Jump to content

zanepro

Honorary Members
  • Posts

    33
  • Joined

  • Last visited

Reputation

0 Neutral
  1. no malacious items on all 4 computers. I'm pretty sure the redirect issue is gone too but I'll know for sure after sometime online. thanks a lot for your help!
  2. DOH! That worked! I updated malwarebytes on all computers and running scan now. Thanks! I guess my lack of knowledge made this process a lot longer no malacious items detected on desktop1
  3. the modem is a motorola then the computers are hooked up to a Belkin wireless. I have been resetting the modem with a toothpick, when the lights all blink I let it reload. I did not flush DNS this last time only reset. Here is the process in case I did something wrong 1) I shut down the power to the wireless router 2) disconnect the modem from the wireless 3) reset modem 4) plug everything back in
  4. also at the bottom of the browser when stuff is loading I always see "google-analytics" sometimes it has "redirect:" before it.
  5. malwarebytes still won't update. I'm getting redirected to this address: http://95.79.53:11066/index.html?u=141&t=1 It brings a popup that reads "your computer is infected download this .............yes or no" I went into options-cookies and deleted the cookie with that IP for now (only on my computer "desktop1"). I know not to click yes or no so I ctrl+alt+del and shut down firefox instead. The other problem is still there a new window opens into sites like www.worldslife.com.
  6. OK I did the last instructions, should I follow through with the fxmbr or did that boot disk already do it?
  7. The recovery counsel won't boot, I got it a couple times but after the bar fills upon the bottom it freezes.
  8. ComboFix 10-09-21.03 - Owner 09/22/2010 10:56:46.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.512.324 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((( Files Created from 2010-08-22 to 2010-09-22 ))))))))))))))))))))))))))))))) . 2010-09-17 03:36 . 2010-09-17 03:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM 2010-09-17 03:36 . 2010-09-17 03:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-09-17 03:19 . 2010-09-17 03:19 -------- d-----w- C:\TDSSKiller_Quarantine 2010-09-17 01:10 . 2010-09-17 01:10 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com 2010-09-17 01:10 . 2010-09-17 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-09-17 01:10 . 2010-09-17 01:11 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-09-16 01:43 . 2010-09-16 01:43 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-09-01 23:39 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-01 23:39 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-01 23:30 . 2010-09-01 23:30 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE 2010-09-01 18:25 . 2010-09-01 18:30 -------- dc-h--w- c:\windows\ie8 2010-09-01 16:26 . 2010-09-16 23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-09-01 14:04 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr 2010-09-01 14:04 . 2010-09-01 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-22 14:57 . 2009-05-02 00:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype 2010-09-22 14:20 . 2009-05-02 00:14 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM 2010-09-22 11:41 . 2007-07-28 00:04 1744 ----a-w- c:\windows\system32\d3d9caps.dat 2010-09-22 11:40 . 2007-04-05 02:39 -------- d-----w- c:\program files\PokerStars 2010-09-17 02:08 . 2010-09-17 01:11 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-09-17 02:08 . 2010-09-17 01:11 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-09-17 01:11 . 2010-09-17 01:11 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-09-07 15:11 . 2008-10-21 17:35 167592 ----a-w- c:\windows\system32\aswBoot.exe 2010-09-07 14:52 . 2008-10-21 17:36 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2010-09-07 14:52 . 2008-10-21 17:36 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2010-09-07 14:47 . 2008-10-21 17:36 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2010-09-07 14:47 . 2008-10-21 17:36 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2010-09-07 14:47 . 2008-10-21 17:36 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys 2010-09-07 14:47 . 2008-10-21 17:36 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2010-09-07 14:46 . 2008-10-21 17:36 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2010-09-01 20:45 . 2009-03-18 02:47 -------- d-----w- c:\program files\mIRC 2010-09-01 14:07 . 2008-10-21 17:35 -------- d-----w- c:\program files\Alwil Software 2010-08-25 05:46 . 2007-11-21 14:27 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeUM 2010-08-17 03:44 . 2007-04-03 03:16 -------- d-----w- c:\program files\PartyGaming 2010-08-05 08:55 . 2010-08-05 08:55 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4c8636d7-n\msvcp71.dll 2010-08-05 08:55 . 2010-08-05 08:55 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4c8636d7-n\jmc.dll 2010-08-05 08:55 . 2010-08-05 08:55 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4c8636d7-n\msvcr71.dll 2010-08-05 08:55 . 2010-08-05 08:55 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-35d7366f-n\decora-sse.dll 2010-08-05 08:55 . 2010-08-05 08:55 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-35d7366f-n\decora-d3d.dll 2010-07-28 02:04 . 2009-05-02 00:09 -------- d-----r- c:\program files\Skype 2010-07-28 02:04 . 2010-07-28 02:04 -------- d-----w- c:\program files\Common Files\Skype 2010-07-28 02:04 . 2009-05-02 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-07-01 15:12 . 2010-05-28 15:10 439816 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\setup.exe 2007-04-03 15:12 . 2007-04-03 15:12 777 ----a-w- c:\program files\Shortcut to wordpad.lnk 2001-12-15 02:56 . 2001-12-15 02:56 17408 --sha-w- c:\program files\Thumbs.db . ((((((((((((((((((((((((((((( SnapShot@2010-09-21_21.44.50 ))))))))))))))))))))))))))))))))))))))))) . + 2010-09-22 15:54 . 2010-09-22 15:54 16384 c:\windows\Temp\Perflib_Perfdata_6e4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-04 68856] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-10 2424560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="NvQTwk" [X] "StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864] "TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-04-01 155648] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-30 198160] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912] c:\documents and settings\All Users\Start Menu\Programs\Startup\ VAIO Action Setup (Server).lnk - c:\program files\Sony\VAIO Action Setup\VAServ.exe [2001-12-19 40960] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "RequireSignedAppInit_DLLs"=1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/21/2008 12:36 PM 165584] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/21/2008 12:36 PM 17744] R2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\drivers\SonyFKC.sys [12/14/2001 3:53 PM 12032] S2 gupdate1ca14a1220597bb;Google Update Service (gupdate1ca14a1220597bb);c:\program files\Google\Update\GoogleUpdate.exe [8/3/2009 8:15 PM 133104] S3 BCM42XX;Broadcom iLine10 Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [12/14/2001 7:55 PM 54271] S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [5/1/2009 6:53 PM 31872] S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [12/14/2001 2:26 PM 593000] . Contents of the 'Scheduled Tasks' folder 2010-09-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] 2010-09-22 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-16 01:13] 2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 01:15] 2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-04 01:15] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com mSearchURL = hxxp://www.google.com/ DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5gz1rcuf.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: network.proxy.type - 0 FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-22 11:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82F13C76]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf8719fc3 \Driver\ACPI -> ACPI.sys @ 0xf866ccb8 \Driver\atapi -> atapi.sys @ 0xf86247b4 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094 ParseProcedure -> ntoskrnl.exe @ 0x8056f08e \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0094 ParseProcedure -> ntoskrnl.exe @ 0x8056f08e NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf8531bc3 PacketIndicateHandler -> NDIS.sys @ 0xf853db21 SendHandler -> NDIS.sys @ 0xf8531d33 user & kernel MBR OK ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(544) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . Completion time: 2010-09-22 11:18:54 ComboFix-quarantined-files.txt 2010-09-22 16:18 ComboFix2.txt 2010-09-21 21:55 ComboFix3.txt 2010-09-21 03:03 Pre-Run: 4,430,344,192 bytes free Post-Run: 4,533,260,288 bytes free - - End Of File - - 1F2BFD725FB51AEAE07E073EA7CA1771
  9. right when I posted that some ativirus2010 crap tried to hit me but I closed the browser instead of clicking "yes or no" I hope nothing got through.
  10. Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK
  11. attached are both reports, pasted here is the TDSS killer report 2010/09/22 09:16:26.0781 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44 2010/09/22 09:16:26.0781 ================================================================================ 2010/09/22 09:16:26.0781 SystemInfo: 2010/09/22 09:16:26.0781 2010/09/22 09:16:26.0796 OS Version: 5.1.2600 ServicePack: 2.0 2010/09/22 09:16:26.0796 Product type: Workstation 2010/09/22 09:16:26.0796 ComputerName: LEO 2010/09/22 09:16:26.0796 UserName: Owner 2010/09/22 09:16:26.0796 Windows directory: C:\WINDOWS 2010/09/22 09:16:26.0796 System windows directory: C:\WINDOWS 2010/09/22 09:16:26.0796 Processor architecture: Intel x86 2010/09/22 09:16:26.0796 Number of processors: 1 2010/09/22 09:16:26.0796 Page size: 0x1000 2010/09/22 09:16:26.0796 Boot type: Normal boot 2010/09/22 09:16:26.0796 ================================================================================ 2010/09/22 09:16:27.0437 Initialize success 2010/09/22 09:16:31.0218 ================================================================================ 2010/09/22 09:16:31.0218 Scan started 2010/09/22 09:16:31.0218 Mode: Manual; 2010/09/22 09:16:31.0218 ================================================================================ 2010/09/22 09:16:33.0265 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys 2010/09/22 09:16:33.0593 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/09/22 09:16:33.0812 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/09/22 09:16:34.0031 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 2010/09/22 09:16:34.0500 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys 2010/09/22 09:16:34.0968 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys 2010/09/22 09:16:35.0468 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/09/22 09:16:35.0828 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys 2010/09/22 09:16:35.0984 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys 2010/09/22 09:16:36.0156 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys 2010/09/22 09:16:36.0343 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys 2010/09/22 09:16:36.0578 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys 2010/09/22 09:16:36.0734 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/09/22 09:16:36.0906 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/09/22 09:16:37.0218 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/09/22 09:16:37.0390 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/09/22 09:16:37.0578 BCM42XX (5ff4a1e41df9f1e328c955caa12cd3b0) C:\WINDOWS\system32\DRIVERS\bcm42xx5.sys 2010/09/22 09:16:37.0750 BCMModem (2d39d498108c4810ef8cc1103a2a5b73) C:\WINDOWS\system32\DRIVERS\BCMDM.sys 2010/09/22 09:16:37.0953 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/09/22 09:16:38.0484 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/09/22 09:16:38.0609 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2010/09/22 09:16:38.0828 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/09/22 09:16:38.0968 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/09/22 09:16:39.0187 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/09/22 09:16:39.0953 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/09/22 09:16:40.0234 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 2010/09/22 09:16:40.0437 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys 2010/09/22 09:16:40.0578 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys 2010/09/22 09:16:40.0718 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/09/22 09:16:40.0859 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2010/09/22 09:16:41.0015 Dot4 (ad7fc1963b152b3728e3c4f83554a576) C:\WINDOWS\system32\DRIVERS\Dot4.sys 2010/09/22 09:16:41.0171 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys 2010/09/22 09:16:41.0312 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys 2010/09/22 09:16:41.0500 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/09/22 09:16:41.0656 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/09/22 09:16:41.0781 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/09/22 09:16:41.0937 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 2010/09/22 09:16:42.0078 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/09/22 09:16:42.0265 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/09/22 09:16:42.0515 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 2010/09/22 09:16:42.0656 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/09/22 09:16:42.0828 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/09/22 09:16:43.0062 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2010/09/22 09:16:43.0265 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/09/22 09:16:43.0437 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/09/22 09:16:43.0796 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/09/22 09:16:44.0140 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/09/22 09:16:44.0296 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\drivers\Imapi.sys 2010/09/22 09:16:44.0531 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/09/22 09:16:44.0828 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/09/22 09:16:44.0968 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/09/22 09:16:45.0125 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/09/22 09:16:45.0265 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/09/22 09:16:45.0484 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/09/22 09:16:45.0640 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/09/22 09:16:45.0921 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/09/22 09:16:46.0078 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/09/22 09:16:46.0250 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/09/22 09:16:46.0421 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 2010/09/22 09:16:46.0625 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/09/22 09:16:46.0906 ltmodem5 (fbbb02cdbbd8aeebcf63aa817aad3acb) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys 2010/09/22 09:16:47.0187 lusbaudio (081caf42d5db1fcf8794fd77befd1b11) C:\WINDOWS\system32\drivers\OVSound2.sys 2010/09/22 09:16:47.0343 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/09/22 09:16:47.0484 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 2010/09/22 09:16:47.0609 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 2010/09/22 09:16:47.0765 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/09/22 09:16:47.0906 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/09/22 09:16:48.0078 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/09/22 09:16:48.0328 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/09/22 09:16:48.0578 MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/09/22 09:16:48.0843 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2010/09/22 09:16:49.0015 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/09/22 09:16:49.0156 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/09/22 09:16:49.0312 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/09/22 09:16:49.0437 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/09/22 09:16:49.0562 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys 2010/09/22 09:16:49.0750 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2010/09/22 09:16:50.0046 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2010/09/22 09:16:50.0218 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2010/09/22 09:16:50.0453 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2010/09/22 09:16:50.0593 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/09/22 09:16:50.0718 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/09/22 09:16:50.0859 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/09/22 09:16:50.0968 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/09/22 09:16:51.0125 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/09/22 09:16:51.0328 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/09/22 09:16:51.0578 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/09/22 09:16:51.0718 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2010/09/22 09:16:51.0906 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/09/22 09:16:52.0109 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/09/22 09:16:52.0343 nv (93bc57e29035aa43bc536d581c317751) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2010/09/22 09:16:52.0578 nv4 (4d31783965b0b7ced7db3f4ee14cf260) C:\WINDOWS\system32\DRIVERS\nv4.sys 2010/09/22 09:16:52.0765 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/09/22 09:16:52.0890 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/09/22 09:16:53.0046 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/09/22 09:16:53.0187 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/09/22 09:16:53.0390 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/09/22 09:16:53.0562 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/09/22 09:16:53.0718 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/09/22 09:16:54.0000 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/09/22 09:16:54.0656 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/09/22 09:16:54.0796 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys 2010/09/22 09:16:54.0953 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/09/22 09:16:55.0656 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/09/22 09:16:55.0812 PxHelp20 (32d53fed802e5b06cd8cba404e416dfc) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys 2010/09/22 09:16:55.0937 QCEmerald (90849934d37133e069f31f3e9a66c9bc) C:\WINDOWS\system32\DRIVERS\OVCE.sys 2010/09/22 09:16:56.0390 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/09/22 09:16:56.0531 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/09/22 09:16:56.0687 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/09/22 09:16:56.0843 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/09/22 09:16:57.0031 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/09/22 09:16:57.0250 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/09/22 09:16:57.0406 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/09/22 09:16:57.0578 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/09/22 09:16:57.0781 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2010/09/22 09:16:57.0968 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2010/09/22 09:16:58.0109 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2010/09/22 09:16:58.0312 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/09/22 09:16:58.0453 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/09/22 09:16:58.0609 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/09/22 09:16:58.0796 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/09/22 09:16:59.0000 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2010/09/22 09:16:59.0171 SMBE (76bd4c510e1776561728616519bf876c) C:\WINDOWS\system32\Drivers\SMBE.SYS 2010/09/22 09:16:59.0375 smwdm (c1eb9c15ee63888f257ced669b9d36d4) C:\WINDOWS\system32\drivers\smwdm.sys 2010/09/22 09:16:59.0562 SonyFKC (630ca955dded41e309f5d0ad15a7a5d4) C:\WINDOWS\system32\Drivers\SonyFKC.sys 2010/09/22 09:16:59.0718 SONYWBMS (19efc51bc554a2b59b47fb12343d0949) C:\WINDOWS\system32\DRIVERS\SonyWBMS.SYS 2010/09/22 09:16:59.0953 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 2010/09/22 09:17:00.0140 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/09/22 09:17:00.0468 Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/09/22 09:17:00.0718 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2010/09/22 09:17:00.0890 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/09/22 09:17:01.0046 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2010/09/22 09:17:01.0453 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/09/22 09:17:01.0703 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/09/22 09:17:02.0031 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/09/22 09:17:02.0156 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/09/22 09:17:02.0312 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/09/22 09:17:02.0593 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2010/09/22 09:17:02.0828 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys 2010/09/22 09:17:03.0062 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/09/22 09:17:03.0187 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/09/22 09:17:03.0312 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/09/22 09:17:03.0437 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/09/22 09:17:03.0578 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2010/09/22 09:17:03.0828 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/09/22 09:17:04.0125 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/09/22 09:17:04.0328 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/09/22 09:17:04.0578 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2010/09/22 09:17:04.0734 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2010/09/22 09:17:04.0890 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/09/22 09:17:05.0031 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/09/22 09:17:05.0156 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0) 2010/09/22 09:17:05.0171 ================================================================================ 2010/09/22 09:17:05.0171 Scan finished 2010/09/22 09:17:05.0171 ================================================================================ 2010/09/22 09:17:05.0203 Detected object count: 1 2010/09/22 09:17:18.0187 \HardDisk0\MBR - will be cured after reboot 2010/09/22 09:17:18.0187 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure 2010/09/22 09:17:21.0203 Deinitialize success TDSSKiller.2.4.2.1_22.09.2010_09.16.26_log.txt MBRCheck_09.22.10_09.23.51.txt
  12. Ok here are the 3 logs from the Vaio (desktop2). logdesktop2part2.txt SystemLook.txt TDSSKiller.2.4.2.1_21.09.2010_15.57.40_log.txt
  13. Ok, I reset the modem and flushed the DNS on all 4 computers. Then reconnected and ran combofix on all computers, the logs are labeled and attached here. still not able to update malwarebytes and the redirect is still there. thanks! logdesktop1.txt logdesktop2.txt loglaptop1.txt loglaptop2.txt
  14. I have 2 desktops, both hardwired into a wireless router that is connected to the modem. Then 2 laptops, I've tried updating one of the laptops while connected to a different network but I still got the error message.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.