Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Redirection, Blocked links HJT Log inside


  • This topic is locked This topic is locked
2 replies to this topic

#1 ccoffice

ccoffice

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 30 November 2010 - 12:45 PM

As the title states, I have a PC that is getting redirectes from google search links and blocked sites that can be accessed from a different PC on the same network. Below is the HJT and DDS. This is still happening after running Malwarebytes with a clean bill of health.

Thanks for he help!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:50:02 AM, on 11/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\WAC\psksvc.exe
C:\Program Files\Panda Security\WAC\pavsrvx86.exe
C:\Program Files\Panda Security\WAC\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Panda Security\WAC\PSCtrlC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\WAC\PsCtrlS.exe
C:\Program Files\Panda Security\WaAgent\Scheduler\PavSched.exe
C:\Program Files\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\WAC\PSIMSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\WaAgent\WasAgent\WasAgent.exe
C:\Program Files\Panda Security\WaAgent\WasWD\WasWD.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Panda Security\WAC\WebProxy.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Documents and Settings\Owner\Desktop\remhelp.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Panda Software Controller Client] "C:\Program Files\Panda Security\WAC\PSCtrlC.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: data-cdn.mbamupdates.com
O15 - Trusted Zone: http://www.newmangarciastudio.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290020004703
O16 - DPF: {B2CE1141-A155-4521-8A85-F374C0A780A9} (Fiserv BANKLINK Panini VisionX Scanner Control) - https://www.cvcb.blilk.com/RemoteDeposit/Fiserv.BANKLINK.ScannerControl.Panini.VisionX.8.2.1.0.CAB
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Security - C:\Program Files\Panda Security\WAC\PsCtrlS.exe
O23 - Service: Panda Endpoint Scheduler (PavAt3Scheduler) - Panda Security - C:\Program Files\Panda Security\WaAgent\Scheduler\PavSched.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\WAC\pavsrvx86.exe
O23 - Service: Panda Endpoint Local Process Manager (PavWASLpMng) - Panda Security - C:\Program Files\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
O23 - Service: Panda Imanager Service (PSImSvc) - Panda Security S.L. - C:\Program Files\Panda Security\WAC\PSIMSVC.EXE
O23 - Service: Panda Kernel Service (PskSvc) - Panda Software International - C:\Program Files\Panda Security\WAC\psksvc.exe
O23 - Service: Panda Endpoint Communications Agent (WASAgent) - Panda Security - C:\Program Files\Panda Security\WaAgent\WasAgent\WasAgent.exe
O23 - Service: Panda Endpoint Watchdog (WASWD) - Panda Security - C:\Program Files\Panda Security\WaAgent\WasWD\WasWD.exe

--
End of file - 8507 bytes



DDS (Ver_10-11-27.01) - NTFSx86
Run by Owner at 9:07:26.42 on Tue 11/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.898 [GMT -8:00]

AV: Panda Endpoint Protection *On-access scanning enabled* (Updated) {3503ACDE-020C-4FD4-BD8E-D011C03E7677}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Panda Security\WAC\psksvc.exe
C:\Program Files\Panda Security\WAC\pavsrvx86.exe
C:\Program Files\Panda Security\WAC\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Panda Security\WAC\PSCtrlC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Panda Security\WAC\PsCtrlS.exe
C:\Program Files\Panda Security\WaAgent\Scheduler\PavSched.exe
C:\Program Files\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Panda Security\WAC\PSIMSVC.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Panda Security\WaAgent\WasAgent\WasAgent.exe
C:\Program Files\Panda Security\WaAgent\WasWD\WasWD.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Panda Security\WAC\WebProxy.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Documents and Settings\Owner\Desktop\remhelp.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Owner\Desktop\remhelp.exe
C:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Panda Software Controller Client] "c:\program files\panda security\wac\PSCtrlC.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\panda security\wac\pavlsp.dll
Trusted Zone: mbamupdates.com\data-cdn
Trusted Zone: newmangarciastudio.com\www
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290020004703
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {B2CE1141-A155-4521-8A85-F374C0A780A9} - hxxps://www.cvcb.blilk.com/RemoteDeposit/Fiserv.BANKLINK.ScannerControl.Panini.VisionX.8.2.1.0.CAB
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [2010-11-19 59080]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-18 304464]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\wac\PsCtrlS.exe [2010-6-10 331072]
R2 PavAt3Scheduler;Panda Endpoint Scheduler;c:\program files\panda security\waagent\scheduler\PavSched.exe [2009-9-17 140544]
R2 PavSrv;Panda Antivirus Service;c:\program files\panda security\wac\pavsrvx86.exe [2010-5-28 314176]
R2 PavWASLpMng;Panda Endpoint Local Process Manager;c:\program files\panda security\waagent\waslpmng\WASLPMNG.exe [2009-9-17 295680]
R2 PskSvc;Panda Kernel Service;c:\program files\panda security\wac\psksvc.exe [2010-3-31 27904]
R2 WASAgent;Panda Endpoint Communications Agent;c:\program files\panda security\waagent\wasagent\WasAgent.exe [2009-12-31 320768]
R2 WASWD;Panda Endpoint Watchdog;c:\program files\panda security\waagent\waswd\WasWD.exe [2009-9-17 206080]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2009-4-6 37376]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-18 20952]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-11-18 38224]
R3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2008-4-3 80256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2007-7-27 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-11-30 17:06:48 630272 ----a-w- C:\dds.scr
2010-11-30 16:03:55 -------- d-----w- c:\windows\system32\NtmsData
2010-11-26 02:02:53 -------- d-----w- c:\program files\Canon
2010-11-26 00:54:16 94208 ----a-r- c:\windows\system32\CNDCK189.dll
2010-11-26 00:54:16 40960 ----a-w- c:\windows\system32\CNDNDlg.exe
2010-11-26 00:54:16 163840 ----a-r- c:\windows\system32\CNDUK189.dll
2010-11-26 00:54:16 127059 ----a-r- c:\windows\system32\DSLLK189.dll
2010-11-25 21:24:34 -------- d-----w- c:\program files\Carbonite
2010-11-25 21:24:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\Carbonite
2010-11-23 02:50:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-23 02:50:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-23 02:27:58 3911345 ----a-w- C:\com.com
2010-11-22 21:17:57 -------- d-----w- C:\qa
2010-11-22 20:53:53 -------- d-----w- c:\program files\trend micro
2010-11-22 20:52:54 339991 ----a-w- C:\RSIT.exe
2010-11-19 19:01:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Sentinel
2010-11-19 19:01:07 59080 ----a-w- c:\windows\system32\drivers\amm8651.sys
2010-11-19 18:37:45 6035456 ----a-w- C:\WAAgentSRFL.msi
2010-11-19 18:34:50 6163216 ----a-w- C:\mbam-rules.exe
2010-11-19 18:30:05 -------- d-----w- c:\windows\system32\appmgmt
2010-11-19 03:15:00 65536 ----a-w- c:\windows\system32\Fiserv.BANKLINK.CARLAR.dll
2010-11-18 18:51:19 -------- d-sha-r- C:\cmdcons
2010-11-18 18:49:41 89088 ----a-w- c:\windows\MBR.exe
2010-11-18 18:49:38 98816 ----a-w- c:\windows\sed.exe
2010-11-18 18:49:38 256512 ----a-w- c:\windows\PEV.exe
2010-11-18 18:49:38 161792 ----a-w- c:\windows\SWREG.exe
2010-11-18 18:39:12 -------- d-----w- c:\program files\Belkin Bulldog Plus
2010-11-18 18:32:54 12854108 ----a-w- C:\bulldogplussetup.exe
2010-11-18 18:20:11 1445888 ----a-w- C:\WinsockxpFix.exe
2010-11-18 18:01:08 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-11-18 18:01:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-18 18:01:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-18 18:01:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-18 18:01:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-17 23:17:00 -------- d-----w- c:\program files\MSXML 4.0
2010-11-17 23:15:32 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Temp
2010-11-17 23:15:28 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Google
2010-11-17 23:14:30 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Deployment
2010-11-17 22:46:53 -------- d-----w- c:\docume~1\owner\applic~1\Office Genuine Advantage
2010-11-17 22:30:26 -------- d-----w- C:\worthha
2010-11-17 22:30:19 -------- d-----w- C:\worthfa
2010-11-17 22:30:07 -------- d-----w- C:\Sunrise
2010-11-17 22:29:57 -------- d-----w- C:\luckysta
2010-11-17 22:29:51 -------- d-----w- C:\lonestar
2010-11-17 22:29:41 -------- d-----w- C:\famous
2010-11-17 22:29:29 -------- d-----w- C:\downloads
2010-11-17 22:18:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\WEBREG
2010-11-17 22:15:53 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\HP
2010-11-17 22:14:06 319488 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp02t.dll
2010-11-17 22:14:05 125440 ----a-w- c:\windows\system32\hpf3l02t.dll
2010-11-17 22:12:36 -------- d-----w- c:\program files\Microsoft
2010-11-17 22:11:16 -------- d-----w- c:\docume~1\owner\applic~1\HpUpdate
2010-11-17 22:08:33 -------- d-----w- c:\program files\common files\HP
2010-11-17 22:08:30 -------- d-----w- c:\program files\common files\Hewlett-Packard
2010-11-17 22:06:48 454504 ----a-w- c:\windows\system32\hpzids01.dll
2010-11-17 22:06:46 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2010-11-17 22:06:45 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-11-17 22:06:45 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-11-17 22:06:43 970752 ----a-w- c:\windows\system32\hpwtiop4.dll
2010-11-17 22:06:43 718336 ----a-w- c:\windows\system32\hpwwiax5.dll
2010-11-17 22:06:43 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2010-11-17 22:06:43 309760 ----a-w- c:\windows\system32\difxapi.dll
2010-11-17 22:06:43 294912 ----a-w- c:\windows\system32\hpovst11.dll
2010-11-17 22:06:17 -------- d-----w- c:\program files\HP
2010-11-17 22:06:13 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-11-17 22:06:13 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-11-17 21:58:11 -------- d-----w- c:\documents and settings\owner\Lindsey's past
2010-11-17 21:55:03 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-11-17 21:55:03 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-11-17 21:54:52 -------- d--h--w- c:\windows\PIF
2010-11-17 21:52:19 630784 ----a-w- c:\windows\system32\softcoin.dll
2010-11-17 21:52:19 425984 ----a-w- c:\windows\system32\gencoin.dll
2010-11-17 21:52:18 67072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMACIL4C.DLL
2010-11-17 21:52:18 -------- d-----w- C:\Lexmark
2010-11-17 21:50:01 27792 ----a-w- c:\windows\system32\drivers\point32.sys
2010-11-17 21:49:31 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-11-17 21:48:51 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-11-17 21:48:49 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2010-11-17 21:48:49 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2010-11-17 21:48:25 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-11-17 21:46:45 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2010-11-17 21:46:45 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-11-17 21:46:43 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-11-17 21:46:43 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-11-17 21:37:29 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-11-17 21:37:29 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-11-17 20:00:22 -------- d-----w- c:\program files\common files\Windows Live
2010-11-17 19:17:01 -------- d-----w- C:\f8d66654a256c866b4
2010-11-17 19:16:53 -------- d-----w- c:\windows\SxsCaPendDel
2010-11-17 19:02:12 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-17 19:02:12 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-11-17 18:38:23 -------- d-sh--r- c:\windows\PSICache
2010-11-17 18:38:10 -------- d-----w- c:\program files\Panda Security
2010-11-17 18:23:34 -------- d-----w- c:\windows\pss
2010-11-17 18:14:30 -------- d-----w- c:\windows\system32\winrm
2010-11-17 18:14:28 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-11-17 18:12:49 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Identities
2010-11-17 18:12:47 -------- d-----w- c:\docume~1\owner\applic~1\Windows Desktop Search
2010-11-17 18:12:31 -------- d-----w- c:\windows\system32\GroupPolicy
2010-11-17 18:12:31 -------- d-----w- c:\program files\Windows Desktop Search
2010-11-17 18:11:55 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2010-11-17 18:11:55 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2010-11-17 18:11:54 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2010-11-17 18:11:44 -------- d-----w- c:\windows\NV29841216.TMP
2010-11-17 18:10:13 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2010-11-17 18:09:55 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-11-17 18:09:55 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-17 18:09:05 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-11-17 18:02:19 726528 ------w- c:\windows\system32\SET39F.tmp
2010-11-17 17:46:56 -------- d-sh--w- c:\documents and settings\owner\IECompatCache
2010-11-17 17:46:45 -------- d-sh--w- c:\documents and settings\owner\PrivacIE
2010-11-17 17:40:29 -------- d-----w- c:\windows\SHELLNEW
2010-11-17 17:40:11 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Microsoft Help
2010-11-17 17:38:39 -------- d-sh--w- c:\documents and settings\owner\IETldCache
2010-11-17 17:26:07 -------- d-----w- c:\windows\ie8updates
2010-11-17 17:24:03 -------- dc-h--w- c:\windows\ie8
2010-11-17 17:22:27 13312 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-11-17 17:22:25 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-11-17 17:22:24 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-17 17:22:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-17 16:44:53 44928 ------w- c:\windows\system32\drivers\agpcpq.sys
2010-11-17 16:43:50 19569 ----a-w- c:\windows\003390_.tmp
2010-11-17 16:33:27 -------- d-----w- c:\windows\ServicePackFiles
2010-11-17 00:08:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-11-17 00:08:00 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-11-17 00:03:13 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-11-16 23:57:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-11-16 23:54:07 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-11-16 23:53:51 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-11-16 23:53:51 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-11-16 21:23:07 -------- d-----w- C:\OldSys
2010-11-12 18:46:58 4280320 ----a-w- c:\windows\system32\GPhotos.scr

==================== Find3M ====================

2010-11-17 18:27:36 240592 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-11-17 18:27:36 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-11-17 18:27:34 240592 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-10-16 20:04:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-10-16 20:04:16 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-10-16 20:04:16 13851752 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 20:04:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 20:04:14 156776 ----a-w- c:\windows\system32\nvsvc32.exe
2010-10-16 20:04:14 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-10-16 18:55:00 888424 ----a-w- c:\windows\system32\nvdispco32.dll
2010-10-16 18:55:00 813672 ----a-w- c:\windows\system32\nvgenco32.dll
2010-10-16 18:55:00 6359552 ----a-w- c:\windows\system32\nv4_disp.dll
2010-10-16 18:55:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55:00 4882432 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55:00 2932840 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55:00 2293194 ----a-w- c:\windows\system32\nvdata.bin
2010-10-16 18:55:00 1462272 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55:00 14532608 ----a-w- c:\windows\system32\nvoglnt.dll
2010-10-16 18:55:00 13012992 ----a-w- c:\windows\system32\nvcompiler.dll
2010-09-18 20:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl

============= FINISH: 9:08:56.59 ===============

BC AdBot (Login to Remove)

 


#2 ccoffice

ccoffice
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 30 November 2010 - 03:12 PM

Issue Resolved.

It was a hardware attack. Client bought a router and did not change the default password. DNS servers were changed within the router.

Solution - Log into router, reset DNS servers, Reset Password, log out of router. IPCONFIG/FlushDNS, ipconfig/release, ipconfig/renew to get new DNS settings and it is good to go.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 PM

Posted 05 December 2010 - 07:53 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users