)
0xB8148000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0xB3D93000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB8238000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB80C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xB80E8000 VolSnap.sys 57344 bytes (Microsoft Corporation, Driver copia replicata del volume)
0xB8108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB8158000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, Driver della porta i8042)
0xB81A8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB81C8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB8298000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB8168000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xB80D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB81B8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB8208000 C:\WINDOWS\system32\DRIVERS\tosporte.sys 45056 bytes (TOSHIBA Corporation, TOSHIBA Bluetooth Port Emulation Driver)
0xB82D8000 C:\WINDOWS\system32\DRIVERS\tosrfusb.sys 45056 bytes (TOSHIBA CORPORATION, Bluetooth USB Miniport Driver)
0xB8318000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Driver di periferica processore)
0xB80A8000 isapnp.sys 40960 bytes (Microsoft Corporation, Driver bus PNP ISA)
0xB8218000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB81E8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB0A25000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xB80F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB81D8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB8278000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB8118000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB82F8000 C:\WINDOWS\System32\Drivers\tosrfbnp.sys 36864 bytes (TOSHIBA Corporation, Bluetooth RFBNEP Driver)
0xB8268000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB8338000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xB8488000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Driver del modem)
0xB83B8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB8468000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB83A0000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB8478000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Driver classe tastiera)
0xB8328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB84B0000 C:\WINDOWS\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0xB8480000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB8470000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Driver Mouse Class)
0xB8348000 C:\WINDOWS\system32\DRIVERS\Rockey4.sys 24576 bytes (Feitian Technologies Co., Ltd., Rockey Device Driver)
0xB83C0000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xB8460000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xB83A8000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB84A8000 C:\WINDOWS\system32\DRIVERS\hamachi.sys 20480 bytes (LogMeIn, Inc., Hamachi Virtual Network Interface Driver)
0xB2896000 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xB83B0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB8498000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xB84A0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xB8490000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB83C8000 C:\WINDOWS\system32\DRIVERS\tosrfnds.sys 20480 bytes (TOSHIBA Corporation., Bluetooth BNEP Driver)
0xB83D8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB8570000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver)
0xB84C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB78A2000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB2CF5000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xB8544000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB402F000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB8574000 C:\WINDOWS\System32\Drivers\SMCLIB.SYS 16384 bytes (Microsoft Corporation, Smard Card Driver Library)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB84BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB54FF000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB789A000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB6B1A000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB789E000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xB8640000 C:\Programmi\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xB8634000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB8652000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xB8632000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB8636000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB8638000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB85FC000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xB85FE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB8618000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB86CE000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB873B000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xB8776000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Driver bus PCI IDE generico)
==============================================
>Stealth
==============================================

**broni** · 05-06-2011

Looks good

You didn't say:

How is redirection now?

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

google links redirected and other problems

google links redirected and other problems

Similar Threads

Links from Google being redirected

Google Links Being Redirected

Google Links Redirected

Google links being redirected.

Google links are being redirected