Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cmd.exe problem


  • This topic is locked This topic is locked
26 replies to this topic

#1 struckdumb1

struckdumb1

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 07 June 2010 - 02:44 PM

Hi there,

I have been following the instructions here: http://www.bleepingcomputer.com/forums/ind...p;#entry1789860 from which I was referred.

As the post shows I picked up a virus that went into action upon connecting to the internet.
Have run the scans advised on that thread thanks to boopme's kind advice.
Problem still there - so here is my DDS log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Paul at 20:24:33.48 on 07/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1455 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\Explorer.EXE
svchost.exe "C:\WINDOWS\system32\adsldpcl.exe"
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\emaudsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
D:\Documents and Settings\Paul.049759620338.001\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hotmail.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus Photo RX560 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibpe.exe /fu "d:\docume~1\paul04~1.001\locals~1\temp\E_S22.tmp" /EF "HKCU"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [Ulead AutoDetector v2] c:\program files\common files\ulead systems\autodetector\monitor.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
mRun: [ACTIVBOARD] c:\apps\aboard\ABoard.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: d:\docume~1\paul04~1.001\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: d:\documents and settings\paul.049759620338.001\start menu\programs\startup\sisytj32.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241869433406
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: {4B4D751D-B01F-40D4-A243-C71AF076A43B} = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-8 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-8 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-8 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-14 308064]
R2 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [2009-5-8 10240]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-4-7 799744]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-4-7 7040]
S2 C-DillaCdaC11BARemoteRegistry;C-DillaCdaC11BA C-DillaCdaC11BARemoteRegistry;c:\windows\system32\adsldpcl.exe srv --> c:\windows\system32\adsldpcl.exe srv [?]
S2 RSVPBrowser;QoS RSVP RSVPBrowser;c:\windows\system32\2862075037a.exe srv --> c:\windows\system32\2862075037a.exe srv [?]
S2 UleadBurningHelperWmdmPmSN;Ulead Burning Helper UleadBurningHelperWmdmPmSN;c:\windows\system32\34coinstallerd.exe srv --> c:\windows\system32\34CoInstallerd.exe srv [?]
S3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\drivers\emusba10.sys [2009-5-8 142208]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\13.tmp --> c:\windows\system32\13.tmp [?]
S3 Rdcsrmc;Rdcsrmc;c:\windows\system32\drivers\classpnp.sys [2004-9-10 49536]

=============== Created Last 30 ================

2010-06-07 19:22:14 0 -c--a-w- d:\documents and settings\paul.049759620338.001\defogger_reenable
2010-06-07 18:40:16 0 d-sh--w- c:\windows\system32\lowsec
2010-06-06 19:49:54 0 dc----w- d:\docume~1\paul04~1.001\applic~1\SUPERAntiSpyware.com
2010-06-06 19:49:54 0 dc----w- d:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-06-06 19:49:36 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-05 19:39:48 145 --s-a-w- c:\windows\system32\2862075037.dat

==================== Find3M ====================

2010-06-03 07:39:50 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-29 14:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-14 08:56:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ------w- c:\windows\system32\dllcache\vbscript.dll
2009-08-06 18:03:48 804 ----a-w- c:\program files\tgrpfbn.txt
2009-05-09 19:10:39 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-05-09 19:10:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009050920090510\index.dat

============= FINISH: 20:25:29.56 ===============

Edited by Orange Blossom, 07 June 2010 - 06:53 PM.
Added clarifying clause ~ OB


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:15 AM

Posted 10 June 2010 - 04:06 PM

Hi struckdumb1,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications. They may otherwise interfere with the tool. (Information on A/V control HERE)
  • Double click on ComboFix.exe & follow the prompts.
  • You will get a warning about the not trusted download sites for ComboFix, click Yes.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.

#3 struckdumb1

struckdumb1
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 10 June 2010 - 05:11 PM

First off - many thanks for the fine work you put into helping those like myself - your time and effort are very much appreciated.

I have run combo fix and the log is as follows (in 2 parts as too long to fit in one message) :

ComboFix 10-06-10.03 - Paul 10/06/2010 22:38:42.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1441 [GMT 1:00]
Running from: K:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\2862075037.dat
c:\windows\system32\2862075037a.exe
c:\windows\system32\34CoInstallerd.exe
c:\windows\system32\adsldpcl.exe
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\sdra64.exe
c:\windows\system32\Thumbs.db
d:\documents and settings\Paul.049759620338.001\Start Menu\Programs\Startup\sisytj32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_C-DILLACDAC11BAREMOTEREGISTRY
-------\Legacy_RSVPBROWSER
-------\Legacy_ULEADBURNINGHELPERWMDMPMSN
-------\Service_C-DillaCdaC11BARemoteRegistry
-------\Service_RSVPBrowser
-------\Service_UleadBurningHelperWmdmPmSN


((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 )))))))))))))))))))))))))))))))
.

2010-06-06 19:49 . 2010-06-06 19:49 -------- dc----w- d:\documents and settings\Paul.049759620338.001\Application Data\SUPERAntiSpyware.com
2010-06-06 19:49 . 2010-06-06 19:49 -------- dc----w- d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-06 19:49 . 2010-06-06 19:49 -------- d-----w- c:\program files\SUPERAntiSpyware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-07 18:41 . 2010-06-07 18:41 4 -c--a-w- c:\windows\system32\config\systemprofile\Application Data\dhxiuw.dat
2010-06-06 19:08 . 2009-08-05 08:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-06 16:37 . 2010-06-06 16:37 4 -c--a-w- d:\documents and settings\LocalService\Application Data\dhxiuw.dat
2010-06-05 07:23 . 2009-12-07 13:46 -------- dc----w- d:\documents and settings\All Users\Application Data\e-onsoftware
2010-06-04 16:12 . 2009-05-08 07:09 -------- dc----w- d:\documents and settings\Paul.049759620338.001\Application Data\FileZilla
2010-06-04 12:55 . 2009-11-10 17:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 07:39 . 2009-05-07 23:32 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 07:39 . 2009-05-07 23:32 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-26 20:37 . 2009-12-06 21:05 -------- dc----w- d:\documents and settings\Paul.049759620338.001\Application Data\e-on software
2010-05-09 21:40 . 2009-05-30 19:35 -------- dc----w- d:\documents and settings\Paul.049759620338.001\Application Data\Spotify
2010-04-29 14:39 . 2009-08-05 08:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2009-08-05 08:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-14 08:56 . 2010-03-14 08:56 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-14 08:55 . 2009-05-07 23:32 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-06 18:03 . 2009-08-06 18:03 804 ----a-w- c:\program files\tgrpfbn.txt
.

((((((((((((((((((((((((((((( SnapShot@2009-08-06_18.22.50 )))))))))))))))))))))))))))))))))))))))))

Edited by farbar, 10 June 2010 - 05:26 PM.
Shortened the log for easy reference.


#4 struckdumb1

struckdumb1
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 10 June 2010 - 05:13 PM

Combofix log part 2:



-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SMSERIAL"="sm56hlpr.exe" [2005-10-18 557056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"nwiz"="nwiz.exe" [2008-09-17 1657376]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-04-07 26112]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\Paul.049759620338.001\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-14 08:56 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08/05/2009 00:32 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [08/05/2009 00:32 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [14/03/2010 09:55 308064]
R2 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [08/05/2009 09:09 10240]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [07/04/2006 10:38 799744]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [07/04/2006 10:40 7040]
S3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\drivers\emusba10.sys [08/05/2009 09:09 142208]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\13.tmp --> c:\windows\system32\13.tmp [?]
S3 Rdcsrmc;Rdcsrmc;c:\windows\system32\drivers\classpnp.sys [10/09/2004 14:56 49536]
.
Contents of the 'Scheduled Tasks' folder

2010-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-06-10 c:\windows\Tasks\User_Feed_Synchronization-{02C7664F-ED13-4343-8563-8040823B1A43}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
TCP: {4B4D751D-B01F-40D4-A243-C71AF076A43B} = 192.168.0.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-10 22:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\13.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3936)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\sm56hlpr.exe
c:\windows\RTHDCPL.EXE
c:\apps\ABoard\AOSD.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-10 22:52:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-10 21:52
ComboFix2.txt 2009-08-06 18:24

Pre-Run: 14,133,575,680 bytes free
Post-Run: 14,073,270,272 bytes free

- - End Of File - - DC81B9B35E278398E3A1A3D6BA8501BB






Once my PC is sorted - I would like to update my virus and malware protection - perhaps you might suggest improved protection for me that could have prevented this attack.
I am currently using AVG but thinking of shifting to Avast or perhaps paying for the Malwarebytes programme.
Any thoughts would be appreciated.
Once again - thank you so much,

Paul

Edited by farbar, 10 June 2010 - 05:27 PM.
Shortened the log for easy reference.


#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:15 AM

Posted 10 June 2010 - 05:34 PM

We will look into improving security later on.
  1. Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box (without the word CODE) into a new file:


    CODE
    @ECHO OFF
    Reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /f
    Reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
    proxycfg -d

    • Go to the File menu at the top of the Notepad and select Save as.
    • Select Save in: desktop
    • Fill in File name: fix.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate fix.bat on the desktop. It should look like this:
    • Double-click to run it.
    • A window flashes, this is normal.

  2. Make sure the following setting is set as it is supposed to be set:
    • Go to Start -> Control Panel -> Double click on Network Connections.
    • Right click on your default connection (usually Local Area Connection) and select Properties.
    • Select the General tab.
    • Double click on Internet Protocol (TCP/IP).
      Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".
    • Click OK twice to save the settings.
    • Reboot if you had to change any setting.

  3. Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




#6 struckdumb1

struckdumb1
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 11 June 2010 - 12:55 AM

Hi -wasn't connected to web during this - hope that doesn't matter.

Just updated Malwarebyte 2 or 3 days back - so not updated today.

The log is as follows:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/06/2010 06:49:37
mbam-log-2010-06-11 (06-49-37).txt

Scan type: Quick scan
Objects scanned: 140912
Time elapsed: 5 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:15 AM

Posted 11 June 2010 - 07:13 AM

Please update MBAM fully as it is way behind the current update and redo the scan.

#8 struckdumb1

struckdumb1
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 11 June 2010 - 07:58 AM

Hi - don't seem able to connect that PC to web with things as they are.
Has something that I changed stopped connection - the obtain automatically settings alteration perhaps?

In order to proceed I have had to re-enter the manual IP settings in my network connections.
This got me back on the web.
I have now updated MBAM and scan is proceeding.

Incidentally - the PC we are talking about is my desktop.
My laptop that I am using to speak with you - has become slow during this time.
Have just scanned with MBAM quick scan and found nothing - running full scan now.

Paul

Edited by struckdumb1, 11 June 2010 - 09:06 AM.


#9 struckdumb1

struckdumb1
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 11 June 2010 - 08:45 AM

So here is the latest scan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4189

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/06/2010 14:39:21
mbam-log-2010-06-11 (14-39-21).txt

Scan type: Quick scan
Objects scanned: 148437
Time elapsed: 5 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:15 AM

Posted 11 June 2010 - 09:54 AM

Let's have a full system check.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push



#11 struckdumb1

struckdumb1
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 11 June 2010 - 12:13 PM

Sorry - when I try to scan it keeps returning to the tick the agree to terms box even though I have already ticked it.
Needs to be run as admistrator?
How do I do that?

Paul

Edited by struckdumb1, 11 June 2010 - 12:15 PM.


#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:15 AM

Posted 11 June 2010 - 12:53 PM

This is not a Vista and when you are logged in with an account having administrative rights it should work.

Let's check some settings to make sure.
  1. Make sure the following setting is set as it is supposed to be set:
    • Go to Start -> Control Panel -> Double click on Network Connections.
    • Right click on your default connection (usually Local Area Connection) and select Properties.
    • Select the General tab.
    • Double click on Internet Protocol (TCP/IP).
      Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".
    • Click OK twice to save the settings.
    • Reboot if you had to change any setting.

  2. Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:


    CODE
    @echo off
    >Log1.txt (
    ipconfig /all
    nslookup google.com
    nslookup yahoo.com
    ping -n 2 google.com
    ping -n 2 yahoo.com
    route print
    )
    start Log1.txt
    del %0

    • Go to the File menu at the top of the Notepad and select Save as.
    • Select save in: desktop
    • Fill in File name: test.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate and double-click test.bat on the desktop.
    • A notepad opens, attach the log (log1.txt) to your reply.


#13 struckdumb1

struckdumb1
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 11 June 2010 - 01:03 PM

When I
Select "Obtain an IP address automatically".
Select "Obtain DNS server address automatically".
This cuts off my internet connection - only seems happy with specific IP addresses in place.

I have put back in my IP address as before and run the test.bat.
Log is:

Windows IP Configuration



Host Name . . . . . . . . . . . . : 049759620338

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-14-85-72-45-C9

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.0.13

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Server: myrouter.home
Address: 192.168.0.1

Name: google.com
Addresses: 66.102.9.147, 66.102.9.99, 66.102.9.103, 66.102.9.104
66.102.9.105, 66.102.9.106

Server: myrouter.home
Address: 192.168.0.1

Name: yahoo.com
Addresses: 72.30.2.43, 98.137.149.56, 209.191.122.70, 67.195.160.76
69.147.125.65



Pinging google.com [66.102.9.106] with 32 bytes of data:



Reply from 66.102.9.106: bytes=32 time=46ms TTL=55

Reply from 66.102.9.106: bytes=32 time=47ms TTL=55



Ping statistics for 66.102.9.106:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 46ms, Maximum = 47ms, Average = 46ms



Pinging yahoo.com [69.147.125.65] with 32 bytes of data:



Reply from 69.147.125.65: bytes=32 time=105ms TTL=55

Reply from 69.147.125.65: bytes=32 time=107ms TTL=55



Ping statistics for 69.147.125.65:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 105ms, Maximum = 107ms, Average = 106ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 14 85 72 45 c9 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.13 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.13 192.168.0.13 20
192.168.0.0 255.255.255.0 192.168.0.13 192.168.0.13 20
192.168.0.13 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.13 192.168.0.13 20
224.0.0.0 240.0.0.0 192.168.0.13 192.168.0.13 20
255.255.255.255 255.255.255.255 192.168.0.13 192.168.0.13 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None



Incidentally - I still have virus protection switched off - is that correct?

Cheers

Paul

Edited by struckdumb1, 11 June 2010 - 01:15 PM.


#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:15 AM

Posted 11 June 2010 - 01:12 PM

Leave your static IP address as it is and tell me if you reconize the IP. Also tell me if there are numbers in DNS section, if yes what are they?

Your AV should be enabled. When you scan with ESET it could be disabled.

#15 struckdumb1

struckdumb1
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 11 June 2010 - 01:22 PM

Yes I recognise the numbers - I put them in manually after contacting my service provider.
Numbers in DNS section Preferred Server 192.168.0.1
Nothing in Alternate DNS Server.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users