Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Being redirected in Google search


  • This topic is locked This topic is locked
25 replies to this topic

#1 minggnim

minggnim

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 30 December 2010 - 07:38 AM

When using Google to search, I'm constantly being redirected to "clicks.fastgetonline" and similar sites.
DDS (Ver_10-12-12.02) - NTFSx86
Run by Michael at 6:25:58.50 on Thu 12/30/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22

============== Running Processes ===============


============== Pseudo HJT Report ===============

mStart Page = about:blank
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = actsvr.comcastonline.com
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [LXDBCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXDBtime.dll,_RunDLLEntry@16
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: state.il.us\www.ides
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michael\applic~1\mozilla\firefox\profiles\eiife116.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

============= SERVICES / DRIVERS ===============

R? GEST Service;GEST Service for program management.
R? VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter
S? {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}
S? avp;Kaspersky Internet Security
S? CLBStor;InstantBurn Storage Helper Driver
S? CLBUDF;CyberLink InstantBurn UDF Filesystem
S? kl1;kl1
S? klbg;Kaspersky Lab Boot Guard Driver
S? KLFLTDEV;Kaspersky Lab KLFltDev
S? klif;Kaspersky Lab Driver
S? klim5;Kaspersky Anti-Virus NDIS Filter
S? lxdb_device;lxdb_device
S? VBoxDrv;VirtualBox Service
S? VBoxNetFlt;VBoxNetFlt Service
S? VBoxUSBMon;VirtualBox USB Monitor Driver

=============== Created Last 30 ================

2020-03-07 15:56:49 -------- d-----w- c:\docume~1\michael\applic~1\OrgPlus8
2020-03-07 15:56:47 73728 ----a-r- c:\docume~1\michael\applic~1\microsoft\installer\{276605ed-dedf-4f8d-ac4f-56f72efd5014}\ARPPRODUCTICON.exe
2020-03-07 15:56:38 -------- d-----w- c:\program files\common files\HumanConcepts
2020-03-07 15:56:07 -------- d-----w- c:\program files\HumanConcepts
2010-12-09 23:02:19 81920 --sha-r- c:\windows\system32\ntdos4121.dll
2010-12-06 00:29:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-06 00:29:03 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

==================== Find3M ====================

2010-12-26 00:24:28 16608 ----a-w- c:\windows\gdrv.sys

============= FINISH: 6:27:00.12 ===============

==== Installed Programs ======================

3D Sea Aquarium
Absolute Video Splitter Joiner 1.6.0
Adobe AIR
Adobe Anchor Service CS4
Adobe Audition 3.0
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Common File Installer
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 Plugin
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop 7.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Anime Studio Pro 5.6
Apophysis 2.0
Apple Application Support
Apple Software Update
Audacity 1.2.6
Bodog Casino
Boilsoft Video Joiner 5.16
Boilsoft Video Splitter 5.01
Bryce 6
Bryce Lightning 2.0 b
Camtasia Studio 6
CCleaner
Comic Life
ComicRack v0.9.113
Connect
Corel VideoStudio 12
Corel VideoStudio Pro X2
CyberLink BD Advisor 2.0
CyberLink DVD Suite
CyberLink InstantBurn
CyberLink LabelPrint
CyberLink MediaShow
CyberLink PhotoNow
CyberLink Power2Go
CyberLink PowerBackup
CyberLink PowerDirector
CyberLink PowerDVD 8
CyberLink PowerDVD Copy
CyberLink PowerProducer
DAZ Studio
DVD Decrypter (Remove Only)
DVD Flick 1.3.0.7
DVD Shrink 3.2
Energy Saver Advance B8.1015.1
Gold Wave Editor v10.0.1
High Definition Audio Driver Package - KB888111
HP PrecisionScan LT Software
HumanConcepts OrgPlus 8
HumanConcepts OrgPlus 8 Plug-in
HyperCam 2
Interlok driver setup x32
IsoBuster 0.99.7.4
iZotope iDrum
iZotope iDrum Factory Content
iZotope Ozone Free 1.0 for Winamp
Java Auto Updater
Java™ 6 Update 22
K-Lite Mega Codec Pack 5.9.0
Kaspersky Internet Security 2009
kuler
LAME v3.98.2 for Audacity
Lexmark 840 Series
Lightning Storm Premium Screen Saver
LightScribe System Software 1.14.19.1
Living 3D Fireplace Full Screen Saver
Mathematica Player (M-WIN-D 7.0.1 1223367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC80 Support DLLs
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Moffsoft FreeCalc
Mozilla Firefox (3.6.13)
MSXML 4.0 SP3 Parser
MSXML 6.0 Parser
Nero 8
neroxml
NewsLeecher v3.9 Final
NoteTab Light 6 (Remove only)
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
P3dO Explorer (remove only)
Paint Shop Pro 7
particleIllusion 3.0
particleIllusion 3.0.2
PDF Settings CS4
Penguin 2.0
Photoshop Camera Raw
Pixel Bender Toolkit
Poser 4
Poser 4 Memory Update
QuickPar 0.9
Real Alternative 1.9.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Rhinoceros 4.0
Rhinoceros 4.0 SR5
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950582)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Sony Media Manager 2.2
Sony Vegas 7.0
Sound Blaster Live! Web 2K/XP
Suite Shared Configuration CS4
Sun VirtualBox
T-Splines for Rhino
TL Space Native 7.4
TMPGEnc Authoring Works 4
Toon Boom Storyboard Pro Trial
Total Video Converter 3.10
Ulead MediaStudio Pro 8.0
Update for Windows XP (KB955839)
Update for Windows XP (KB958752)
VCRedistSetup
Veoh Web Player
VideoStudio
Visual C++ Runtime for Dragon NaturallySpeaking
WebFldrs XP
Winamp
Winamp Detector Plug-in
WinDjView 1.0.1
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Xilisoft Video Converter Ultimate
XML Paper Specification Shared Components Pack 1.0

==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:21 PM

Posted 06 January 2011 - 01:23 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 minggnim

minggnim
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 06 January 2011 - 02:53 PM

When running RKUnhooker, I was warned that this is a malicious program!

#4 minggnim

minggnim
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 06 January 2011 - 02:55 PM

Kaspersky Internet Security

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:21 PM

Posted 06 January 2011 - 03:50 PM

it is ok please - turn kaspersky off during the scan


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 minggnim

minggnim
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 06 January 2011 - 03:55 PM

How do I know you're not infecting my computer?!

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:21 PM

Posted 06 January 2011 - 03:57 PM

you don't - but it is already infected that is why you are here


and do a search for my name and see how many people I have helped so far

Edited by gringo_pr, 06 January 2011 - 03:58 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 minggnim

minggnim
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 06 January 2011 - 04:03 PM

DDS (Ver_10-12-12.02) - NTFSx86
Run by Michael at 13:41:35.45 on Thu 01/06/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22

============== Running Processes ===============


============== Pseudo HJT Report ===============

mStart Page = about:blank
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = actsvr.comcastonline.com
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [LXDBCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXDBtime.dll,_RunDLLEntry@16
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: Add to Banner Ad Blocker - c:\program files\kaspersky lab\kaspersky internet security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: state.il.us\www.ides
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll, c:\progra~1\kasper~1\kasper~1\adialhk.dll, c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michael\applic~1\mozilla\firefox\profiles\eiife116.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

============= SERVICES / DRIVERS ===============

R? GEST Service;GEST Service for program management.
R? VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter
S? {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}
S? avp;Kaspersky Internet Security
S? CLBStor;InstantBurn Storage Helper Driver
S? CLBUDF;CyberLink InstantBurn UDF Filesystem
S? kl1;kl1
S? klbg;Kaspersky Lab Boot Guard Driver
S? KLFLTDEV;Kaspersky Lab KLFltDev
S? klif;Kaspersky Lab Driver
S? klim5;Kaspersky Anti-Virus NDIS Filter
S? lxdb_device;lxdb_device
S? VBoxDrv;VirtualBox Service
S? VBoxNetFlt;VBoxNetFlt Service
S? VBoxUSBMon;VirtualBox USB Monitor Driver

=============== Created Last 30 ================

2020-03-07 15:56:49 -------- d-----w- c:\docume~1\michael\applic~1\OrgPlus8
2020-03-07 15:56:47 73728 ----a-r- c:\docume~1\michael\applic~1\microsoft\installer\{276605ed-dedf-4f8d-ac4f-56f72efd5014}\ARPPRODUCTICON.exe
2020-03-07 15:56:38 -------- d-----w- c:\program files\common files\HumanConcepts
2020-03-07 15:56:07 -------- d-----w- c:\program files\HumanConcepts
2011-01-01 21:01:53 -------- d-----w- c:\docume~1\michael\applic~1\Malwarebytes
2011-01-01 21:01:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-01 21:01:44 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-01 21:01:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-01 21:01:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-09 23:02:19 81920 --sha-r- c:\windows\system32\ntdos4121.dll

==================== Find3M ====================

2011-01-05 11:36:52 16608 ----a-w- c:\windows\gdrv.sys

============= FINISH: 13:43:28.76 ===============
======================================================================================================================================================================================
==== Installed Programs ======================

3D Sea Aquarium
Absolute Video Splitter Joiner 1.6.0
Adobe AIR
Adobe Anchor Service CS4
Adobe Audition 3.0
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Common File Installer
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 Plugin
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop 7.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Anime Studio Pro 5.6
Apophysis 2.0
Apple Application Support
Apple Software Update
Audacity 1.2.6
Bodog Casino
Boilsoft Video Joiner 5.16
Boilsoft Video Splitter 5.01
Bryce 6
Bryce Lightning 2.0 b
Camtasia Studio 6
CCleaner
Comic Life
ComicRack v0.9.113
Connect
Corel VideoStudio 12
Corel VideoStudio Pro X2
CyberLink BD Advisor 2.0
CyberLink DVD Suite
CyberLink InstantBurn
CyberLink LabelPrint
CyberLink MediaShow
CyberLink PhotoNow
CyberLink Power2Go
CyberLink PowerBackup
CyberLink PowerDirector
CyberLink PowerDVD 8
CyberLink PowerDVD Copy
CyberLink PowerProducer
DAZ Studio
DVD Decrypter (Remove Only)
DVD Flick 1.3.0.7
DVD Shrink 3.2
Energy Saver Advance B8.1015.1
Gold Wave Editor v10.0.1
High Definition Audio Driver Package - KB888111
HP PrecisionScan LT Software
HumanConcepts OrgPlus 8
HumanConcepts OrgPlus 8 Plug-in
HyperCam 2
Interlok driver setup x32
IsoBuster 0.99.7.4
iZotope iDrum
iZotope iDrum Factory Content
iZotope Ozone Free 1.0 for Winamp
Java Auto Updater
Java™ 6 Update 22
K-Lite Mega Codec Pack 5.9.0
Kaspersky Internet Security 2009
kuler
LAME v3.98.2 for Audacity
Lexmark 840 Series
Lightning Storm Premium Screen Saver
LightScribe System Software 1.14.19.1
Living 3D Fireplace Full Screen Saver
Malwarebytes' Anti-Malware
Mathematica Player (M-WIN-D 7.0.1 1223367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC80 Support DLLs
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Moffsoft FreeCalc
Mozilla Firefox (3.6.13)
MSXML 4.0 SP3 Parser
MSXML 6.0 Parser
Nero 8
neroxml
NewsLeecher v3.9 Final
NoteTab Light 6 (Remove only)
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
P3dO Explorer (remove only)
Paint Shop Pro 7
particleIllusion 3.0
particleIllusion 3.0.2
PDF Settings CS4
Penguin 2.0
Photoshop Camera Raw
Pixel Bender Toolkit
Poser 4
Poser 4 Memory Update
QuickPar 0.9
Real Alternative 1.9.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Rhinoceros 4.0
Rhinoceros 4.0 SR5
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950582)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Sony Media Manager 2.2
Sony Vegas 7.0
Sound Blaster Live! Web 2K/XP
Suite Shared Configuration CS4
Sun VirtualBox
T-Splines for Rhino
TL Space Native 7.4
TMPGEnc Authoring Works 4
Toon Boom Storyboard Pro Trial
Total Video Converter 3.10
Ulead MediaStudio Pro 8.0
Update for Windows XP (KB955839)
Update for Windows XP (KB958752)
VCRedistSetup
Veoh Web Player
VideoStudio
Visual C++ Runtime for Dragon NaturallySpeaking
WebFldrs XP
Winamp
Winamp Detector Plug-in
WinDjView 1.0.1
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Xilisoft Video Converter Ultimate
XML Paper Specification Shared Components Pack 1.0

==== End Of File ===========================
========================================================================================================================================================================
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
ntkrnlpa.exe-->NtAdjustPrivilegesToken, Type: Address change 0x805EBB3E-->B54A31DA [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtClose, Type: Address change 0x805BC4F8-->B54A37AE [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtConnectPort, Type: Address change 0x805A45B4-->B54A51EA [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtCreateFile, Type: Address change 0x80579084-->B54A4B9C [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtCreateKey, Type: Address change 0x80623792-->B54A2950 [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtCreateSymbolicLinkObject, Type: Address change 0x805C39C2-->B54A6B7C [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtCreateThread, Type: Address change 0x805D0FE0-->B54A35AE [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtDeleteKey, Type: Address change 0x80623C22-->B54A2D92 [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtDeleteValueKey, Type: Address change 0x80623DF2-->B54A2F92 [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtDeviceIoControlFile, Type: Address change 0x8057924A-->B54A4EAC [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtDuplicateObject, Type: Address change 0x805BDFD0-->B54A7084 [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtEnumerateKey, Type: Address change 0x80623FD2-->B54A30A8 [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtEnumerateValueKey, Type: Address change 0x8062423C-->B54A3110 [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtFsControlFile, Type: Address change 0x8057927E-->B54A4D5E [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtLoadDriver, Type: Address change 0x8058413A-->B54A6620 [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtOpenFile, Type: Address change 0x8057A182-->B54A49F8 [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtOpenKey, Type: Address change 0x80624B64-->B54A2AB2 [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x805CB408-->B54A33B2 [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtOpenSection, Type: Address change 0x805AA3D2-->B54A6BA6 [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtOpenThread, Type: Address change 0x805CB694-->B54A32FE [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtQueryKey, Type: Address change 0x80624E8A-->B54A3178 [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtQueryMultipleValueKey, Type: Address change 0x806228E0-->B54A2E7C [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtQueryValueKey, Type: Address change 0x806219CA-->B54A2C5A [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtQueueApcThread, Type: Address change 0x805D123E-->B54A6888 [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtReplaceKey, Type: Address change 0x8062583E-->B54A25D2 [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtRequestWaitReplyPort, Type: Address change 0x805A2D5A-->B54A5A74 [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtRestoreKey, Type: Address change 0x8062514A-->B54A2734 [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtResumeThread, Type: Address change 0x805D4982-->B54A6F56 [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtSaveKey, Type: Address change 0x80625246-->B54A23D0 [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtSecureConnectPort, Type: Address change 0x805A3D48-->B54A508C [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtSetContextThread, Type: Address change 0x805D1702-->B54A36AC [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtSetSecurityObject, Type: Address change 0x805C05F6-->B54A671A [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtSetSystemInformation, Type: Address change 0x8060F3C6-->B54A6BD0 [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtSetValueKey, Type: Address change 0x80621D18-->B54A2B08 [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtSuspendProcess, Type: Address change 0x805D4A4A-->B54A6CB4 [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtSuspendThread, Type: Address change 0x805D48BC-->B54A6DE0 [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtSystemDebugControl, Type: Address change 0x8061777A-->B54A654C [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x805D29AA-->B54A347E [C:\WINDOWS\system32\DRIVERS\klif.sys]
ntkrnlpa.exe-->NtWriteVirtualMemory, Type: Address change 0x805B4394-->B54A34F0 [C:\WINDOWS\system32\DRIVERS\klif.sys]

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:21 PM

Posted 06 January 2011 - 04:34 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 minggnim

minggnim
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 06 January 2011 - 05:38 PM

ComboFix 11-01-06.03 - Michael 01/06/2011 16:12:55.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2897 [GMT -6:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\UA000106.DLL

.
((((((((((((((((((((((((( Files Created from 2010-12-06 to 2011-01-06 )))))))))))))))))))))))))))))))
.

2020-03-07 15:56 . 2020-03-07 15:56 -------- d-----w- c:\documents and settings\Michael\Application Data\OrgPlus8
2020-03-07 15:56 . 2020-03-07 15:56 73728 ----a-r- c:\documents and settings\Michael\Application Data\Microsoft\Installer\{276605ED-DEDF-4F8D-AC4F-56F72EFD5014}\ARPPRODUCTICON.exe
2020-03-07 15:56 . 2020-03-07 15:56 -------- d-----w- c:\program files\Common Files\HumanConcepts
2020-03-07 15:56 . 2020-03-07 15:56 -------- d-----w- c:\program files\HumanConcepts
2011-01-01 21:01 . 2011-01-01 21:01 -------- d-----w- c:\documents and settings\Michael\Application Data\Malwarebytes
2011-01-01 21:01 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-01 21:01 . 2011-01-01 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-01 21:01 . 2011-01-01 21:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-01 21:01 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-09 23:02 . 2010-12-09 23:02 81920 --sha-r- c:\windows\system32\ntdos4121.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-06 22:08 . 2009-05-02 09:53 16608 ----a-w- c:\windows\gdrv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]
"LXDBCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXDBtime.dll" [2006-03-02 73728]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-22 208616]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2008-06-19 08:42 2808832 ------r- c:\windows\alcwzrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2008-10-08 01:31 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 00:52 104936 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Update 4200C]
2002-02-14 19:53 32768 ----a-w- c:\sj655\hpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 21:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantBurn]
2007-10-26 15:55 681256 ----a-w- c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
2001-11-29 06:00 28672 ----a-w- c:\program files\Creative\SBLive\Program\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-07-30 15:41 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 14:31 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 14:53 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-03-27 15:03 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-13 23:11 210216 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 16:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2008-08-01 23:06 2663720 ------w- c:\program files\CyberLink\Power2Go\Power2GoExpress.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-21 01:23 83240 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-07-23 08:51 16804864 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2008-06-18 10:01 77824 ------r- c:\windows\SoundMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 17:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-10-29 22:27 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut]
2008-06-13 23:11 210216 ------w- c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload]
2008-06-09 16:03 397456 ----a-w- c:\program files\Corel\Corel VideoStudio 12\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-01-26 17:46 2633976 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
2002-07-02 22:56 24576 ----a-w- c:\windows\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"RemoteRegistry"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 4:29 PM 33808]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [6/8/2009 12:46 AM 15784]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [4/3/2010 3:46 PM 123856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [4/3/2010 3:46 PM 41680]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [10/7/2008 7:31 PM 61424]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [6/8/2009 12:46 AM 162344]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [5/2/2009 3:55 AM 68136]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 5:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [12/13/2007 12:28 PM 24592]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [3/25/2010 7:06 PM 110608]
S3 lxdb_device;lxdb_device;c:\windows\system32\lxdbcoms.exe -service --> c:\windows\system32\lxdbcoms.exe -service [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [3/25/2010 7:06 PM 99728]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-07-30 15:39 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = actsvr.comcastonline.com
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: state.il.us\www.ides
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\eiife116.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-06 16:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDBCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXDBtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h||A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1260)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3480)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-01-06 16:20:50
ComboFix-quarantined-files.txt 2011-01-06 22:20

Pre-Run: 29,897,490,432 bytes free
Post-Run: 29,850,619,904 bytes free

- - End Of File - - AA20260EB8FBE81BB60B0FEB781C422C
===================================================================================================================================================================
No problems running ComboFix.

When I do a search for Malware in google search ---((McAfee Threat Intelligence | McAfee, Inc.The global distribution of malware detected by McAfee's sensors over the past 30 days. McAfee receives billions of malware queries and thousands of malware ...
www.mcafee.com/us/mcafee-labs/threat-intelligence.aspx - Cached)---, and click on the link, I get directed to various sites such ashttp://www.gimmeanswers.org/search/th/searchabc.php?search=Malware&affiliate=nhost-112763, and http://www.scour.com/search/web/Malware/a52/ezanga3-10687_2507.
Is this a Google problem or me?

#11 minggnim

minggnim
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 06 January 2011 - 05:40 PM

Sorry, I forgot the log file.
ComboFix 11-01-06.03 - Michael 01/06/2011 16:12:55.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2897 [GMT -6:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\UA000106.DLL

.
((((((((((((((((((((((((( Files Created from 2010-12-06 to 2011-01-06 )))))))))))))))))))))))))))))))
.

2020-03-07 15:56 . 2020-03-07 15:56 -------- d-----w- c:\documents and settings\Michael\Application Data\OrgPlus8
2020-03-07 15:56 . 2020-03-07 15:56 73728 ----a-r- c:\documents and settings\Michael\Application Data\Microsoft\Installer\{276605ED-DEDF-4F8D-AC4F-56F72EFD5014}\ARPPRODUCTICON.exe
2020-03-07 15:56 . 2020-03-07 15:56 -------- d-----w- c:\program files\Common Files\HumanConcepts
2020-03-07 15:56 . 2020-03-07 15:56 -------- d-----w- c:\program files\HumanConcepts
2011-01-01 21:01 . 2011-01-01 21:01 -------- d-----w- c:\documents and settings\Michael\Application Data\Malwarebytes
2011-01-01 21:01 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-01 21:01 . 2011-01-01 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-01 21:01 . 2011-01-01 21:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-01 21:01 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-09 23:02 . 2010-12-09 23:02 81920 --sha-r- c:\windows\system32\ntdos4121.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-06 22:08 . 2009-05-02 09:53 16608 ----a-w- c:\windows\gdrv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]
"LXDBCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXDBtime.dll" [2006-03-02 73728]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-22 208616]

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:21 PM

Posted 06 January 2011 - 07:07 PM

we are going to check the router

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 minggnim

minggnim
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 06 January 2011 - 08:02 PM

Windows IP Configuration



Host Name . . . . . . . . . . . . : home

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.il.comcast.net.



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . : hsd1.il.comcast.net.

Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-24-1D-25-6C-83

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 71.228.1.233

Subnet Mask . . . . . . . . . . . : 255.255.248.0

Default Gateway . . . . . . . . . : 71.228.0.1

DHCP Server . . . . . . . . . . . : 68.87.72.19

DNS Servers . . . . . . . . . . . : 68.87.72.134

68.87.77.134

Lease Obtained. . . . . . . . . . : Thursday, January 06, 2011 1:26:11 PM

Lease Expires . . . . . . . . . . : Monday, January 10, 2011 1:26:11 PM

Server: cns.area4.il.chicago.comcast.net
Address: 68.87.72.134

Name: google.com
Addresses: 209.85.225.106, 209.85.225.104, 209.85.225.103, 209.85.225.99
209.85.225.105, 209.85.225.147

Server: cns.area4.il.chicago.comcast.net
Address: 68.87.72.134

Name: yahoo.com
Addresses: 209.191.122.70, 67.195.160.76, 69.147.125.65, 72.30.2.43
98.137.149.56



Pinging google.com [209.85.225.147] with 32 bytes of data:



Reply from 209.85.225.147: bytes=32 time=35ms TTL=51

Reply from 209.85.225.147: bytes=32 time=34ms TTL=51



Ping statistics for 209.85.225.147:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 34ms, Maximum = 35ms, Average = 34ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=60ms TTL=51

Reply from 209.191.122.70: bytes=32 time=58ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 58ms, Maximum = 60ms, Average = 59ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 24 1d 25 6c 83 ...... Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 71.228.0.1 71.228.1.233 1
71.228.0.0 255.255.248.0 71.228.1.233 71.228.1.233 30
71.228.1.233 255.255.255.255 127.0.0.1 127.0.0.1 30
71.255.255.255 255.255.255.255 71.228.1.233 71.228.1.233 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 71.228.1.233 71.228.1.233 30
255.255.255.255 255.255.255.255 71.228.1.233 71.228.1.233 1
Default Gateway: 71.228.0.1
===========================================================================
Persistent Routes:
None

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:21 PM

Posted 06 January 2011 - 09:22 PM

Hello

are you still getting redirected and if you are tell me how they happen


all google searches

when you click on a link


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 minggnim

minggnim
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 06 January 2011 - 09:55 PM

No more redirection. Thank you very much. What was the problem?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users