BleepingComputer.com: google redirecting links and pop ups

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

google redirecting links and pop ups Malware logs

#1 User is offline   mschlotman 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 28-March 11

Posted 29 March 2011 - 09:11 PM

Google is redirecting my links. seems to be a common malware problem on the forums. when i click the link fe3a.r.google is site it goes to. as well as it says jump occasionally on the page name right before it goes to another site.
Here are my logs.
Thanks,
Mike

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/12/2009 9:47:33 AM
System Uptime: 3/28/2011 9:24:29 PM (21 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Berkeley
Processor: Intel® Core™2 Duo CPU E6550 @ 2.33GHz | CPU 1 | 1998/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 364 GiB total, 341.017 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.007 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2: 3/28/2011 7:19:45 PM - Removed HP Total Care Advisor
RP3: 3/28/2011 7:34:24 PM - Scripted restore
RP4: 3/28/2011 7:36:12 PM - Installed Serif WebPlus X4
RP5: 3/28/2011 8:48:41 PM - Installed Java™ 6 Update 24
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Reader 8
Enhanced Multimedia Keyboard Solution
Google Chrome
Hardware Diagnostic Tools
Hitman Pro 3.5
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Picasso Media Center Add-In
HP Update
Intel® PRO Network Connections Drivers
Intel® Viiv™ Software
iolo technologies' System Mechanic
Java Auto Updater
Java™ 6 Update 24
LightScribe 1.4.142.1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
muvee autoProducer 6.0
My HP Games
NVIDIA Drivers
PSSWCORE
Python 2.4.3
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Serif WebPlus X4
Snapfish Media Detector
Soft Data Fax Modem with SmartCP
Yahoo! Toolbar for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
3/28/2011 9:26:52 PM, Error: Service Control Manager [7022] - The Internet Connection Sharing (ICS) service hung on starting.
3/28/2011 9:09:38 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/28/2011 9:09:25 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
3/28/2011 6:54:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
.
==== End Of File ===========================


GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-29 19:05:09
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDT725040VLA360 rev.V5COA7BA
Running: gmer.exe; Driver: C:\Users\Michael\AppData\Local\Temp\uxrdifow.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\Users\Michael\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtCreateFile + 6 7748F41A 4 Bytes [28, 00, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtCreateFile + B 7748F41F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtMapViewOfSection + 6 7748FB6A 1 Byte [28]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtMapViewOfSection + 6 7748FB6A 4 Bytes [28, 03, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtMapViewOfSection + B 7748FB6F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtOpenFile + 6 7748FBFA 4 Bytes [68, 00, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtOpenFile + B 7748FBFF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtOpenProcess + 6 7748FC7A 4 Bytes [A8, 01, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtOpenProcess + B 7748FC7F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtOpenProcessToken + 6 7748FC8A 4 Bytes CALL 76491290 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtOpenProcessToken + B 7748FC8F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtOpenProcessTokenEx + 6 7748FC9A 4 Bytes [A8, 02, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtOpenProcessTokenEx + B 7748FC9F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtOpenThread + 6 7748FCEA 4 Bytes [68, 01, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtOpenThread + B 7748FCEF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtOpenThreadToken + 6 7748FCFA 4 Bytes [68, 02, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtOpenThreadToken + B 7748FCFF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtOpenThreadTokenEx + 6 7748FD0A 4 Bytes CALL 76491311 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtOpenThreadTokenEx + B 7748FD0F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtQueryAttributesFile + 6 7748FD9A 4 Bytes [A8, 00, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtQueryAttributesFile + B 7748FD9F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtQueryFullAttributesFile + 6 7748FE4A 4 Bytes CALL 7649144F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtQueryFullAttributesFile + B 7748FE4F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtSetInformationFile + 6 7749036A 4 Bytes [28, 01, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtSetInformationFile + B 7749036F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtSetInformationThread + 6 774903BA 4 Bytes [28, 02, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtSetInformationThread + B 774903BF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtUnmapViewOfSection + 6 7749065A 1 Byte [68]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtUnmapViewOfSection + 6 7749065A 4 Bytes [68, 03, 16, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[248] ntdll.dll!NtUnmapViewOfSection + B 7749065F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtCreateFile + 6 7748F41A 4 Bytes [28, 00, 06, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtCreateFile + B 7748F41F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtMapViewOfSection + 6 7748FB6A 1 Byte [28]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtMapViewOfSection + 6 7748FB6A 4 Bytes [28, 03, 06, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtMapViewOfSection + B 7748FB6F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenFile + 6 7748FBFA 4 Bytes [68, 00, 06, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenFile + B 7748FBFF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenProcess + 6 7748FC7A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenProcess + B 7748FC7F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenProcessToken + 6 7748FC8A 4 Bytes CALL 76490290 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenProcessToken + B 7748FC8F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenProcessTokenEx + 6 7748FC9A 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenProcessTokenEx + B 7748FC9F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenThread + 6 7748FCEA 4 Bytes [68, 01, 06, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenThread + B 7748FCEF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenThreadToken + 6 7748FCFA 4 Bytes [68, 02, 06, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenThreadToken + B 7748FCFF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenThreadTokenEx + 6 7748FD0A 4 Bytes CALL 76490311 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtOpenThreadTokenEx + B 7748FD0F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtQueryAttributesFile + 6 7748FD9A 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtQueryAttributesFile + B 7748FD9F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtQueryFullAttributesFile + 6 7748FE4A 4 Bytes CALL 7649044F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtQueryFullAttributesFile + B 7748FE4F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtSetInformationFile + 6 7749036A 4 Bytes [28, 01, 06, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtSetInformationFile + B 7749036F 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtSetInformationThread + 6 774903BA 4 Bytes [28, 02, 06, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtSetInformationThread + B 774903BF 1 Byte [E2]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtUnmapViewOfSection + 6 7749065A 1 Byte [68]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtUnmapViewOfSection + 6 7749065A 4 Bytes [68, 03, 06, 00]
.text C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe[2596] ntdll.dll!NtUnmapViewOfSection + B 7749065F 1 Byte [E2]

---- EOF - GMER 1.0.15 ----

Also is telling me that google chrome cannot find the site on sites i know are correct.

EDIT: Posts merged ~BP

This post has been edited by Budapest: 29 March 2011 - 11:03 PM

#2 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,415
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 04 April 2011 - 08:55 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.



We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK

    Do not re-enable these drivers until otherwise instructed.


Download DDS:

    Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt

    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply






Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".


information and logs:

    In your next post I need the following

    • .logs from DDS
    • log from RKUnHooker
    • let me know of any problems you may have had


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#3 User is offline   mschlotman 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 28-March 11

Posted 04 April 2011 - 09:05 PM

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Michael at 18:58:48.50 on Mon 04/04/2011
Internet Explorer: 7.0.6000.16448
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3071.2310 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe
C:\Windows\system32\rundll32.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Michael\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [CCUTRAYICON] FactoryMode
mRun: [SnapfishMediaDetector] c:\program files\snapfish media detector\SnapfishMediaDetector.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish media detector\SnapfishMediaDetector.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
.
============= SERVICES / DRIVERS ===============
.
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2011-3-28 20392]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2011-3-28 724152]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2011-3-28 724152]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2011-4-3 312152]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-8-12 959104]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-04-04 04:59:49 -------- d-----w- c:\users\michael\appdata\roaming\IObit
2011-04-04 04:59:48 -------- d-----w- c:\progra~2\IObit
2011-04-04 04:59:46 -------- d-----w- c:\program files\IObit
2011-04-04 04:58:15 -------- d-----w- c:\users\michael\appdata\roaming\Malwarebytes
2011-04-04 04:58:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-04 04:58:12 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-04 04:58:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-04 04:58:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-03 10:01:49 733516 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-04-03 09:13:04 388096 ----a-r- c:\users\michael\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-03 09:13:03 -------- d-----w- c:\program files\Trend Micro
2011-04-03 08:45:03 -------- d-----w- c:\progra~2\PC Tools
2011-03-30 02:46:18 -------- d-----w- c:\users\michael\appdata\local\Adobe
2011-03-30 02:15:30 -------- d-----w- c:\users\michael\appdata\roaming\Serif
2011-03-29 04:23:13 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-29 04:18:32 4305387 ----a-r- c:\users\michael\appdata\roaming\microsoft\internet explorer\quick launch\ComboFix.exe
2011-03-29 04:09:09 98816 ---ha-w- c:\windows\sed.exe
2011-03-29 04:09:09 89088 ---ha-w- c:\windows\MBR.exe
2011-03-29 04:09:09 256512 ---ha-w- c:\windows\PEV.exe
2011-03-29 04:09:09 161792 ---ha-w- c:\windows\SWREG.exe
2011-03-29 03:49:04 472808 ---ha-w- c:\windows\system32\deployJava1.dll
2011-03-29 03:05:22 16968 ---ha-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-29 03:05:12 134464 ---ha-w- c:\windows\system32\LnkProtect.dll
2011-03-29 03:03:30 -------- d-----w- c:\progra~2\Hitman Pro
2011-03-29 03:03:29 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-03-29 02:57:56 20392 ---ha-w- c:\windows\system32\drivers\ElRawDsk.sys
2011-03-29 02:57:52 87688 ---ha-w- c:\windows\system32\IncContxMenu.dll
2011-03-29 02:57:52 511328 ----a-w- c:\program files\common files\microsoft shared\capicom\CAPICOM.DLL
2011-03-29 02:57:51 56200 ---ha-w- c:\windows\system32\offreg.dll
2011-03-29 02:57:51 29696 ---ha-w- c:\windows\system32\iolobtdfg.exe
2011-03-29 02:57:51 2234552 ---ha-w- c:\windows\system32\Incinerator.dll
2011-03-29 02:57:51 11776 ---ha-w- c:\windows\system32\smrgdf.exe
2011-03-29 02:57:51 -------- d-----w- c:\program files\iolo
2011-03-29 02:54:25 74703 ---ha-w- c:\windows\system32\mfc45.dll
2011-03-29 02:54:22 -------- d-----w- c:\users\michael\appdata\roaming\iolo
2011-03-29 02:54:22 -------- d-----w- c:\progra~2\iolo
2011-03-29 02:39:56 -------- d-----w- c:\program files\common files\MSSoap
2011-03-29 02:36:26 -------- d-----w- c:\program files\Serif
2011-03-29 02:22:29 -------- d-----w- c:\users\michael\appdata\local\Google
2011-03-29 02:22:10 -------- d-----w- c:\users\michael\appdata\local\Deployment
2011-03-29 02:22:10 -------- d-----w- c:\users\michael\appdata\local\Apps
2011-03-29 02:10:16 -------- d-----w- c:\users\michael\appdata\local\Hewlett-Packard
2011-03-29 01:54:15 89600 ---ha-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
2011-03-29 01:54:13 -------- d-sh--we C:\Documents and Settings
.
==================== Find3M ====================
.
.
============= FINISH: 18:59:09.22 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/12/2009 9:47:33 AM
System Uptime: 4/4/2011 6:55:39 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Berkeley
Processor: Intel® Core™2 Duo CPU E6550 @ 2.33GHz | CPU 1 | 1998/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 364 GiB total, 331.099 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.007 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2: 3/28/2011 7:19:45 PM - Removed HP Total Care Advisor
RP3: 3/28/2011 7:34:24 PM - Scripted restore
RP4: 3/28/2011 7:36:12 PM - Installed Serif WebPlus X4
RP5: 3/28/2011 8:48:41 PM - Installed Java™ 6 Update 24
RP6: 3/30/2011 - Scheduled Checkpoint
RP7: 3/31/2011 9:38:23 PM - Scheduled Checkpoint
RP8: 4/2/2011 - Scheduled Checkpoint
RP9: 4/3/2011 - Scheduled Checkpoint
RP10: 4/3/2011 2:11:17 AM - Installed HiJackThis
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Reader 8
Enhanced Multimedia Keyboard Solution
Google Chrome
Hardware Diagnostic Tools
HiJackThis
Hitman Pro 3.5
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Picasso Media Center Add-In
HP Update
Intel® PRO Network Connections Drivers
Intel® Viiv™ Software
IObit Security 360
iolo technologies' System Mechanic
Java Auto Updater
Java™ 6 Update 24
LightScribe 1.4.142.1
Malwarebytes' Anti-Malware
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
muvee autoProducer 6.0
My HP Games
NVIDIA Drivers
PSSWCORE
Python 2.4.3
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Serif WebPlus X4
Snapfish Media Detector
Soft Data Fax Modem with SmartCP
.
==== Event Viewer Messages From Past Week ========
.
4/3/2011 9:53:56 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: A system shutdown has already been scheduled.
4/3/2011 9:53:56 PM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
4/3/2011 9:53:56 PM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
4/3/2011 9:52:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ElRawDisk i8042prt spldr Wanarpv6
4/3/2011 9:52:22 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/3/2011 9:51:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/3/2011 9:51:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/3/2011 9:49:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/3/2011 9:49:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/3/2011 9:49:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
4/3/2011 9:49:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/3/2011 9:49:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/3/2011 9:49:01 PM, Error: EventLog [6008] - The previous system shutdown at 9:47:33 PM on 4/3/2011 was unexpected.
4/3/2011 2:58:43 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Michael\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.
3/31/2011 8:36:24 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/31/2011 8:36:24 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
3/28/2011 9:26:52 PM, Error: Service Control Manager [7022] - The Internet Connection Sharing (ICS) service hung on starting.
3/28/2011 9:09:38 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/28/2011 9:09:25 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
3/28/2011 6:54:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
.
==== End Of File ===========================

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6000
Number of processors #2
==============================================
>Drivers
==============================================
0x81C00000 C:\Windows\system32\ntkrnlpa.exe 3805184 bytes (Microsoft Corporation, NT Kernel & System)
0x81C00000 PnpManager 3805184 bytes
0x81C00000 RAW 3805184 bytes
0x81C00000 WMIxWDM 3805184 bytes
0x93400000 Win32k 2093056 bytes
0x93400000 C:\Windows\System32\win32k.sys 2093056 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8DA57000 C:\Windows\system32\drivers\RTKVHDA.sys 1740800 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x89EBF000 C:\Windows\System32\Drivers\Ntfs.sys 1081344 bytes (Microsoft Corporation, NT File System Driver)
0x8064A000 C:\Windows\system32\drivers\ndis.sys 1064960 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8D4FD000 C:\Windows\system32\DRIVERS\HSX_DP.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8D215000 C:\Windows\system32\drivers\HCW85BDA.sys 962560 bytes (Hauppauge Computer Works, CX23885 BDA driver)
0x8051F000 C:\Windows\system32\CI.dll 921600 bytes (Microsoft Corporation, Code Integrity Module)
0x97722000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8DCCF000 C:\Windows\System32\drivers\tcpip.sys 856064 bytes (Microsoft Corporation, TCP/IP Driver)
0x8D302000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x94B28000 C:\Windows\system32\drivers\spsys.sys 581632 bytes (Microsoft Corporation, security processor)
0x804A4000 C:\Windows\system32\drivers\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0x89E55000 C:\Windows\System32\Drivers\ksecdd.sys 434176 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9630C000 C:\Windows\system32\drivers\HTTP.sys 417792 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x80277000 C:\Windows\system32\mcupdate_GenuineIntel.dll 323584 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x9677E000 C:\Windows\System32\DRIVERS\srv.sys 311296 bytes (Microsoft Corporation, Server driver)
0x8D3B6000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 303104 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x807B6000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8DC46000 C:\Windows\system32\drivers\afd.sys 290816 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80461000 C:\Windows\system32\drivers\acpi.sys 274432 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8D41A000 C:\Windows\system32\DRIVERS\storport.sys 262144 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8D0DA000 C:\Windows\system32\DRIVERS\USBPORT.SYS 249856 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8022B000 C:\Windows\system32\CLFS.SYS 241664 bytes (Microsoft Corporation, Common Log File System Driver)
0x8D172000 C:\Windows\system32\DRIVERS\e1e6032.sys 241664 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 6 deserialized driver)
0x8DF9C000 C:\Windows\system32\DRIVERS\rdbss.sys 241664 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x9620E000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x89FC7000 C:\Windows\system32\drivers\NETIO.SYS 233472 bytes (Microsoft Corporation, Network I/O Subsystem)
0x89E1F000 C:\Windows\system32\drivers\volsnap.sys 221184 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x81FA1000 ACPI_HAL 212992 bytes
0x81FA1000 C:\Windows\system32\hal.dll 212992 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8D643000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8DC14000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x80767000 C:\Windows\system32\drivers\fltmgr.sys 200704 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8DA2A000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8D4BA000 C:\Windows\system32\DRIVERS\msiscsi.sys 176128 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8061F000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8D020000 C:\Windows\system32\drivers\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8D604000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8A1DB000 C:\Windows\System32\drivers\ecache.sys 151552 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8043C000 C:\Windows\system32\drivers\pci.sys 151552 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x967CA000 C:\Windows\System32\DRIVERS\srv2.sys 147456 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8D7DD000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8A1A9000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8D1BA000 C:\Windows\system32\DRIVERS\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x96265000 C:\Windows\system32\drivers\mrxdav.sys 126976 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x80798000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x96247000 C:\Windows\system32\DRIVERS\mrxsmb.sys 122880 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x93B65000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x962F1000 C:\Windows\System32\DRIVERS\srvnet.sys 110592 bytes (Microsoft Corporation, Server Network driver)
0x96298000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8DCB6000 C:\Windows\System32\drivers\fwpkclnt.sys 102400 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8D4E5000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8DF85000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Client MUP Surrogate Driver)
0x937E0000 C:\Windows\System32\drivers\dxg.sys 94208 bytes (Microsoft Corporation, DirectX Graphics Driver)
0x8D403000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8E099000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x99801000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8DFEA000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8DCA1000 C:\Windows\system32\DRIVERS\tdx.sys 86016 bytes (Microsoft Corporation, TDI Translation Driver)
0x96609000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x96284000 C:\Windows\System32\drivers\mpsdrv.sys 81920 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8DC8D000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8D6DA000 C:\Windows\system32\DRIVERS\raspptp.sys 77824 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x93A76000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8DFD7000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8D04A000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x967EE000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 73728 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8E087000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x97610000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8A1CA000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x80757000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8AB30000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8AB50000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8041D000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8AB90000 C:\Windows\System32\Drivers\NDProxy.SYS 65536 bytes (Microsoft Corporation, NDIS Proxy)
0x8AAD0000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8D6FC000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x89E10000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80608000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8A005000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8D6ED000 C:\Windows\system32\DRIVERS\termdd.sys 61440 bytes (Microsoft Corporation, Terminal Server Driver)
0x8042D000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8D005000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x8D1E7000 C:\Windows\system32\DRIVERS\intelppm.sys 57344 bytes (Microsoft Corporation, Processor Device Driver)
0x8DC06000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8DA05000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8040F000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8D0CC000 C:\Windows\system32\DRIVERS\usbehci.sys 57344 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8AE1F000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8D013000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8D6CD000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8D1AD000 C:\Windows\system32\DRIVERS\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8021E000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x8DA1E000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8D1DB000 C:\Windows\system32\DRIVERS\vgapnp.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8AE0D000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8D6C2000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8D6B7000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8DA13000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8D4AF000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8E1EA000 C:\Windows\System32\drivers\tcpipreg.sys 45056 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8D20A000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8D1F5000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8D117000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8E0BA000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8D200000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8D629000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8E114000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8E0CE000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
0x89E07000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8AE3E000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8AEA1000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8AE59000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x8AEB3000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8026E000 C:\Windows\system32\PSHED.dll 36864 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8074E000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8AE50000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x93600000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8AE2C000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80215000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x80400000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80266000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8AFA8000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x93610000 C:\Windows\System32\framebuf.dll 32768 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x802C6000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8AF30000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8020D000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8AF50000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8AF58000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x80617000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8AF40000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8D09B000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8D0A2000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80206000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8D08D000 C:\Users\Michael\AppData\Local\Temp\mbr.sys 28672 bytes
0x8D094000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x80408000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8DDD0000 C:\Windows\system32\drivers\ElRawDsk.sys 16384 bytes (EldoS Corporation, RawDisk Driver. Allows write access to raw disk sectors for user mode applications in Windows 2000, XP, 2003, Vista, 2008.)
0x96742000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8AA3F000 C:\Windows\system32\drivers\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)
0x8AA00000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8AECA000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================


Nothing detected :(

#4 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,415
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 05 April 2011 - 04:55 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

    In your next post I need the following

  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#5 User is offline   mschlotman 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 28-March 11

Posted 05 April 2011 - 08:45 PM

Problem still occuring
Your help is appreciated
Thanks,
Mike

ComboFix 11-04-04.04 - Michael 04/05/2011 9:11.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3071.1915 [GMT -7:00]
Running from: c:\users\Michael\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-03-05 to 2011-04-05 )))))))))))))))))))))))))))))))
.
.
2011-04-05 16:14 . 2011-04-05 16:14 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2011-04-05 16:14 . 2011-04-05 16:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-04 04:59 . 2011-04-04 04:59 -------- d-----w- c:\programdata\IObit
2011-04-04 04:59 . 2011-04-04 04:59 -------- d-----w- c:\program files\IObit
2011-04-04 04:58 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-04 04:58 . 2011-04-04 04:58 -------- d-----w- c:\programdata\Malwarebytes
2011-04-04 04:58 . 2011-04-04 04:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-04 04:58 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-03 10:01 . 2011-04-05 02:02 733516 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-04-03 09:13 . 2011-04-03 09:13 -------- d-----w- c:\program files\Trend Micro
2011-04-03 08:45 . 2011-04-03 08:45 -------- d-----w- c:\programdata\PC Tools
2011-03-29 03:49 . 2011-03-29 03:49 -------- d-----w- c:\program files\Common Files\Java
2011-03-29 03:49 . 2011-03-29 03:48 472808 ---ha-w- c:\windows\system32\deployJava1.dll
2011-03-29 03:48 . 2011-03-29 03:48 -------- d-----w- c:\program files\Java
2011-03-29 03:05 . 2011-04-01 03:46 16968 ---ha-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-29 03:05 . 2011-03-29 03:05 134464 ---ha-w- c:\windows\system32\LnkProtect.dll
2011-03-29 03:03 . 2011-03-29 03:03 -------- d-----w- c:\programdata\Hitman Pro
2011-03-29 03:03 . 2011-03-29 03:03 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-03-29 02:57 . 2008-12-09 16:59 20392 ---ha-w- c:\windows\system32\drivers\ElRawDsk.sys
2011-03-29 02:57 . 2011-03-11 08:54 87688 ---ha-w- c:\windows\system32\IncContxMenu.dll
2011-03-29 02:57 . 2010-09-23 19:29 511328 ----a-w- c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2011-03-29 02:57 . 2011-03-29 02:57 -------- d-----w- c:\program files\iolo
2011-03-29 02:57 . 2011-03-11 08:53 11776 ---ha-w- c:\windows\system32\smrgdf.exe
2011-03-29 02:57 . 2011-03-11 08:53 29696 ---ha-w- c:\windows\system32\iolobtdfg.exe
2011-03-29 02:57 . 2011-03-11 08:36 2234552 ---ha-w- c:\windows\system32\Incinerator.dll
2011-03-29 02:57 . 2010-02-09 04:59 56200 ---ha-w- c:\windows\system32\offreg.dll
2011-03-29 02:54 . 2011-03-29 02:54 74703 ---ha-w- c:\windows\system32\mfc45.dll
2011-03-29 02:54 . 2011-03-29 04:15 -------- d-----w- c:\programdata\iolo
2011-03-29 02:36 . 2011-03-29 02:36 -------- d-----w- c:\program files\Serif
2011-03-29 02:05 . 2011-04-05 01:58 -------- d-----w- c:\users\Michael
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-03-12 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-12 7770112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"SnapfishMediaDetector"="c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe" [2007-03-02 1441792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2011-03-11 434360]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-12 1280344]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish Media Detector.lnk - c:\program files\Snapfish Media Detector\SnapfishMediaDetector.exe [2007-3-2 1441792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2008-12-09 20392]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2011-03-11 724152]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2011-03-11 724152]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-12 312152]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-04-09 959104]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - klmd25
*Deregistered* - Normandy
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1223486579-2857063586-4285334604-1001Core.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-29 02:22]
.
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1223486579-2857063586-4285334604-1001UA.job
- c:\users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-29 02:22]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-05 09:14
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
? [2012]
? [804]
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-04-05 09:15:41
ComboFix-quarantined-files.txt 2011-04-05 16:15
.
Pre-Run: 353,034,866,688 bytes free
Post-Run: 353,042,825,216 bytes free
.
- - End Of File - - 4EAF1D28D18ECC313B524E47332877AF

#6 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,415
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 06 April 2011 - 02:29 AM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#7 User is offline   mschlotman 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 28-March 11

Posted 06 April 2011 - 10:54 PM

2011/04/06 20:53:30.0770 60016 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
TDSS says no infection found. Problem still occuring.
Thanks,
Mike




2011/04/06 20:53:31.0089 60016 ================================================================================
2011/04/06 20:53:31.0089 60016 SystemInfo:
2011/04/06 20:53:31.0089 60016
2011/04/06 20:53:31.0089 60016 OS Version: 6.0.6000 ServicePack: 0.0
2011/04/06 20:53:31.0089 60016 Product type: Workstation
2011/04/06 20:53:31.0089 60016 ComputerName: MICHAEL-PC
2011/04/06 20:53:31.0089 60016 UserName: Michael
2011/04/06 20:53:31.0089 60016 Windows directory: C:\Windows
2011/04/06 20:53:31.0089 60016 System windows directory: C:\Windows
2011/04/06 20:53:31.0089 60016 Processor architecture: Intel x86
2011/04/06 20:53:31.0089 60016 Number of processors: 2
2011/04/06 20:53:31.0089 60016 Page size: 0x1000
2011/04/06 20:53:31.0089 60016 Boot type: Normal boot
2011/04/06 20:53:31.0089 60016 ================================================================================
2011/04/06 20:53:31.0333 60016 Initialize success
2011/04/06 20:53:33.0819 60448 ================================================================================
2011/04/06 20:53:33.0819 60448 Scan started
2011/04/06 20:53:33.0819 60448 Mode: Manual;
2011/04/06 20:53:33.0819 60448 ================================================================================
2011/04/06 20:53:34.0926 60448 ACPI (192bdbd1540645c4a2aa69f24cce197f) C:\Windows\system32\drivers\acpi.sys
2011/04/06 20:53:34.0964 60448 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/06 20:53:34.0985 60448 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/06 20:53:35.0006 60448 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/06 20:53:35.0030 60448 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/06 20:53:35.0064 60448 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/04/06 20:53:35.0083 60448 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/06 20:53:35.0105 60448 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/06 20:53:35.0171 60448 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/04/06 20:53:35.0209 60448 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/06 20:53:35.0230 60448 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/04/06 20:53:35.0245 60448 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/06 20:53:35.0256 60448 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/06 20:53:35.0288 60448 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/06 20:53:35.0307 60448 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/06 20:53:35.0324 60448 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/06 20:53:35.0342 60448 atapi (4f4fcb8b6ea06784fb6d475b7ec7300f) C:\Windows\system32\drivers\atapi.sys
2011/04/06 20:53:35.0411 60448 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/04/06 20:53:35.0468 60448 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/06 20:53:35.0493 60448 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/06 20:53:35.0515 60448 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/06 20:53:35.0538 60448 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/06 20:53:35.0560 60448 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/06 20:53:35.0581 60448 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/06 20:53:35.0592 60448 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/06 20:53:35.0615 60448 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/06 20:53:35.0712 60448 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/06 20:53:35.0757 60448 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/06 20:53:35.0773 60448 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/06 20:53:35.0799 60448 CLFS (51b4b82560e49c415ae5b1337d635c3f) C:\Windows\system32\CLFS.sys
2011/04/06 20:53:35.0836 60448 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/04/06 20:53:35.0855 60448 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/04/06 20:53:35.0889 60448 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/06 20:53:35.0910 60448 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/06 20:53:35.0940 60448 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/04/06 20:53:35.0976 60448 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/04/06 20:53:36.0021 60448 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/04/06 20:53:36.0047 60448 DXGKrnl (f032a2f91287a0b800891c7bef9ca7a8) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/06 20:53:36.0081 60448 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/04/06 20:53:36.0137 60448 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/06 20:53:36.0165 60448 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/04/06 20:53:36.0209 60448 ElRawDisk (9c64c2a950195f9bc3a09a499648b01c) C:\Windows\system32\drivers\ElRawDsk.sys
2011/04/06 20:53:36.0254 60448 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/06 20:53:36.0310 60448 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/04/06 20:53:36.0331 60448 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/06 20:53:36.0355 60448 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/04/06 20:53:36.0374 60448 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/04/06 20:53:36.0423 60448 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/06 20:53:36.0437 60448 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/04/06 20:53:36.0463 60448 Fs_Rec (1ed8599e1e08ba40f2b7301f0b83583a) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/06 20:53:36.0501 60448 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/06 20:53:36.0554 60448 HCW85BDA (8cd6accaa612b3f89ec6f18776fffddf) C:\Windows\system32\drivers\HCW85BDA.sys
2011/04/06 20:53:36.0582 60448 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/06 20:53:36.0601 60448 HDAudBus (ffb271303ba3c59d9c97b7af1175de95) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/06 20:53:36.0623 60448 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/06 20:53:36.0673 60448 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/06 20:53:36.0697 60448 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/06 20:53:36.0730 60448 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/06 20:53:36.0775 60448 HSF_DP (729ff797a69cd3e96bbaea1e35e56738) C:\Windows\system32\DRIVERS\HSX_DP.sys
2011/04/06 20:53:36.0794 60448 HSXHWBS2 (e8eb7746002e2038345e6839503e3c4a) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/04/06 20:53:36.0830 60448 HTTP (f31d27ccf514549a17e79bebe01b40b6) C:\Windows\system32\drivers\HTTP.sys
2011/04/06 20:53:36.0890 60448 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/06 20:53:36.0908 60448 i8042prt (1060f1377f395a242e27719440ece602) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/06 20:53:36.0939 60448 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/06 20:53:36.0967 60448 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/06 20:53:37.0036 60448 IntcAzAudAddService (4a705bf2a6f7972f2f2ad8a0d8079f95) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/06 20:53:37.0067 60448 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/06 20:53:37.0085 60448 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/06 20:53:37.0154 60448 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/06 20:53:37.0223 60448 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/06 20:53:37.0248 60448 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/06 20:53:37.0269 60448 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/04/06 20:53:37.0314 60448 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/06 20:53:37.0338 60448 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/06 20:53:37.0366 60448 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/06 20:53:37.0408 60448 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/06 20:53:37.0431 60448 kbdclass (1a48765f92ba1a88445fc25c9c9d94fc) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/06 20:53:37.0465 60448 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/06 20:53:37.0491 60448 KSecDD (11d0bc1f2afd8abbb5a3dc47a042de54) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/06 20:53:37.0546 60448 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/06 20:53:37.0574 60448 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/06 20:53:37.0591 60448 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/06 20:53:37.0613 60448 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/06 20:53:37.0625 60448 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/04/06 20:53:37.0669 60448 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/04/06 20:53:37.0718 60448 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/06 20:53:37.0754 60448 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/04/06 20:53:37.0787 60448 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/06 20:53:37.0867 60448 mouclass (3c9469dfb3440555dab070716d768b1e) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/06 20:53:37.0881 60448 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/06 20:53:37.0902 60448 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/04/06 20:53:37.0922 60448 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/06 20:53:37.0944 60448 mpsdrv (8d326e8b321685d4784afa1c55169d73) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/06 20:53:37.0968 60448 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/06 20:53:38.0009 60448 MRxDAV (93224014a418b72356462b8f7de6e8c9) C:\Windows\system32\drivers\mrxdav.sys
2011/04/06 20:53:38.0031 60448 mrxsmb (fca7563d87f71c6db0182ca67cc19aa7) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/06 20:53:38.0058 60448 mrxsmb10 (58a9ab5754fa4cabede7401283b5a771) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/06 20:53:38.0085 60448 mrxsmb20 (79b09504e4a790104683722cd04f76b4) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/06 20:53:38.0114 60448 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/04/06 20:53:38.0139 60448 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/06 20:53:38.0167 60448 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/04/06 20:53:38.0187 60448 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2011/04/06 20:53:38.0227 60448 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/06 20:53:38.0240 60448 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/06 20:53:38.0257 60448 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/04/06 20:53:38.0288 60448 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/04/06 20:53:38.0314 60448 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/06 20:53:38.0326 60448 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/04/06 20:53:38.0349 60448 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/04/06 20:53:38.0414 60448 NativeWifiP (497de786240303ee67ab01f5690c24c2) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/06 20:53:38.0441 60448 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2011/04/06 20:53:38.0474 60448 NdisTapi (7584f1794b23b83d63cc124a8c56d103) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/06 20:53:38.0505 60448 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/06 20:53:38.0526 60448 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/06 20:53:38.0555 60448 NDProxy (874c12e3ad1431cabc854697d302c563) C:\Windows\system32\drivers\NDProxy.sys
2011/04/06 20:53:38.0578 60448 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/06 20:53:38.0601 60448 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/06 20:53:38.0676 60448 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/06 20:53:38.0697 60448 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/04/06 20:53:38.0741 60448 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/06 20:53:38.0831 60448 Ntfs (3f379380a4a2637f559444e338cf1b51) C:\Windows\system32\drivers\Ntfs.sys
2011/04/06 20:53:38.0888 60448 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/06 20:53:38.0900 60448 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/04/06 20:53:39.0019 60448 nvlddmkm (2d892bb73314eca5549b96f783bb45e8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/06 20:53:39.0069 60448 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/06 20:53:39.0117 60448 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/06 20:53:39.0141 60448 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/06 20:53:39.0193 60448 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/06 20:53:39.0232 60448 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/06 20:53:39.0254 60448 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/04/06 20:53:39.0280 60448 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/06 20:53:39.0295 60448 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2011/04/06 20:53:39.0309 60448 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/04/06 20:53:39.0335 60448 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/06 20:53:39.0371 60448 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/06 20:53:39.0470 60448 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/06 20:53:39.0506 60448 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/06 20:53:39.0551 60448 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
2011/04/06 20:53:39.0568 60448 PSched (b74edf14453c9987e99e66535047ebee) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/06 20:53:39.0592 60448 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/06 20:53:39.0633 60448 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/06 20:53:39.0657 60448 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/06 20:53:39.0679 60448 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/06 20:53:39.0732 60448 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/06 20:53:39.0774 60448 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/06 20:53:39.0811 60448 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/06 20:53:39.0848 60448 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/06 20:53:39.0867 60448 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/06 20:53:39.0896 60448 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/04/06 20:53:39.0909 60448 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/06 20:53:39.0937 60448 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/04/06 20:53:39.0982 60448 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/06 20:53:40.0031 60448 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/06 20:53:40.0078 60448 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/06 20:53:40.0110 60448 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/06 20:53:40.0130 60448 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/06 20:53:40.0143 60448 sermouse (fd06895f55c0bec3cbd84bda14e1c6b7) C:\Windows\system32\drivers\sermouse.sys
2011/04/06 20:53:40.0180 60448 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/04/06 20:53:40.0200 60448 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/06 20:53:40.0222 60448 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/06 20:53:40.0240 60448 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/06 20:53:40.0303 60448 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/06 20:53:40.0339 60448 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/06 20:53:40.0371 60448 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/06 20:53:40.0401 60448 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2011/04/06 20:53:40.0425 60448 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/04/06 20:53:40.0442 60448 srv (2c677528b24d64d22886ecbe5cd97f20) C:\Windows\system32\DRIVERS\srv.sys
2011/04/06 20:53:40.0457 60448 srv2 (382baf4dcbd7648ced6c64a8a1e335b2) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/06 20:53:40.0470 60448 srvnet (f8e47a77e1690d8574962b69cb22beb3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/06 20:53:40.0501 60448 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/06 20:53:40.0521 60448 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/06 20:53:40.0546 60448 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/06 20:53:40.0582 60448 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/06 20:53:40.0634 60448 Tcpip (d944522b048a5feb7700b5170d3d9423) C:\Windows\system32\drivers\tcpip.sys
2011/04/06 20:53:40.0671 60448 Tcpip6 (d944522b048a5feb7700b5170d3d9423) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/06 20:53:40.0706 60448 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/06 20:53:40.0725 60448 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/04/06 20:53:40.0741 60448 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/06 20:53:40.0753 60448 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/06 20:53:40.0773 60448 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/06 20:53:40.0821 60448 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/06 20:53:40.0837 60448 tunmp (80fc4ac81602c88e7d23618e6efba2c6) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/06 20:53:40.0878 60448 tunnel (52daa1fa3b5a40d6a6627b44c60a9b78) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/06 20:53:40.0896 60448 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/06 20:53:40.0933 60448 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/06 20:53:40.0978 60448 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/06 20:53:41.0002 60448 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/06 20:53:41.0020 60448 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/06 20:53:41.0040 60448 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/06 20:53:41.0059 60448 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/06 20:53:41.0127 60448 usbccgp (0916972fb98080355ac1e9a4f92183f7) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/06 20:53:41.0167 60448 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/06 20:53:41.0199 60448 usbehci (fb50f987304f907a0103b14a5f2f2344) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/06 20:53:41.0219 60448 usbhub (16675ab7e199635086ab0556137371f5) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/06 20:53:41.0238 60448 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/06 20:53:41.0250 60448 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/06 20:53:41.0277 60448 USBSTOR (fdbaabf07244c60b0f4e0a6e71a107c6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/06 20:53:41.0295 60448 usbuhci (165bb1f0801118dc86aa3fc87d3d101c) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/06 20:53:41.0324 60448 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/06 20:53:41.0351 60448 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/04/06 20:53:41.0378 60448 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/06 20:53:41.0417 60448 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/06 20:53:41.0446 60448 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/04/06 20:53:41.0484 60448 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2011/04/06 20:53:41.0499 60448 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/04/06 20:53:41.0515 60448 volsnap (11ef6c1caef76b685233450a126125d6) C:\Windows\system32\drivers\volsnap.sys
2011/04/06 20:53:41.0535 60448 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/06 20:53:41.0566 60448 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/06 20:53:41.0585 60448 Wanarp (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/06 20:53:41.0595 60448 Wanarpv6 (6e1a5be9a0605f3d932ff35fba2b22b3) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/06 20:53:41.0651 60448 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/06 20:53:41.0692 60448 Wdf01000 (5dfdbd5ef13e4d95be6fc108e2ed4a67) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/06 20:53:41.0766 60448 winachsf (3b4522d0e750bac8fe7ae61622a57014) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/04/06 20:53:41.0826 60448 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/06 20:53:41.0869 60448 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/06 20:53:41.0904 60448 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/06 20:53:41.0927 60448 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/04/06 20:53:41.0992 60448 ================================================================================
2011/04/06 20:53:41.0992 60448 Scan finished
2011/04/06 20:53:41.0992 60448 ================================================================================

#8 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,415
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 06 April 2011 - 11:23 PM

we are going to check the router

Create and Run Batch File
    Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
    Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

    It should look like this: Posted Image <--XP
    Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#9 User is offline   mschlotman 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 28-March 11

Posted 08 April 2011 - 01:02 AM

Windows IP Configuration

Host Name . . . . . . . . . . . . : Michael-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.actdsltmp

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : domain.actdsltmp
Description . . . . . . . . . . . : Intel® 82566DC-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-1B-FC-B4-5F-45
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8533:9342:83df:3867%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, April 07, 2011 10:26:52 PM
Lease Expires . . . . . . . . . . : Friday, April 08, 2011 10:26:51 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201333756
DNS Servers . . . . . . . . . . . : 93.188.166.105
93.188.161.105
1.2.3.4
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:147a:1d1f:3f57:fe9a(Preferred)
Link-local IPv6 Address . . . . . : fe80::147a:1d1f:3f57:fe9a%9(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . : domain.actdsltmp
Description . . . . . . . . . . . : isatap.domain.actdsltmp
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.101%10(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 93.188.166.105
93.188.161.105
1.2.3.4
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: 93.188.166.105.static.ukrtelegroup.com.ua
Address: 93.188.166.105:53

Name: google.com
Addresses: 74.125.226.145, 74.125.226.148, 74.125.226.144, 74.125.226.147
74.125.226.146

Server: 93.188.166.105.static.ukrtelegroup.com.ua
Address: 93.188.166.105:53

Name: yahoo.com
Addresses: 67.195.160.76, 72.30.2.43, 69.147.125.65, 209.191.122.70
98.137.149.56



Pinging google.com [74.125.226.116] with 32 bytes of data:



Reply from 74.125.226.116: bytes=32 time=138ms TTL=55

Reply from 74.125.226.116: bytes=32 time=135ms TTL=55



Ping statistics for 74.125.226.116:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 135ms, Maximum = 138ms, Average = 136ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=138ms TTL=52

Reply from 209.191.122.70: bytes=32 time=144ms TTL=53



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 138ms, Maximum = 144ms, Average = 141ms

===========================================================================
Interface List
8 ...00 1b fc b4 5f 45 ...... Intel® 82566DC-2 Gigabit Network Connection
1 ........................... Software Loopback Interface 1
9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
10 ...00 00 00 00 00 00 00 e0 isatap.domain.actdsltmp
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.101 276
192.168.1.101 255.255.255.255 On-link 192.168.1.101 276
192.168.1.255 255.255.255.255 On-link 192.168.1.101 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.101 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.101 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
9 18 ::/0 On-link
1 306 ::1/128 On-link
9 18 2001::/32 On-link
9 266 2001:0:4137:9e76:147a:1d1f:3f57:fe9a/128
On-link
8 276 fe80::/64 On-link
9 266 fe80::/64 On-link
10 281 fe80::5efe:192.168.1.101/128
On-link
9 266 fe80::147a:1d1f:3f57:fe9a/128
On-link
8 276 fe80::8533:9342:83df:3867/128
On-link
1 306 ff00::/8 On-link
9 266 ff00::/8 On-link
8 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#10 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,415
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 08 April 2011 - 01:19 AM

Hello

Yes it looks like the DNS settings on the router have been changed.

Resetting Router

Let’s try to reset the router to its default configuration.
  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS

Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:

      ipconfig /flushdns


Now lets check the router again

Create and Run Batch File
    Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
    Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

    It should look like this: Posted Image <--XP
    Double-click on router.bat to run it. it will open notepad when done please post back the results


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#11 User is offline   mschlotman 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 28-March 11

Posted 09 April 2011 - 02:42 AM

Windows IP Configuration

Host Name . . . . . . . . . . . . : Michael-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.actdsltmp

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : domain.actdsltmp
Description . . . . . . . . . . . : Intel® 82566DC-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-1B-FC-B4-5F-45
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8533:9342:83df:3867%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, April 09, 2011 12:33:47 AM
Lease Expires . . . . . . . . . . : Sunday, April 10, 2011 12:33:47 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201333756
DNS Servers . . . . . . . . . . . : 93.188.166.105
93.188.161.105
1.2.3.4
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:285f:ce2:3f57:fe9a(Preferred)
Link-local IPv6 Address . . . . . : fe80::285f:ce2:3f57:fe9a%9(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . : domain.actdsltmp
Description . . . . . . . . . . . : isatap.domain.actdsltmp
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.101%10(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 93.188.166.105
93.188.161.105
1.2.3.4
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: 93.188.166.105.static.ukrtelegroup.com.ua
Address: 93.188.166.105:53

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Server: 93.188.166.105.static.ukrtelegroup.com.ua
Address: 93.188.166.105:53

Name: yahoo.com
Addresses: 67.195.160.76, 209.191.122.70, 72.30.2.43, 98.137.149.56
69.147.125.65



Pinging google.com [74.125.226.148] with 32 bytes of data:



Reply from 74.125.226.148: bytes=32 time=134ms TTL=55

Reply from 74.125.226.148: bytes=32 time=139ms TTL=55



Ping statistics for 74.125.226.148:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 134ms, Maximum = 139ms, Average = 136ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=142ms TTL=53

Reply from 209.191.122.70: bytes=32 time=141ms TTL=52



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 141ms, Maximum = 142ms, Average = 141ms

===========================================================================
Interface List
8 ...00 1b fc b4 5f 45 ...... Intel® 82566DC-2 Gigabit Network Connection
1 ........................... Software Loopback Interface 1
9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
10 ...00 00 00 00 00 00 00 e0 isatap.domain.actdsltmp
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.101 276
192.168.1.101 255.255.255.255 On-link 192.168.1.101 276
192.168.1.255 255.255.255.255 On-link 192.168.1.101 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.101 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.101 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
9 18 ::/0 On-link
1 306 ::1/128 On-link
9 18 2001::/32 On-link
9 266 2001:0:4137:9e76:285f:ce2:3f57:fe9a/128
On-link
8 276 fe80::/64 On-link
9 266 fe80::/64 On-link
10 281 fe80::5efe:192.168.1.101/128
On-link
9 266 fe80::285f:ce2:3f57:fe9a/128
On-link
8 276 fe80::8533:9342:83df:3867/128
On-link
1 306 ff00::/8 On-link
9 266 ff00::/8 On-link
8 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#12 User is offline   mschlotman 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 28-March 11

Posted 09 April 2011 - 02:44 AM

Problem is still occurring. Web redirect and popups.
Mike

#13 User is offline   mschlotman 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 28-March 11

Posted 09 April 2011 - 12:10 PM

Hey this is the new batch file DNS flush did not run correctly.
Problem is still occurring.
Thanks,
Michael

Windows IP Configuration

Host Name . . . . . . . . . . . . : Michael-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.actdsltmp

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : domain.actdsltmp
Description . . . . . . . . . . . : Intel® 82566DC-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-1B-FC-B4-5F-45
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8533:9342:83df:3867%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, April 09, 2011 12:33:47 AM
Lease Expires . . . . . . . . . . : Sunday, April 10, 2011 12:33:48 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201333756
DNS Servers . . . . . . . . . . . : 93.188.166.105
93.188.161.105
1.2.3.4
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:285f:ce2:3f57:fe9a(Preferred)
Link-local IPv6 Address . . . . . : fe80::285f:ce2:3f57:fe9a%9(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . : domain.actdsltmp
Description . . . . . . . . . . . : isatap.domain.actdsltmp
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.101%10(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 93.188.166.105
93.188.161.105
1.2.3.4
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: 93.188.166.105.static.ukrtelegroup.com.ua
Address: 93.188.166.105:53

Name: google.com
Addresses: 74.125.113.105, 74.125.113.106, 74.125.113.99, 74.125.113.104
74.125.113.103, 74.125.113.147

Server: 93.188.166.105.static.ukrtelegroup.com.ua
Address: 93.188.166.105:53

Name: yahoo.com
Addresses: 67.195.160.76, 72.30.2.43, 98.137.149.56, 209.191.122.70
69.147.125.65



Pinging google.com [74.125.226.113] with 32 bytes of data:



Reply from 74.125.226.113: bytes=32 time=140ms TTL=55

Reply from 74.125.226.113: bytes=32 time=139ms TTL=55



Ping statistics for 74.125.226.113:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 139ms, Maximum = 140ms, Average = 139ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=149ms TTL=53

Reply from 209.191.122.70: bytes=32 time=146ms TTL=52



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 146ms, Maximum = 149ms, Average = 147ms

===========================================================================
Interface List
8 ...00 1b fc b4 5f 45 ...... Intel® 82566DC-2 Gigabit Network Connection
1 ........................... Software Loopback Interface 1
9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
10 ...00 00 00 00 00 00 00 e0 isatap.domain.actdsltmp
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.101 276
192.168.1.101 255.255.255.255 On-link 192.168.1.101 276
192.168.1.255 255.255.255.255 On-link 192.168.1.101 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.101 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.101 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
9 18 ::/0 On-link
1 306 ::1/128 On-link
9 18 2001::/32 On-link
9 266 2001:0:4137:9e76:285f:ce2:3f57:fe9a/128
On-link
8 276 fe80::/64 On-link
9 266 fe80::/64 On-link
10 281 fe80::5efe:192.168.1.101/128
On-link
9 266 fe80::285f:ce2:3f57:fe9a/128
On-link
8 276 fe80::8533:9342:83df:3867/128
On-link
1 306 ff00::/8 On-link
9 266 ff00::/8 On-link
8 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

Hey this is the new batch file DNS flush did not run correctly.
Problem is still occurring.
Thanks,
Michael

Windows IP Configuration

Host Name . . . . . . . . . . . . : Michael-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.actdsltmp

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : domain.actdsltmp
Description . . . . . . . . . . . : Intel® 82566DC-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-1B-FC-B4-5F-45
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8533:9342:83df:3867%8(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, April 09, 2011 12:33:47 AM
Lease Expires . . . . . . . . . . : Sunday, April 10, 2011 12:33:48 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201333756
DNS Servers . . . . . . . . . . . : 93.188.166.105
93.188.161.105
1.2.3.4
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:285f:ce2:3f57:fe9a(Preferred)
Link-local IPv6 Address . . . . . : fe80::285f:ce2:3f57:fe9a%9(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . : domain.actdsltmp
Description . . . . . . . . . . . : isatap.domain.actdsltmp
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.101%10(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 93.188.166.105
93.188.161.105
1.2.3.4
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: 93.188.166.105.static.ukrtelegroup.com.ua
Address: 93.188.166.105:53

Name: google.com
Addresses: 74.125.113.105, 74.125.113.106, 74.125.113.99, 74.125.113.104
74.125.113.103, 74.125.113.147

Server: 93.188.166.105.static.ukrtelegroup.com.ua
Address: 93.188.166.105:53

Name: yahoo.com
Addresses: 67.195.160.76, 72.30.2.43, 98.137.149.56, 209.191.122.70
69.147.125.65



Pinging google.com [74.125.226.113] with 32 bytes of data:



Reply from 74.125.226.113: bytes=32 time=140ms TTL=55

Reply from 74.125.226.113: bytes=32 time=139ms TTL=55



Ping statistics for 74.125.226.113:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 139ms, Maximum = 140ms, Average = 139ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=149ms TTL=53

Reply from 209.191.122.70: bytes=32 time=146ms TTL=52



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 146ms, Maximum = 149ms, Average = 147ms

===========================================================================
Interface List
8 ...00 1b fc b4 5f 45 ...... Intel® 82566DC-2 Gigabit Network Connection
1 ........................... Software Loopback Interface 1
9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
10 ...00 00 00 00 00 00 00 e0 isatap.domain.actdsltmp
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.101 276
192.168.1.101 255.255.255.255 On-link 192.168.1.101 276
192.168.1.255 255.255.255.255 On-link 192.168.1.101 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.101 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.101 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
9 18 ::/0 On-link
1 306 ::1/128 On-link
9 18 2001::/32 On-link
9 266 2001:0:4137:9e76:285f:ce2:3f57:fe9a/128
On-link
8 276 fe80::/64 On-link
9 266 fe80::/64 On-link
10 281 fe80::5efe:192.168.1.101/128
On-link
9 266 fe80::285f:ce2:3f57:fe9a/128
On-link
8 276 fe80::8533:9342:83df:3867/128
On-link
1 306 ff00::/8 On-link
9 266 ff00::/8 On-link
8 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#14 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,415
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 09 April 2011 - 01:26 PM

Hello

The DNS has not changed -

How Have you been resetting the router?

What is the brand and modle of the router?


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#15 User is offline   mschlotman 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 16
  • Joined: 28-March 11

Posted 09 April 2011 - 10:27 PM

both of the two I put up are the same?
Actionstec GT701 WG

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users