think it was think point...

[B_in Ohio]

C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/13 10:19:22.0890   kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/13 10:19:22.0937   KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/13 10:19:23.0093   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/13 10:19:23.0171   Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/13 10:19:23.0203   Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/13 10:19:23.0265   mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/13 10:19:23.0328   MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/13 10:19:23.0437   MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/13 10:19:23.0546   MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/13 10:19:23.0656   Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/13 10:19:23.0765   MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/13 10:19:23.0796   MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/13 10:19:23.0828   MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/13 10:19:23.0906   mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/13 10:19:23.0984   MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/11/13 10:19:24.0015   Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/13 10:19:24.0078   NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/11/13 10:19:24.0140   NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/13 10:19:24.0203   NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/11/13 10:19:24.0265   NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/13 10:19:24.0312   Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/13 10:19:24.0359   NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/13 10:19:24.0406   NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/13 10:19:24.0468   NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/13 10:19:24.0515   NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/13 10:19:24.0609   NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/13 10:19:24.0671   Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/13 10:19:24.0750   Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/13 10:19:24.0890   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/13 10:19:24.0953   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/13 10:19:25.0000   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/13 10:19:25.0046   ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/13 10:19:25.0140   Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/13 10:19:25.0171   PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/13 10:19:25.0265   ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/13 10:19:25.0312   PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/13 10:19:25.0375   PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/13 10:19:25.0437   Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/11/13 10:19:25.0515   pcouffin        (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/11/13 10:19:25.0921   PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/13 10:19:25.0968   PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/13 10:19:26.0031   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/13 10:19:26.0359   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/13 10:19:26.0421   Rasirda         (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/11/13 10:19:26.0468   Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/13 10:19:26.0562   RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/13 10:19:26.0656   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/13 10:19:26.0750   Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

[B_in Ohio]

2010/11/13 10:19:26.0781   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/13 10:19:26.0890   RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/13 10:19:27.0000   redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/13 10:19:27.0218   SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/11/13 10:19:27.0265   SASKUTIL        (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/11/13 10:19:27.0484   Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/13 10:19:27.0609   serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/13 10:19:27.0687   Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/13 10:19:27.0828   SFAUDIO         (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
2010/11/13 10:19:27.0875   Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/13 10:19:28.0125   SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/11/13 10:19:28.0203   SMCIRDA         (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2010/11/13 10:19:28.0390   SNP2UVC         (50660e6b082a7bf86751a003c3bb5210) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2010/11/13 10:19:28.0562   splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/13 10:19:28.0703   sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/13 10:19:28.0875   Srv             (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/13 10:19:29.0031   streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/11/13 10:19:29.0109   swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/13 10:19:29.0296   swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/13 10:19:29.0609   SynTP           (f08667f79bbd339547f477c75c3ed0b9) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/11/13 10:19:29.0734   sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/13 10:19:29.0890   Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/13 10:19:29.0968   TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/13 10:19:30.0062   TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/13 10:19:30.0125   TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/13 10:19:30.0375   Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/13 10:19:30.0531   Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/13 10:19:30.0765   usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/11/13 10:19:30.0875   usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/13 10:19:30.0984   usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/13 10:19:31.0031   usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/13 10:19:31.0125   USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/13 10:19:31.0250   usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/13 10:19:31.0359   VClone          (1cdaa48cb2f7744b8d25650e050766a5) C:\WINDOWS\system32\DRIVERS\VClone.sys
2010/11/13 10:19:31.0421   VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/13 10:19:31.0531   ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/13 10:19:31.0625   VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/13 10:19:31.0796   Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/13 10:19:31.0937   Wdf01000        (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/11/13 10:19:32.0062   wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/13 10:19:32.0218   WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/11/13 10:19:32.0390   WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/11/13 10:19:32.0515   WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/13 10:19:32.0625   WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/13 10:19:32.0796   yukonwxp        (d57a909f1a9114d5d18a2eacb1afecd5) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2010/11/13 10:19:32.0953   \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/13 10:19:32.0953   ================================================================================
2010/11/13 10:19:32.0953   Scan finished
2010/11/13 10:19:32.0968   ================================================================================
2010/11/13 10:19:33.0000   Detected object count: 1
2010/11/13 10:20:13.0171   \HardDisk0 - will be cured after reboot
2010/11/13 10:20:13.0171   Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/11/13 10:20:31.0968   Deinitialize success

sorry had to split log. it was over maximum....

[Asyn]

sorry had to split log. it was over maximum....

Why didn't you attach it..??

[B_in Ohio]

i dunno...
i'm new and frustrated with this whole thing...up half the night, can't see etc etc...

[Mr.Agent]

As i see the rootkit should be cure after reboot. So now reboot and tell us the new with another scan attach log. To see if the rootkit is there again.

[Asyn]

i dunno...
i'm new and frustrated with this whole thing...up half the night, can't see etc etc...

No problem..! And don't worry, essexboy will clean your machine...!!
Have a nice weekend,
asyn

[Mr.Agent]

Well Asyn as i see TDSKiller did detect a rootkit for him. So he must reboot like Essex said.

[B_in Ohio]

reboot has been done.  twice...one hung up and then a good reboot....

had some browsers open and did not get the redirect....

but here is the log....

tell me what you see...(fingers crossed)

[essexboy]

Looks to have gone - run a full scan with MBAM now and post the report it generates, plus any problems you are still experiencing

[B_in Ohio]

will do.  you know i have had lots of luck with mbam...but i wonder why this time mbam needed all the help of the other programs? is that due to i am on free mbam or the virus was too far installed?  anyway i will get it running...

[essexboy]

Some malware requires multiple runs with different programmes to totally remove it - one that does them all would need to updated by the minute and rather large

[B_in Ohio]

ok...here is the report...Also, no known problems as of yet, (nothing like it was before with the redirects); 

[B_in Ohio]

Still so far so good, but you know it has brought another question up for me to ask all of you experts...am I running to much or to little for protection programs...?  I know this one probably started from clicking the wrong thing on a social network site, and we won't be doing that again..but anyway we are running: avast (live), and the free on demand (they are only running when I open them i presume) programs are MBAM, ccleaner, tdss killer, hosts man, superantispyware and hitmanpro 3.5., defogger.  They seem to be interacting ok, and I do not see any negative interactions at this point. 
     Should i be putting zonealarm or sandboxie on this mini laptop as well?  Too much here??  Overwhelmed with overkill? probably.
Thanks all.

[Omid Farhang]

Still so far so good, but you know it has brought another question up for me to ask all of you experts...am I running to much or to little for protection programs...?  I know this one probably started from clicking the wrong thing on a social network site, and we won't be doing that again..but anyway we are running: avast (live), and the free on demand (they are only running when I open them i presume) programs are MBAM, ccleaner, tdss killer, hosts man, superantispyware and hitmanpro 3.5., defogger.  They seem to be interacting ok, and I do not see any negative interactions at this point. 
     Should i be putting zonealarm or sandboxie on this mini laptop as well?  Too much here??  Overwhelmed with overkill? probably.
Thanks all.

No, ZoneAlarm is not good like before, but if you like to use a Firewall, you can try Outpost Free or pay for that and buy outpost firewall pro.

[SafeSurf]

Your MBAM log is clean, but Essexboy will continue working with you when he returns to the forum as some tools he uses he also may need to remove from your machine and clean things up.  He will also instruct you on "How you got infected" in the first place. 

Once everything is cleared up, we can address your issue of how much and what software is needed.  It is true that you do not want to have too much to conflict and overkill, but you can also layer your software for defense.  Since you now have over 20 posts, can you enter your Signature so others can assist you with this.  Please go to PROFILE on the top of the main forum page > Modify Profile > Forum Profile Information > Signature.   Enter information about your system like the Operating System (OS), RAM, browser, security software, what version and product of Avast and firewall you use and other items you wish to mention.  See my signature or others as an example.

As for a firewall, there are several that are compatible with Avast that you can do a search on the forum.  Some that have worked well are Online_Armor (free and Premium), Outp0st (free or paid).  We have recently noted problems (on their end) with PC_Tools; and have noted problems with Ashamp0o, and some have had problems with ZA.  I would suggest doing a trial for a month after everything is fixed on your machine to see if a software is compatible with your other software prior to buying anything.  But before doing any of that, we need to continue fixing your malware problem first.