BleepingComputer.com: Ip address redirected

Whenever my wireless computer is abruptly shut down such as a power outage or a auto shutdown after scan, on reboot the ip address is pointed to a black hole domain (I ran a Netstat -an and a who is) instead of to my router's IP address. I have blocked the outbound port to that ip address when I discovered it was trying to export my netuser.dat file.
In order to reconnect to the net, I must do a repair which usually then points the ipconfig to the correct router address and gateway.

My computer had been hacked but now scans show no malware or virus.

After the computer was hacked it was formated but my Documents and Settings had been saved and then restored to the computer.

Do I have a leftover DLL, OCX or script that came back from the doc and settings folders?
If so how do I find and delete it.

If not can anyone explain what is happening?
Thanks
p.S. The rogue ip appears on udp port 135 which is normally the wake up call to the router and then the loopback to open the TCP ports

This post has been edited by Geneva: 26 May 2009 - 03:29 PM

bump

Do a scan with MalwareBytes Antimalware first. After scan make sure your firewall is correctly configured. Try this.

I can do a scan but infection is not the problem. The black hole is IANA.org which assigns the port numbers up toabout 50K.
udp and tcp port 123 is end point mapping controled by SCVHOST. I don't understand why when I have a sudden shutdown, windows Netuser.dat points to something other than my normal ip. I have SSDP disabled.
My firewall blocks export...no problem

bump
Keeps happening and I have to do a repair. Before repair netstat points to UDP port 123 to a unknown address instead of my router gateway. It is like having a rat in the attic trying to call his mother on my line at startup and my firewall is blocking him.

This issue is being discussed here: http://www.bleepingcomputer.com/forums/topic231406.html . Closed to avoid confusion.

Orange Blossom