Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect - ive tried soooo many things.


  • This topic is locked This topic is locked
16 replies to this topic

#1 rycdavis

rycdavis

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 09 March 2011 - 12:57 AM

Alright well ive searched, and tried a lot of different things.
malwarebytes
tdsskiller
combofix
ive run ccleaner several times in the past and recently
GMER finds nothing wrong
looking into the hosts file
going through my registry
looking for every file ever listed as a problem for other people...
not using proxies
dns settings are correct
happens with various internet connections, so not router settings


it redirects in IE and firefox, and i seem to have no other issues.
here are my logs, hopefully theyll say something! this computer is my dads laptop, and its already a mess before this, hes had it a long time and doesnt care for it much. so feel free to make other suggestions too ;)

thank you in advance!

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by dick at 20:26:25.83 on Tue 03/08/2011
Internet Explorer: 8.0.6001.18813
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1211 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\a la mode\Sched\eSched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wuauclt.exe
C:\WINDOWS\System32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\dick\Downloads\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [RLZIAAX] rundll32 "c:\users\dick\appdata\roaming\shwebsvct.dll",Jsiux
uRun: [MHSOT] rundll32 "c:\users\dick\appdata\roaming\exe2bin8.dll",URLE
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [The Assistant] c:\program files\a la mode\sched\eSched.exe /checkuac
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\dick\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: alamode.com
Trusted Zone: alamode.com\vault
Trusted Zone: almsr.com
Trusted Zone: appraisalport.com\www
Trusted Zone: appraiserxsites.com
Trusted Zone: bing.com
Trusted Zone: certmail.com
Trusted Zone: doccentral.com
Trusted Zone: fnismls.com
Trusted Zone: getmedianow.com
Trusted Zone: interflood.com
Trusted Zone: live.com
Trusted Zone: mappoint.net
Trusted Zone: rdesk.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rexplorer.net
Trusted Zone: safemls.net
Trusted Zone: showingtime.com
Trusted Zone: sitexdata.com
Trusted Zone: spellchecker.net
Trusted Zone: transactionpoint.com
Trusted Zone: trpoint.com
Trusted Zone: xmlsweb.com
Trusted Zone: xsitesnetwork.com
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dick\appdata\roaming\mozilla\firefox\profiles\ilg0db3l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Universal Print: {BE2100B3-1D80-48eb-ACCF-D26750644378} - %profile%\extensions\{BE2100B3-1D80-48eb-ACCF-D26750644378}
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-20 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-3-6 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-3-6 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-3-6 656320]
R2 MSSQL$ALAMODE;SQL Server (ALAMODE);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2006-4-14 28933976]
R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2010-1-11 82944]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-24 1153368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-5 135664]
S3 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2010-12-15 124224]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20061025.029\IDSvix86.sys [2006-12-18 202872]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2006-11-7 92160]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-3-6 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-3-6 1150936]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-12-18 1174152]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-03-09 03:49:04 -------- d-----w- c:\users\dick\appdata\local\temp
2011-03-09 03:46:58 -------- dcsh--w- C:\$RECYCLE.BIN
2011-03-09 03:20:51 -------- dc----w- C:\ComboFix
2011-03-07 06:12:38 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-03-07 06:12:38 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-03-07 06:12:37 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-03-07 06:12:37 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-03-07 06:12:31 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-03-07 06:12:31 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-03-07 06:12:21 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-03-07 06:12:06 -------- d-----w- c:\program files\common files\PC Tools
2011-03-07 06:12:05 -------- d-----w- c:\users\dick\appdata\roaming\PC Tools
2011-03-07 06:12:05 -------- d-----w- c:\program files\PC Tools Security
2011-03-07 06:12:05 -------- d-----w- c:\progra~2\PC Tools
2011-03-05 18:44:11 -------- dc----w- C:\Recover
2011-03-05 18:43:28 -------- d-----w- c:\program files\RecvMngr
2011-03-05 07:45:38 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-05 07:45:17 -------- d-----w- c:\progra~2\Hitman Pro
2011-03-05 04:52:17 89088 ----a-w- c:\windows\MBR.exe
2011-03-05 04:52:16 98816 ----a-w- c:\windows\sed.exe
2011-03-05 04:52:16 256512 ----a-w- c:\windows\PEV.exe
2011-03-05 04:52:16 161792 ----a-w- c:\windows\SWREG.exe
2011-03-05 02:53:05 -------- d-----w- c:\users\dick\appdata\roaming\Malwarebytes
2011-03-05 02:52:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-05 02:52:55 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-05 02:52:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-05 02:52:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-05 01:20:48 200704 --sha-r- c:\users\dick\appdata\roaming\shwebsvct.dll
2011-03-05 01:20:48 200704 --sha-r- c:\users\dick\appdata\roaming\exe2bin8.dll
2011-03-05 00:59:43 -------- d-----w- c:\program files\CardRecovery
2011-03-04 09:20:31 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{c49383c1-a602-451e-ac36-2bff58634185}\mpengine.dll
2011-02-16 04:06:39 29272 ----a-r- c:\windows\system32\AdobePDF.dll
2011-02-16 04:04:19 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-02-03 01:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-01 20:15:10 1451336 ----a-w- c:\windows\system32\wtfiles.dll
2011-01-14 21:50:26 439624 ----a-w- c:\windows\system32\alaqkinfo.dll
2011-01-12 01:08:48 3739648 ----a-w- c:\windows\system32\alarpt5.ocx
2011-01-07 20:34:32 786432 ----a-w- c:\windows\system32\alaaird.ocx
2010-12-17 17:36:04 189768 ----a-w- c:\windows\system32\alawininet.dll
2010-12-15 22:55:34 66880 ----a-w- c:\windows\system32\pxfhwmcp.dll
2010-12-15 22:55:30 136512 ----a-w- c:\windows\system32\PCTIN50.dll
2010-12-15 22:35:56 32408 ----a-w- c:\windows\system32\PCTINDIS5.sys
.
============= FINISH: 20:28:30.94 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/3/2007 11:15:19 PM
System Uptime: 3/8/2011 7:56:19 PM (1 hours ago)
.
Motherboard: Quanta | | 30BB
Processor: Intel® Core™2 CPU T5200 @ 1.60GHz | U2E1 | 800/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 68 GiB total, 13.912 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 0.665 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0027
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #22
PNP Device ID: ROOT\*6TO4MP\0027
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0029
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #24
PNP Device ID: ROOT\*6TO4MP\0029
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0036
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #30
PNP Device ID: ROOT\*6TO4MP\0036
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0050
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #42
PNP Device ID: ROOT\*6TO4MP\0050
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0017
Manufacturer: Microsoft
Name: isatap.{5F4FA51B-AA7F-4178-BA5E-23B472688776}
PNP Device ID: ROOT\*ISATAP\0017
Service: tunnel
.
==== System Restore Points ===================
.
RP126: 3/8/2011 1:57:59 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
a la mode Vault
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Acrobat 8 Standard
Adobe Acrobat 8.2.6 - CPSID_83708
Adobe Acrobat 8.2.6 Standard
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
AI RoboForm (All Users)
Amazon Unbox Video
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASL_HS_Installer32
AutoUpdate
AV
Bonjour
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CardRecovery 5.30
ccCommon
CCleaner
Compaq Connections (remove only)
Conexant HD Audio
DivX
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Quick Launch Buttons 6.10 B9
HP QuickPlay 3.0
HP Total Care Advisor
HP Update
HP User Guide 0048
HP Wireless Assistant
HPNetworkAssistant
InstallVC90Support
Intel® Graphics Media Accelerator Driver
Intel® Network Connections Drivers
iPhone Configuration Utility
iTunes
Java™ SE Runtime Environment 6
Lame ACM MP3 Codec
LightScribe 1.4.124.1
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
MetroScan Online v3.8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliType Pro 6.2
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SOAP Toolkit 3.0
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (ALAMODE)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works
Mozilla Firefox (3.6.15)
Mozilla Thunderbird (3.1.9)
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 5.0
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
PC SpeedScan Pro
PDF-XChange 3
PIXresizer 2.0.3
QuickBooks
QuickBooks Pro 2010
QuickTime
Refresher 1.2
RF Wireless Mouse
Rhapsody
Rhapsody Player Engine
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Samsung Media Studio
Soft Data Fax Modem with SmartCP
Sonic Activation Module
SoulSeek 157 NS 13c
SPBBC 32bit
Sprint SmartView
Spybot - Search & Destroy
Spyware Doctor 8.0
Symantec Real Time Storage Protection Component
SymNet
Synaptics Pointing Device Driver
Ulead Photo Express 4.0 SE
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VAIOSoft Recovery Manager
Viewpoint Media Player
Virtual Earth 3D (Beta)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WD Diagnostics
Windows Live Sync
WinSketch Pro 7
WinZip 12.0
XviD MPEG-4 Video Codec
.
==== End Of File ===========================



GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-08 21:56:21
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST980811AS rev.3.BHD
Running: ucxp5r74.exe; Driver: C:\Users\dick\AppData\Local\Temp\uxldapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x83012F68]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x83013230]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x830129D8]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8301352C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 43C 824D7A00 8 Bytes [68, 2F, 01, 83, 30, 32, 01, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 854 824D7E18 4 Bytes [D8, 29, 01, 83]
.text ntkrnlpa.exe!KeSetTimerEx + 918 824D7EDC 4 Bytes [2C, 35, 01, 83]
? C:\Users\dick\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] ntdll.dll!LdrLoadDll 77367933 5 Bytes JMP 010D13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] ntdll.dll!NtQueryInformationProcess 77398A88 5 Bytes JMP 00DA0C82
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] WS2_32.dll!closesocket 75D8330C 5 Bytes JMP 00D8C304
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] WS2_32.dll!recv 75D8343A 5 Bytes JMP 00D8C093
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] WS2_32.dll!GetAddrInfoW 75D83D12 5 Bytes JMP 00D8B696
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] WS2_32.dll!getaddrinfo 75D8418A 5 Bytes JMP 00D8B5B6
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] WS2_32.dll!WSASend 75D84496 5 Bytes JMP 00D8C13D
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] WS2_32.dll!send 75D8659B 5 Bytes JMP 00D8BFED
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] WS2_32.dll!WSARecv 75D88400 5 Bytes JMP 00D8C20E
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] WS2_32.dll!WSAAsyncGetHostByName 75D95FB9 5 Bytes JMP 00D8B91A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] WS2_32.dll!gethostbyname 75D962D4 5 Bytes JMP 00D8B4F9
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] USER32.dll!DrawTextExW 75BA8D88 5 Bytes JMP 00D8C8DF
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] USER32.dll!DrawTextW 75BA9157 5 Bytes JMP 00D8C71B
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] USER32.dll!DialogBoxParamW 75BB1FD5 5 Bytes JMP 00D8B9F5
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] USER32.dll!DrawTextA 75BB2B3D 5 Bytes JMP 00D8C63F
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] USER32.dll!DrawTextExA 75BB2B74 5 Bytes JMP 00D8C7F7
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] USER32.dll!SetClipboardData 75BD62F8 5 Bytes JMP 00D8C392
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] GDI32.dll!ExtTextOutW 75D282B1 5 Bytes JMP 00D8CAAC
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] GDI32.dll!GetGlyphIndicesW 75D2C249 5 Bytes JMP 00D8CF2D
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] GDI32.dll!TextOutW 75D2F4FD 5 Bytes JMP 00D8C572
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] GDI32.dll!ExtTextOutA 75D2FE29 5 Bytes JMP 00D8C9C7
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] GDI32.dll!TextOutA 75D2FE86 5 Bytes JMP 00D8C4A5
.text C:\Program Files\Mozilla Firefox\firefox.exe[4508] GDI32.dll!GetGlyphIndicesA 75D499F0 5 Bytes JMP 00D8CE63
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5260] USER32.dll!TrackPopupMenu 75BB1417 5 Bytes JMP 67FB6373 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641c78930
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001641c78930 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

Edited by rycdavis, 09 March 2011 - 10:55 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:16 AM

Posted 10 March 2011 - 11:13 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 rycdavis

rycdavis
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 11 March 2011 - 04:39 PM

here is the log after combofix:


ComboFix 11-03-10.04 - dick 03/11/2011 13:04:42.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1256 [GMT -8:00]
Running from: c:\users\dick\Downloads\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-11 to 2011-03-11 )))))))))))))))))))))))))))))))
.
.
2011-03-11 21:25 . 2011-03-11 21:26 -------- d-----w- c:\users\dick\AppData\Local\temp
2011-03-11 21:25 . 2011-03-11 21:25 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-03-11 21:25 . 2011-03-11 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-11 09:23 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D427472A-A979-4A41-BA6C-593F02241279}\mpengine.dll
2011-03-07 06:12 . 2010-07-16 22:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-03-07 06:12 . 2010-07-16 22:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-03-07 06:12 . 2010-11-17 18:19 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-03-07 06:12 . 2010-11-17 18:19 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-03-07 06:12 . 2010-11-25 18:53 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-03-07 06:12 . 2010-11-25 18:43 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-03-07 06:12 . 2010-11-25 18:42 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-03-07 06:12 . 2011-03-07 06:16 -------- d-----w- c:\program files\Common Files\PC Tools
2011-03-07 06:12 . 2011-03-07 06:18 -------- d-----w- c:\program files\PC Tools Security
2011-03-07 06:12 . 2011-03-07 06:12 -------- d-----w- c:\programdata\PC Tools
2011-03-07 06:12 . 2011-03-07 06:12 -------- d-----w- c:\users\dick\AppData\Roaming\PC Tools
2011-03-05 18:44 . 2011-03-05 18:54 -------- dc----w- C:\Recover
2011-03-05 18:43 . 2011-03-05 18:43 -------- d-----w- c:\program files\RecvMngr
2011-03-05 07:45 . 2011-03-05 07:45 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-05 07:45 . 2011-03-05 07:45 -------- d-----w- c:\programdata\Hitman Pro
2011-03-05 02:53 . 2011-03-05 02:53 -------- d-----w- c:\users\dick\AppData\Roaming\Malwarebytes
2011-03-05 02:52 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-05 02:52 . 2011-03-05 02:52 -------- d-----w- c:\programdata\Malwarebytes
2011-03-05 02:52 . 2011-03-05 02:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-05 02:52 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-05 01:20 . 2011-03-05 01:20 200704 --sha-r- c:\users\dick\AppData\Roaming\shwebsvct.dll
2011-03-05 01:20 . 2011-03-05 01:20 200704 --sha-r- c:\users\dick\AppData\Roaming\exe2bin8.dll
2011-03-05 00:59 . 2011-03-05 00:59 -------- d-----w- c:\program files\CardRecovery
2011-02-16 04:06 . 2007-03-23 11:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll
2011-02-16 04:04 . 2010-09-23 02:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 01:11 . 2009-10-05 09:09 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-01 20:15 . 2008-03-29 16:09 1451336 ----a-w- c:\windows\system32\wtfiles.dll
2011-01-14 21:50 . 2008-03-29 16:08 439624 ----a-w- c:\windows\system32\alaqkinfo.dll
2011-01-12 01:08 . 2008-03-29 16:08 3739648 ----a-w- c:\windows\system32\alarpt5.ocx
2011-01-07 20:34 . 2010-05-06 14:56 786432 ----a-w- c:\windows\system32\alaaird.ocx
2010-12-17 17:36 . 2009-06-26 22:36 189768 ----a-w- c:\windows\system32\alawininet.dll
2010-12-15 22:55 . 2010-12-15 22:55 66880 ----a-w- c:\windows\system32\pxfhwmcp.dll
2010-12-15 22:55 . 2010-12-15 22:55 136512 ----a-w- c:\windows\system32\PCTIN50.dll
2010-12-15 22:38 . 2010-12-15 22:38 38680 ----a-w- c:\windows\system32\drivers\pctnullport.sys
2010-12-15 22:35 . 2010-12-15 22:35 32408 ----a-w- c:\windows\system32\PCTINDIS5.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-03-21 160328]
"RLZIAAX"="c:\users\dick\AppData\Roaming\shwebsvct.dll" [2011-03-05 200704]
"MHSOT"="c:\users\dick\AppData\Roaming\exe2bin8.dll" [2011-03-05 200704]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"The Assistant"="c:\program files\a la mode\Sched\eSched.exe" [2007-04-16 99840]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2010-12-15 75072]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2010-12-15 316736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
.
c:\users\dick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2008-11-9 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-01-21 21:03 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2006-10-25 11:08 107112 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 03:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2006-11-28 23:42 46704 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 03:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
2006-10-24 21:19 46728 ----a-w- c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 10:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
2007-01-31 04:36 57344 ----a-w- c:\program files\MarkAny\ContentSafer\MaAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
2006-10-27 13:18 22696 ----a-w- c:\program files\Norton Internet Security\osCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC SpeedScan Pro]
2008-08-21 23:41 2093056 ----a-w- c:\program files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 03:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDVCHG]
2010-12-15 22:54 316736 ----a-w- c:\program files\Sprint\Sprint SmartView\RDVCHG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
2007-02-24 00:32 126976 ----a-w- c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]
2010-12-15 22:54 75072 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-04-05 20:43 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The Assistant]
2007-04-16 16:18 99840 ----a-w- c:\program files\a la mode\Sched\eSched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 135664]
R3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [2010-12-15 124224]
R3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-10-20 202872]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-01 1352832]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2006-11-07 92160]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-21 64288]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-25 239168]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S2 MSSQL$ALAMODE;SQL Server (ALAMODE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
S2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-01-11 82944]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 02:48]
.
2011-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 02:48]
.
2011-03-11 c:\windows\Tasks\User_Feed_Synchronization-{501CA9EF-8988-4E5E-8794-3FAD064543F9}.job
- c:\windows\system32\msfeedssync.exe [2009-07-30 20:13]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: alamode.com
Trusted Zone: alamode.com\vault
Trusted Zone: almsr.com
Trusted Zone: appraisalport.com\www
Trusted Zone: appraiserxsites.com
Trusted Zone: bing.com
Trusted Zone: certmail.com
Trusted Zone: doccentral.com
Trusted Zone: fnismls.com
Trusted Zone: getmedianow.com
Trusted Zone: interflood.com
Trusted Zone: live.com
Trusted Zone: mappoint.net
Trusted Zone: rdesk.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rexplorer.net
Trusted Zone: safemls.net
Trusted Zone: showingtime.com
Trusted Zone: sitexdata.com
Trusted Zone: spellchecker.net
Trusted Zone: transactionpoint.com
Trusted Zone: trpoint.com
Trusted Zone: xmlsweb.com
Trusted Zone: xsitesnetwork.com
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\dick\AppData\Roaming\Mozilla\Firefox\Profiles\ilg0db3l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Universal Print: {BE2100B3-1D80-48eb-ACCF-D26750644378} - %profile%\extensions\{BE2100B3-1D80-48eb-ACCF-D26750644378}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-11 13:26
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-03-11 13:31:54
ComboFix-quarantined-files.txt 2011-03-11 21:31
ComboFix2.txt 2011-03-09 03:49
ComboFix3.txt 2011-03-08 22:28
ComboFix4.txt 2011-03-05 05:27
.
Pre-Run: 12,677,799,936 bytes free
Post-Run: 12,566,835,200 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 903A5FCA68B4287514A4C8218739E977




didnt have any problems running it
still redirected

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:16 AM

Posted 11 March 2011 - 08:37 PM

I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

File::
c:\users\dick\AppData\Roaming\shwebsvct.dll
c:\users\dick\AppData\Roaming\exe2bin8.dll
c:\windows\system32\alaqkinfo.dll

DDS::
Trusted Zone: alamode.com
Trusted Zone: alamode.com\vault
Trusted Zone: almsr.com
Trusted Zone: appraisalport.com\www
Trusted Zone: appraiserxsites.com
Trusted Zone: bing.com
Trusted Zone: certmail.com
Trusted Zone: doccentral.com
Trusted Zone: fnismls.com
Trusted Zone: getmedianow.com
Trusted Zone: interflood.com
Trusted Zone: live.com
Trusted Zone: mappoint.net
Trusted Zone: rdesk.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rexplorer.net
Trusted Zone: safemls.net
Trusted Zone: showingtime.com
Trusted Zone: sitexdata.com
Trusted Zone: spellchecker.net
Trusted Zone: transactionpoint.com
Trusted Zone: trpoint.com
Trusted Zone: xmlsweb.com
Trusted Zone: xsitesnetwork.com


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 rycdavis

rycdavis
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 13 March 2011 - 12:10 AM

said there was a newer version of combofix. it downloaded it then ran fine. still redirecting


ComboFix 11-03-12.01 - dick 03/12/2011 20:37:25.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1080 [GMT -8:00]
Running from: c:\users\dick\Downloads\ComboFix.exe
Command switches used :: c:\users\dick\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\dick\AppData\Roaming\exe2bin8.dll"
"c:\users\dick\AppData\Roaming\shwebsvct.dll"
"c:\windows\system32\alaqkinfo.dll"
.
.
((((((((((((((((((((((((( Files Created from 2011-02-13 to 2011-03-13 )))))))))))))))))))))))))))))))
.
.
2011-03-13 04:57 . 2011-03-13 04:57 -------- d-----w- c:\users\dick\AppData\Local\temp
2011-03-13 04:57 . 2011-03-13 04:57 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-03-13 04:57 . 2011-03-13 04:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-11 09:23 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D427472A-A979-4A41-BA6C-593F02241279}\mpengine.dll
2011-03-07 06:12 . 2010-07-16 22:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-03-07 06:12 . 2010-07-16 22:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-03-07 06:12 . 2010-11-17 18:19 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-03-07 06:12 . 2010-11-17 18:19 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-03-07 06:12 . 2010-11-25 18:53 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-03-07 06:12 . 2010-11-25 18:43 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-03-07 06:12 . 2010-11-25 18:42 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-03-07 06:12 . 2011-03-07 06:16 -------- d-----w- c:\program files\Common Files\PC Tools
2011-03-07 06:12 . 2011-03-07 06:18 -------- d-----w- c:\program files\PC Tools Security
2011-03-07 06:12 . 2011-03-07 06:12 -------- d-----w- c:\programdata\PC Tools
2011-03-07 06:12 . 2011-03-07 06:12 -------- d-----w- c:\users\dick\AppData\Roaming\PC Tools
2011-03-05 18:44 . 2011-03-05 18:54 -------- dc----w- C:\Recover
2011-03-05 18:43 . 2011-03-05 18:43 -------- d-----w- c:\program files\RecvMngr
2011-03-05 07:45 . 2011-03-05 07:45 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-03-05 07:45 . 2011-03-05 07:45 -------- d-----w- c:\programdata\Hitman Pro
2011-03-05 02:53 . 2011-03-05 02:53 -------- d-----w- c:\users\dick\AppData\Roaming\Malwarebytes
2011-03-05 02:52 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-05 02:52 . 2011-03-05 02:52 -------- d-----w- c:\programdata\Malwarebytes
2011-03-05 02:52 . 2011-03-05 02:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-05 02:52 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-05 01:20 . 2011-03-05 01:20 200704 --sha-r- c:\users\dick\AppData\Roaming\shwebsvct.dll
2011-03-05 01:20 . 2011-03-05 01:20 200704 --sha-r- c:\users\dick\AppData\Roaming\exe2bin8.dll
2011-03-05 00:59 . 2011-03-05 00:59 -------- d-----w- c:\program files\CardRecovery
2011-02-16 04:06 . 2007-03-23 11:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll
2011-02-16 04:04 . 2010-09-23 02:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 01:11 . 2009-10-05 09:09 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-01 20:15 . 2008-03-29 16:09 1451336 ----a-w- c:\windows\system32\wtfiles.dll
2011-01-14 21:50 . 2008-03-29 16:08 439624 ----a-w- c:\windows\system32\alaqkinfo.dll
2011-01-12 01:08 . 2008-03-29 16:08 3739648 ----a-w- c:\windows\system32\alarpt5.ocx
2011-01-07 20:34 . 2010-05-06 14:56 786432 ----a-w- c:\windows\system32\alaaird.ocx
2010-12-17 17:36 . 2009-06-26 22:36 189768 ----a-w- c:\windows\system32\alawininet.dll
2010-12-15 22:55 . 2010-12-15 22:55 66880 ----a-w- c:\windows\system32\pxfhwmcp.dll
2010-12-15 22:55 . 2010-12-15 22:55 136512 ----a-w- c:\windows\system32\PCTIN50.dll
2010-12-15 22:38 . 2010-12-15 22:38 38680 ----a-w- c:\windows\system32\drivers\pctnullport.sys
2010-12-15 22:35 . 2010-12-15 22:35 32408 ----a-w- c:\windows\system32\PCTINDIS5.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-03-21 160328]
"RLZIAAX"="c:\users\dick\AppData\Roaming\shwebsvct.dll" [2011-03-05 200704]
"MHSOT"="c:\users\dick\AppData\Roaming\exe2bin8.dll" [2011-03-05 200704]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"The Assistant"="c:\program files\a la mode\Sched\eSched.exe" [2007-04-16 99840]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2010-12-15 75072]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2010-12-15 316736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
.
c:\users\dick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2008-11-9 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-01-21 21:03 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2006-10-25 11:08 107112 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-12 03:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2006-11-28 23:42 46704 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-12 03:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
2006-10-24 21:19 46728 ----a-w- c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 10:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MAAgent]
2007-01-31 04:36 57344 ----a-w- c:\program files\MarkAny\ContentSafer\MaAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
2006-10-27 13:18 22696 ----a-w- c:\program files\Norton Internet Security\osCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC SpeedScan Pro]
2008-08-21 23:41 2093056 ----a-w- c:\program files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-12 03:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDVCHG]
2010-12-15 22:54 316736 ----a-w- c:\program files\Sprint\Sprint SmartView\RDVCHG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
2007-02-24 00:32 126976 ----a-w- c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]
2010-12-15 22:54 75072 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-04-05 20:43 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\The Assistant]
2007-04-16 16:18 99840 ----a-w- c:\program files\a la mode\Sched\eSched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 135664]
R3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [2010-12-15 124224]
R3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-10-20 202872]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-01 1352832]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2006-11-07 92160]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-21 64288]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-25 239168]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S2 MSSQL$ALAMODE;SQL Server (ALAMODE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
S2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-01-11 82944]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 02:48]
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-06 02:48]
.
2011-03-12 c:\windows\Tasks\User_Feed_Synchronization-{501CA9EF-8988-4E5E-8794-3FAD064543F9}.job
- c:\windows\system32\msfeedssync.exe [2009-07-30 20:13]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\dick\AppData\Roaming\Mozilla\Firefox\Profiles\ilg0db3l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Universal Print: {BE2100B3-1D80-48eb-ACCF-D26750644378} - %profile%\extensions\{BE2100B3-1D80-48eb-ACCF-D26750644378}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-12 20:57
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-03-12 21:03:31
ComboFix-quarantined-files.txt 2011-03-13 05:03
ComboFix2.txt 2011-03-11 21:31
ComboFix3.txt 2011-03-09 03:49
ComboFix4.txt 2011-03-08 22:28
ComboFix5.txt 2011-03-13 04:33
.
Pre-Run: 12,245,389,312 bytes free
Post-Run: 12,240,064,512 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5,6
- - End Of File - - 5F404B42E1137C4611E2F110C3076628

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:16 AM

Posted 13 March 2011 - 12:40 PM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo

Edited by gringo_pr, 13 March 2011 - 12:41 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 rycdavis

rycdavis
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 13 March 2011 - 11:50 PM

froze at 80% initializing, had to reboot. ran fine the second time, found nothing. still redirecting

2011/03/13 21:46:02.0071 4552 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/13 21:46:02.0991 4552 ================================================================================
2011/03/13 21:46:02.0991 4552 SystemInfo:
2011/03/13 21:46:02.0991 4552
2011/03/13 21:46:02.0991 4552 OS Version: 6.0.6001 ServicePack: 1.0
2011/03/13 21:46:02.0991 4552 Product type: Workstation
2011/03/13 21:46:02.0991 4552 ComputerName: LAPTOP2
2011/03/13 21:46:02.0991 4552 UserName: dick
2011/03/13 21:46:02.0991 4552 Windows directory: C:\Windows
2011/03/13 21:46:02.0991 4552 System windows directory: C:\Windows
2011/03/13 21:46:02.0991 4552 Processor architecture: Intel x86
2011/03/13 21:46:02.0991 4552 Number of processors: 2
2011/03/13 21:46:02.0991 4552 Page size: 0x1000
2011/03/13 21:46:02.0991 4552 Boot type: Normal boot
2011/03/13 21:46:02.0991 4552 ================================================================================
2011/03/13 21:46:05.0175 4552 Initialize success
2011/03/13 21:46:22.0335 4744 ================================================================================
2011/03/13 21:46:22.0335 4744 Scan started
2011/03/13 21:46:22.0335 4744 Mode: Manual;
2011/03/13 21:46:22.0335 4744 ================================================================================
2011/03/13 21:46:24.0769 4744 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/03/13 21:46:25.0159 4744 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/03/13 21:46:25.0346 4744 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/03/13 21:46:25.0689 4744 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/03/13 21:46:26.0220 4744 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/03/13 21:46:26.0859 4744 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/03/13 21:46:27.0109 4744 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/03/13 21:46:27.0234 4744 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/13 21:46:27.0717 4744 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/03/13 21:46:28.0139 4744 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/03/13 21:46:28.0497 4744 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/03/13 21:46:28.0965 4744 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/03/13 21:46:29.0277 4744 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/03/13 21:46:29.0621 4744 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/03/13 21:46:30.0057 4744 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/03/13 21:46:30.0650 4744 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/13 21:46:31.0383 4744 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/03/13 21:46:31.0961 4744 BCM43XV (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/03/13 21:46:32.0226 4744 BCM43XX (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/03/13 21:46:32.0741 4744 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/13 21:46:33.0833 4744 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/13 21:46:34.0332 4744 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/13 21:46:34.0769 4744 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/13 21:46:35.0346 4744 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/13 21:46:35.0985 4744 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/13 21:46:36.0251 4744 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/13 21:46:37.0155 4744 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/13 21:46:37.0623 4744 BthEnum (a820438255f37ab8baa2bd59753a8d81) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/03/13 21:46:37.0857 4744 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/13 21:46:37.0967 4744 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2011/03/13 21:46:38.0091 4744 BTHPORT (4a74bbb2b6761789f42a6613479bdb1d) C:\Windows\system32\Drivers\BTHport.sys
2011/03/13 21:46:38.0466 4744 BTHUSB (1a407f9b707a06f55aa150f9aa072b09) C:\Windows\system32\Drivers\BTHUSB.sys
2011/03/13 21:46:39.0246 4744 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/13 21:46:39.0511 4744 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/13 21:46:39.0667 4744 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/03/13 21:46:39.0761 4744 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/03/13 21:46:40.0197 4744 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/13 21:46:40.0806 4744 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/03/13 21:46:41.0211 4744 CnxtHdAudService (a4d44ab8423791db757b38150ec599a4) C:\Windows\system32\drivers\CHDRT32.sys
2011/03/13 21:46:41.0477 4744 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/13 21:46:41.0960 4744 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/03/13 21:46:42.0257 4744 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/03/13 21:46:43.0115 4744 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/03/13 21:46:43.0536 4744 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/03/13 21:46:44.0129 4744 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/13 21:46:44.0612 4744 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/13 21:46:44.0971 4744 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\Windows\system32\DRIVERS\e100b325.sys
2011/03/13 21:46:45.0111 4744 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/13 21:46:45.0267 4744 eabfiltr (a6476585b4fefee46a9f42e4d2bfdfa4) C:\Windows\system32\DRIVERS\eabfiltr.sys
2011/03/13 21:46:45.0533 4744 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/03/13 21:46:45.0767 4744 eeCtrl (fb069d8270853023f6e315745b5bbad4) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/03/13 21:46:46.0001 4744 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/03/13 21:46:46.0344 4744 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/03/13 21:46:46.0562 4744 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/03/13 21:46:46.0687 4744 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/13 21:46:46.0843 4744 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/13 21:46:47.0171 4744 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/13 21:46:47.0311 4744 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/13 21:46:47.0685 4744 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/03/13 21:46:48.0044 4744 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/13 21:46:48.0231 4744 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/13 21:46:48.0419 4744 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/03/13 21:46:48.0590 4744 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/03/13 21:46:49.0043 4744 HdAudAddService (3aeee05bb25b8cc72b6e9aec0e6f394b) C:\Windows\system32\drivers\CHDART.sys
2011/03/13 21:46:49.0245 4744 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/13 21:46:49.0526 4744 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/13 21:46:49.0776 4744 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/13 21:46:50.0025 4744 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/13 21:46:50.0244 4744 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/03/13 21:46:50.0447 4744 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/03/13 21:46:50.0790 4744 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/03/13 21:46:51.0273 4744 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/03/13 21:46:51.0570 4744 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys
2011/03/13 21:46:51.0679 4744 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/03/13 21:46:51.0866 4744 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/13 21:46:52.0272 4744 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/13 21:46:52.0833 4744 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/03/13 21:46:53.0114 4744 IDSvix86 (78432a57d085328cf8baf125985425d2) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys
2011/03/13 21:46:54.0128 4744 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/13 21:46:54.0378 4744 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/13 21:46:54.0799 4744 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/13 21:46:55.0283 4744 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/13 21:46:55.0626 4744 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/13 21:46:56.0328 4744 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/13 21:46:56.0609 4744 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/13 21:46:56.0780 4744 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/13 21:46:57.0233 4744 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/03/13 21:46:57.0373 4744 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/13 21:46:57.0701 4744 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/13 21:46:57.0888 4744 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/13 21:46:58.0200 4744 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/13 21:46:58.0371 4744 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/13 21:46:58.0761 4744 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/13 21:46:59.0011 4744 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
2011/03/13 21:46:59.0385 4744 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/13 21:46:59.0697 4744 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/13 21:47:00.0009 4744 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/13 21:47:00.0181 4744 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/13 21:47:00.0415 4744 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/13 21:47:00.0821 4744 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\Windows\system32\drivers\MCSTRM.sys
2011/03/13 21:47:01.0320 4744 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/03/13 21:47:01.0663 4744 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/03/13 21:47:02.0084 4744 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/13 21:47:02.0303 4744 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/13 21:47:02.0708 4744 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/13 21:47:03.0098 4744 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/13 21:47:03.0379 4744 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/13 21:47:03.0691 4744 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/03/13 21:47:03.0925 4744 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/13 21:47:04.0065 4744 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/13 21:47:04.0471 4744 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/03/13 21:47:04.0783 4744 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/13 21:47:05.0079 4744 mrxsmb10 (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/13 21:47:05.0251 4744 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/13 21:47:05.0391 4744 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/03/13 21:47:05.0672 4744 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/03/13 21:47:06.0249 4744 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/13 21:47:06.0686 4744 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/13 21:47:07.0326 4744 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/13 21:47:07.0763 4744 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/13 21:47:07.0887 4744 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/13 21:47:08.0262 4744 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/03/13 21:47:08.0527 4744 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/13 21:47:08.0823 4744 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/13 21:47:09.0011 4744 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/03/13 21:47:09.0307 4744 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/13 21:47:09.0510 4744 NAVENG (ef04748a7a7266edbdbe02b161a0685d) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVENG.SYS
2011/03/13 21:47:09.0775 4744 NAVEX15 (09f3bfdc47718459b42d696cb671f65f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVEX15.SYS
2011/03/13 21:47:10.0290 4744 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/03/13 21:47:10.0524 4744 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/13 21:47:10.0695 4744 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/13 21:47:10.0851 4744 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/13 21:47:11.0257 4744 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/13 21:47:11.0553 4744 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/13 21:47:11.0865 4744 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/13 21:47:12.0302 4744 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/03/13 21:47:12.0614 4744 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/13 21:47:13.0004 4744 Nmea (b0d5188e282dc4edae7020f333427bc8) C:\Windows\system32\DRIVERS\pctnullport.sys
2011/03/13 21:47:13.0207 4744 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/03/13 21:47:13.0503 4744 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/13 21:47:13.0878 4744 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/03/13 21:47:14.0221 4744 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/13 21:47:14.0408 4744 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/13 21:47:14.0564 4744 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/03/13 21:47:14.0861 4744 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/03/13 21:47:15.0266 4744 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/03/13 21:47:15.0594 4744 NWADI (93213c7ec08e01e37a935bf144e75df6) C:\Windows\system32\DRIVERS\NWADIenum.sys
2011/03/13 21:47:16.0389 4744 NWUSBModem (d03072d7a3e4bf86e530f7abe18309fc) C:\Windows\system32\DRIVERS\nwusbmdm.sys
2011/03/13 21:47:16.0639 4744 NWUSBPort (d03072d7a3e4bf86e530f7abe18309fc) C:\Windows\system32\DRIVERS\nwusbser.sys
2011/03/13 21:47:16.0982 4744 NWUSBPort2 (d03072d7a3e4bf86e530f7abe18309fc) C:\Windows\system32\DRIVERS\nwusbser2.sys
2011/03/13 21:47:17.0388 4744 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/13 21:47:17.0669 4744 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/13 21:47:18.0105 4744 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/03/13 21:47:18.0339 4744 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/13 21:47:18.0620 4744 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\drivers\PCASp50.sys
2011/03/13 21:47:19.0057 4744 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/03/13 21:47:19.0525 4744 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/03/13 21:47:19.0790 4744 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/13 21:47:20.0180 4744 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\Windows\system32\drivers\PCTCore.sys
2011/03/13 21:47:20.0477 4744 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
2011/03/13 21:47:20.0929 4744 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
2011/03/13 21:47:21.0288 4744 PCTINDIS5 (1e715247efffdda938c085913045d599) C:\Windows\system32\PCTINDIS5.SYS
2011/03/13 21:47:21.0818 4744 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/13 21:47:22.0364 4744 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/13 21:47:22.0645 4744 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/03/13 21:47:22.0941 4744 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/13 21:47:23.0222 4744 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
2011/03/13 21:47:23.0659 4744 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/03/13 21:47:24.0002 4744 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/13 21:47:24.0143 4744 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/13 21:47:24.0486 4744 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/13 21:47:24.0704 4744 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/13 21:47:25.0001 4744 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/13 21:47:25.0219 4744 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/13 21:47:25.0625 4744 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/13 21:47:25.0890 4744 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/13 21:47:26.0046 4744 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/03/13 21:47:26.0420 4744 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/13 21:47:26.0763 4744 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/03/13 21:47:27.0029 4744 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/03/13 21:47:27.0169 4744 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/03/13 21:47:27.0403 4744 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/03/13 21:47:27.0699 4744 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/03/13 21:47:28.0074 4744 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/03/13 21:47:28.0526 4744 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/03/13 21:47:28.0760 4744 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/13 21:47:29.0103 4744 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/13 21:47:29.0571 4744 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/13 21:47:29.0883 4744 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/13 21:47:30.0117 4744 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/13 21:47:30.0258 4744 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/13 21:47:30.0367 4744 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/13 21:47:30.0882 4744 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/13 21:47:31.0053 4744 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/13 21:47:31.0287 4744 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/13 21:47:31.0381 4744 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/13 21:47:31.0584 4744 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/03/13 21:47:31.0740 4744 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/03/13 21:47:32.0021 4744 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/03/13 21:47:32.0364 4744 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/03/13 21:47:32.0832 4744 SPBBCDrv (905782bcf15b6e5af9905b77923c7fa2) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/03/13 21:47:33.0159 4744 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/13 21:47:33.0409 4744 SRTSP (15e29eb26dd53eb6385629f4622b5519) C:\Windows\system32\Drivers\SRTSP.SYS
2011/03/13 21:47:33.0721 4744 SRTSPL (fd0c0333fae09dbd1170e0d607eca5c8) C:\Windows\system32\Drivers\SRTSPL.SYS
2011/03/13 21:47:33.0986 4744 SRTSPX (7e60a4a4035be470f47c6806da57db99) C:\Windows\system32\Drivers\SRTSPX.SYS
2011/03/13 21:47:34.0080 4744 srv (73dddbeec61e78568082916a27aadaee) C:\Windows\system32\DRIVERS\srv.sys
2011/03/13 21:47:34.0173 4744 srv2 (805fac010405ad3f82ef8df0bb035d81) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/13 21:47:34.0267 4744 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/13 21:47:34.0657 4744 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/13 21:47:34.0829 4744 swmsflt (3d4776ab6520240ae06d277ac45bf836) C:\Windows\system32\DRIVERS\swmsflt.sys
2011/03/13 21:47:35.0499 4744 swmx00 (af88ae62b84d016eb5bdc12ddf1005a3) C:\Windows\system32\DRIVERS\swmx00.sys
2011/03/13 21:47:35.0796 4744 SWNC5E00 (24bce62e4da07c6488e3a7ff37a6b6ae) C:\Windows\system32\DRIVERS\SWNC5E00.sys
2011/03/13 21:47:36.0061 4744 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/13 21:47:36.0186 4744 SymEvent (9d98270b5f10a4c84e8da417c30756e1) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/03/13 21:47:36.0420 4744 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/13 21:47:36.0841 4744 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/13 21:47:37.0231 4744 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
2011/03/13 21:47:37.0808 4744 Tcpip (8a7ad2a214233f684242f289ed83ebc3) C:\Windows\system32\drivers\tcpip.sys
2011/03/13 21:47:38.0510 4744 Tcpip6 (8a7ad2a214233f684242f289ed83ebc3) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/13 21:47:38.0963 4744 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/13 21:47:39.0243 4744 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/13 21:47:39.0493 4744 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/13 21:47:39.0696 4744 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/13 21:47:39.0961 4744 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/13 21:47:40.0257 4744 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/13 21:47:40.0569 4744 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/13 21:47:40.0928 4744 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/13 21:47:41.0334 4744 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/03/13 21:47:41.0693 4744 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/13 21:47:42.0239 4744 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/13 21:47:42.0488 4744 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/03/13 21:47:42.0909 4744 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/13 21:47:43.0315 4744 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/13 21:47:43.0565 4744 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/13 21:47:43.0705 4744 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/03/13 21:47:43.0845 4744 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/13 21:47:44.0095 4744 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/13 21:47:44.0329 4744 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/13 21:47:44.0625 4744 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/13 21:47:44.0969 4744 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/13 21:47:45.0312 4744 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/13 21:47:45.0717 4744 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/13 21:47:46.0107 4744 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/13 21:47:46.0310 4744 usb_rndisx (ee181a08e09db23cf4a49b46a1e66bb8) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/03/13 21:47:46.0435 4744 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/13 21:47:46.0856 4744 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/13 21:47:47.0012 4744 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/03/13 21:47:47.0340 4744 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/03/13 21:47:47.0543 4744 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/03/13 21:47:47.0933 4744 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/13 21:47:48.0416 4744 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/03/13 21:47:48.0869 4744 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/03/13 21:47:49.0071 4744 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/03/13 21:47:49.0383 4744 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/13 21:47:49.0524 4744 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/13 21:47:49.0586 4744 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/13 21:47:49.0961 4744 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/03/13 21:47:50.0132 4744 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/13 21:47:50.0741 4744 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/03/13 21:47:51.0209 4744 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/13 21:47:51.0427 4744 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/13 21:47:51.0567 4744 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/13 21:47:51.0864 4744 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/13 21:47:52.0020 4744 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys
2011/03/13 21:47:52.0285 4744 ================================================================================
2011/03/13 21:47:52.0285 4744 Scan finished
2011/03/13 21:47:52.0285 4744 ================================================================================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:16 AM

Posted 14 March 2011 - 06:07 AM

we are going to check the router

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 rycdavis

rycdavis
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 14 March 2011 - 03:18 PM

Windows IP Configuration

Host Name . . . . . . . . . . . . : laptop2
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ftrdhcpuser.net

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : ftrdhcpuser.net
Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN
Physical Address. . . . . . . . . : 00-1A-73-3B-81-74
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::bdcc:2e7e:fba0:3524%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, March 14, 2011 10:43:14 AM
Lease Expires . . . . . . . . . . : Tuesday, March 15, 2011 10:43:13 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
184.16.4.22
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-1B-24-04-C1-32
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{40E0FFE5-031C-4990-A5F4-51A82B1B059B}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{8234B6C3-B658-407E-8F3C-96FBCD223CD5}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:406:1730:3f57:fefb(Preferred)
Link-local IPv6 Address . . . . . : fe80::406:1730:3f57:fefb%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{8234B6C3-B658-407E-8F3C-96FBCD223CD5}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{4A0BB6B1-0AA5-46DD-8943-A4DEE4F458BD}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{8234B6C3-B658-407E-8F3C-96FBCD223CD5}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 20:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 21:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{8234B6C3-B658-407E-8F3C-96FBCD223CD5}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 22:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 23:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{4A0BB6B1-0AA5-46DD-8943-A4DEE4F458BD}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 24:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 25:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{4A0BB6B1-0AA5-46DD-8943-A4DEE4F458BD}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 26:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 27:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 30:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 35:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{4A0BB6B1-0AA5-46DD-8943-A4DEE4F458BD}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 36:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{4A0BB6B1-0AA5-46DD-8943-A4DEE4F458BD}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 37:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{51E998DB-7B67-4BAA-84E5-F4140EC63C9A}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 38:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 39:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 40:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 43:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{0231F0FA-BEAC-487F-9136-4745B0C43827}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 45:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{5F4FA51B-AA7F-4178-BA5E-23B472688776}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 47:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 48:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 50:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 51:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{51E998DB-7B67-4BAA-84E5-F4140EC63C9A}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 52:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{51E998DB-7B67-4BAA-84E5-F4140EC63C9A}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 55:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 56:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 57:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 58:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{5F4FA51B-AA7F-4178-BA5E-23B472688776}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 61:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{5F4FA51B-AA7F-4178-BA5E-23B472688776}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 62:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{5F4FA51B-AA7F-4178-BA5E-23B472688776}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 63:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{51E998DB-7B67-4BAA-84E5-F4140EC63C9A}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 64:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 67:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{5F4FA51B-AA7F-4178-BA5E-23B472688776}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 68:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 70:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 72:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{5F4FA51B-AA7F-4178-BA5E-23B472688776}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 73:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 75:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{5F4FA51B-AA7F-4178-BA5E-23B472688776}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 76:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 77:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 78:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{51E998DB-7B67-4BAA-84E5-F4140EC63C9A}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 81:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{5F4FA51B-AA7F-4178-BA5E-23B472688776}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 82:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 83:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{5F4FA51B-AA7F-4178-BA5E-23B472688776}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 84:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 85:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 86:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 87:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 89:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 90:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{51E998DB-7B67-4BAA-84E5-F4140EC63C9A}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 92:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 93:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 95:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 96:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 97:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 100:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{885B996A-8841-44AF-96A2-61B64F2F0FC0}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 102:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{0D6D76BF-6607-4D6C-8A26-8CB5D5E3C737}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 106:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 107:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : ftrdhcpuser.net
Description . . . . . . . . . . . : isatap.ftrdhcpuser.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 111:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: Wireless_Broadband_Router.ftrdhcpuser.net
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.225.16
74.125.225.18
74.125.225.20
74.125.225.17
74.125.225.19

Server: Wireless_Broadband_Router.ftrdhcpuser.net
Address: 192.168.1.1

Name: yahoo.com
Addresses: 67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70



Pinging google.com [74.125.225.20] with 32 bytes of data:

Reply from 74.125.225.20: bytes=32 time=80ms TTL=55

Reply from 74.125.225.20: bytes=32 time=81ms TTL=55



Ping statistics for 74.125.225.20:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 80ms, Maximum = 81ms, Average = 80ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=75ms TTL=53

Reply from 209.191.122.70: bytes=32 time=79ms TTL=53



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 75ms, Maximum = 79ms, Average = 77ms

===========================================================================
Interface List
9 ...00 1a 73 3b 81 74 ...... Broadcom 802.11b/g WLAN
8 ...00 1b 24 04 c1 32 ...... Intel® PRO/100 VE Network Connection
1 ........................... Software Loopback Interface 1
101 ...00 00 00 00 00 00 00 e0 isatap.{40E0FFE5-031C-4990-A5F4-51A82B1B059B}
18 ...00 00 00 00 00 00 00 e0 isatap.{8234B6C3-B658-407E-8F3C-96FBCD223CD5}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
17 ...00 00 00 00 00 00 00 e0 isatap.{8234B6C3-B658-407E-8F3C-96FBCD223CD5}
13 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
14 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
15 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
16 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
35 ...00 00 00 00 00 00 00 e0 isatap.{4A0BB6B1-0AA5-46DD-8943-A4DEE4F458BD}
21 ...00 00 00 00 00 00 00 e0 isatap.{8234B6C3-B658-407E-8F3C-96FBCD223CD5}
20 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
23 ...00 00 00 00 00 00 00 e0 isatap.{8234B6C3-B658-407E-8F3C-96FBCD223CD5}
22 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
25 ...00 00 00 00 00 00 00 e0 isatap.{4A0BB6B1-0AA5-46DD-8943-A4DEE4F458BD}
24 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
29 ...00 00 00 00 00 00 00 e0 isatap.{4A0BB6B1-0AA5-46DD-8943-A4DEE4F458BD}
26 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
27 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
30 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
36 ...00 00 00 00 00 00 00 e0 isatap.{4A0BB6B1-0AA5-46DD-8943-A4DEE4F458BD}
37 ...00 00 00 00 00 00 00 e0 isatap.{4A0BB6B1-0AA5-46DD-8943-A4DEE4F458BD}
66 ...00 00 00 00 00 00 00 e0 isatap.{51E998DB-7B67-4BAA-84E5-F4140EC63C9A}
38 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
39 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
40 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
44 ...00 00 00 00 00 00 00 e0 isatap.{0231F0FA-BEAC-487F-9136-4745B0C43827}
46 ...00 00 00 00 00 00 00 e0 isatap.{5F4FA51B-AA7F-4178-BA5E-23B472688776}
48 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
49 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
50 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
53 ...00 00 00 00 00 00 00 e0 isatap.{51E998DB-7B67-4BAA-84E5-F4140EC63C9A}
57 ...00 00 00 00 00 00 00 e0 isatap.{51E998DB-7B67-4BAA-84E5-F4140EC63C9A}
55 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
56 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
58 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
60 ...00 00 00 00 00 00 00 e0 isatap.{5F4FA51B-AA7F-4178-BA5E-23B472688776}
62 ...00 00 00 00 00 00 00 e0 isatap.{5F4FA51B-AA7F-4178-BA5E-23B472688776}
63 ...00 00 00 00 00 00 00 e0 isatap.{5F4FA51B-AA7F-4178-BA5E-23B472688776}
67 ...00 00 00 00 00 00 00 e0 isatap.{51E998DB-7B67-4BAA-84E5-F4140EC63C9A}
64 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
72 ...00 00 00 00 00 00 00 e0 isatap.{5F4FA51B-AA7F-4178-BA5E-23B472688776}
68 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
70 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
75 ...00 00 00 00 00 00 00 e0 isatap.{5F4FA51B-AA7F-4178-BA5E-23B472688776}
73 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
78 ...00 00 00 00 00 00 00 e0 isatap.{5F4FA51B-AA7F-4178-BA5E-23B472688776}
76 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
77 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
81 ...00 00 00 00 00 00 00 e0 isatap.{51E998DB-7B67-4BAA-84E5-F4140EC63C9A}
82 ...00 00 00 00 00 00 00 e0 isatap.{5F4FA51B-AA7F-4178-BA5E-23B472688776}
98 ...00 00 00 00 00 00 00 e0 isatap.home
87 ...00 00 00 00 00 00 00 e0 isatap.{5F4FA51B-AA7F-4178-BA5E-23B472688776}
84 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
85 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
86 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
90 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
89 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
96 ...00 00 00 00 00 00 00 e0 isatap.{51E998DB-7B67-4BAA-84E5-F4140EC63C9A}
92 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
93 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
95 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
99 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
97 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
103 ...00 00 00 00 00 00 00 e0 isatap.{885B996A-8841-44AF-96A2-61B64F2F0FC0}
110 ...00 00 00 00 00 00 00 e0 isatap.{0D6D76BF-6607-4D6C-8A26-8CB5D5E3C737}
108 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
115 ...00 00 00 00 00 00 00 e0 isatap.ftrdhcpuser.net
114 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 281
192.168.1.4 255.255.255.255 On-link 192.168.1.4 281
192.168.1.255 255.255.255.255 On-link 192.168.1.4 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:406:1730:3f57:fefb/128
On-link
9 281 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::406:1730:3f57:fefb/128
On-link
9 281 fe80::bdcc:2e7e:fba0:3524/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
9 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:16 AM

Posted 14 March 2011 - 06:20 PM

Resetting Router

Let’s try to reset the router to its default configuration.
  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 rycdavis

rycdavis
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 16 March 2011 - 02:00 PM

sorry its taking a while, my dad works from home so we use the internet 24-7. i will do this hopefully tonight.
does it make sense to be the router if the computer still does it while connected to internet sources anywhere including 3g from a sprint wireless card?

i dont dare question your knowledge or authority =p just curious

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:16 AM

Posted 16 March 2011 - 08:54 PM

No it don't so let me go over the reports again and see what I find



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 rycdavis

rycdavis
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 20 March 2011 - 10:31 PM

apparently my mom went at it today (i know, not supposed to, i guess she forgot and got ambitious..)
she ran hitman pro 3.5 and it fixed the issue. i thought that was one of the things i had already run... interesting. seems to have resolved all issues. thank you for the help though!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:16 AM

Posted 21 March 2011 - 08:05 AM

Hello


Thank you for letting me know and sorry for not repling sooner as I have been very busy at real life and have had very little time online


I will leave open for a few days and if anything comes up let me know OK.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 rycdavis

rycdavis
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 21 March 2011 - 02:32 PM

i would like to make a correction for future people, it was not Hitman Pro that solved this, it appears the trial version of ARO 2011 is what fixed it. we did not purchase the full version, the trial was enough. hope that helps some people!
thanks again for the people on this site for helping everyone out!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users