Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious DNS Entries


  • Please log in to reply
74 replies to this topic

#1 maheshursekar

maheshursekar

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 14 May 2015 - 10:25 AM

Hi !

 

This is a carry forward of a topic from the forum "Virus, Trojan, Spyware, and Malware Removal Logs". Nasdaq, who was helping me there, suggested I take it forward to this forum. The earlier forum discussion can be found here:

 

http://www.bleepingcomputer.com/forums/t/574848/suspicious-registry-entries/

 

Brief History:

-----------------

My PC "was" infected with the adultube.info malware. I say "was" because the malicious behavior of redirecting my webpages to a pornographic website no longer exits. The behavior was eliminated when I hard-reset my Cicso Linksys E1200 router as directed by Nasaq. Nasdaq subsequently ran a number of tools which mostly found no malware as such on my PC.

 

Current Status:

----------------------

There are three issues:

(a) My Malwarebytes anti-virus keeps popping up a message on the bottom -right of my PC every few seconds. See attachment "Malwarebytes message-min.jpg" for details of message.
(B) My Linksys router Status page shows a malicious IP 46.161.41.146 as DNS1. I do not know from where it is getting this value. I have searched all the Settings of the Router but do not find it hard-coded anywhere. See "Status-min.jpg" for a snapshot of the Status page.

© In the Registry, the DhcpNameServer parameter is to: 46.161.41.146 8.8.8.8 192.168.0.1 under the following keys:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{C3233060-B9BB-4DC1-8E2F-9E9306548D3D}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{C3233060-B9BB-4DC1-8E2F-9E9306548D3D}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{C3233060-B9BB-4DC1-8E2F-9E9306548D3D}

 

Nasdaq told me to run MiniToolBox and post the results here. Find them below:

 

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by Test (administrator) on 14-05-2015 at 19:24:52
Running from "C:\Users\Test\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Model: Inspiron 535s Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Mahesh-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-25-64-05-68-6D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : fd2d:4885:86c6:0:ccf4:15ea:3ad9:6cbc(Preferred)
   Temporary IPv6 Address. . . . . . : fd2d:4885:86c6:0:4d16:61c7:a9d4:27c3(Preferred)
   Link-local IPv6 Address . . . . . : fe80::ccf4:15ea:3ad9:6cbc%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.146(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, May 14, 2015 6:24:09 PM
   Lease Expires . . . . . . . . . . : Friday, May 15, 2015 6:24:04 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 167781732
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-AF-1E-32-00-25-64-05-68-6D
   DNS Servers . . . . . . . . . . . : 46.161.41.146
                                       8.8.8.8
                                       192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C3233060-B9BB-4DC1-8E2F-9E9306548D3D}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  46.161.41.146


Pinging google.com [216.58.220.14] with 32 bytes of data:
Reply from 216.58.220.14: bytes=32 time=13ms TTL=56
Reply from 216.58.220.14: bytes=32 time=15ms TTL=56

Ping statistics for 216.58.220.14:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 13ms, Maximum = 15ms, Average = 14ms
Server:  UnKnown
Address:  46.161.41.146


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=276ms TTL=47
Reply from 98.138.253.109: bytes=32 time=261ms TTL=47

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 261ms, Maximum = 276ms, Average = 268ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...00 25 64 05 68 6d ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.146     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.146    276
    192.168.0.146  255.255.255.255         On-link     192.168.0.146    276
    192.168.0.255  255.255.255.255         On-link     192.168.0.146    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.146    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.146    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10     28 fd2d:4885:86c6::/64      On-link
 10    276 fd2d:4885:86c6:0:4d16:61c7:a9d4:27c3/128
                                    On-link
 10    276 fd2d:4885:86c6:0:ccf4:15ea:3ad9:6cbc/128
                                    On-link
 10    276 fe80::/64                On-link
 10    276 fe80::ccf4:15ea:3ad9:6cbc/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 08 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/09/2015 06:11:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.2.5583, time stamp: 0x552ef76c
Faulting module name: mozalloc.dll, version: 37.0.2.5583, time stamp: 0x552ee9ae
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x10bc
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/09/2015 06:11:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.2.5583, time stamp: 0x552ef76c
Faulting module name: mozalloc.dll, version: 37.0.2.5583, time stamp: 0x552ee9ae
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1328
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/09/2015 06:11:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.2.5583, time stamp: 0x552ef76c
Faulting module name: mozalloc.dll, version: 37.0.2.5583, time stamp: 0x552ee9ae
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x169c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/07/2015 04:40:40 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=42.0.2311.135;lang=;guid=0CB261B7FC2B4068BE9AE7ABEC8A1BD8;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\932ee19f-884b-4114-be91-af942f9f80ea.dmp

Error: (05/05/2015 11:03:09 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.2.5583, time stamp: 0x552ef76c
Faulting module name: mozalloc.dll, version: 37.0.2.5583, time stamp: 0x552ee9ae
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1ef4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/05/2015 11:03:09 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.2.5583, time stamp: 0x552ef76c
Faulting module name: mozalloc.dll, version: 37.0.2.5583, time stamp: 0x552ee9ae
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1fb0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/05/2015 11:02:56 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.2.5583, time stamp: 0x552ef76c
Faulting module name: mozalloc.dll, version: 37.0.2.5583, time stamp: 0x552ee9ae
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1e24
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (04/25/2015 05:30:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: WebKit2WebProcess.exe, version: 7534.57.2.4, time stamp: 0x4f97642d
Faulting module name: np-mswmp.dll_unloaded, version: 0.0.0.0, time stamp: 0x461c294a
Exception code: 0xc0000005
Fault offset: 0x60099507
Faulting process id: 0x1f3c
Faulting application start time: 0xWebKit2WebProcess.exe0
Faulting application path: WebKit2WebProcess.exe1
Faulting module path: WebKit2WebProcess.exe2
Report Id: WebKit2WebProcess.exe3

Error: (04/24/2015 01:41:19 PM) (Source: Application Hang) (User: )
Description: The program avz.exe version 4.43.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 24c

Start Time: 01d07e659d243402

Termination Time: 6

Application Path: C:\Users\Test\Downloads\avz4\avz4\avz.exe

Report Id: 752041a8-ea59-11e4-9602-00256405686d

Error: (04/21/2015 04:29:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: SetACL_32.exe, version: 3.0.6.0, time stamp: 0x504e4cb4
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b3c6
Exception code: 0xc0000005
Fault offset: 0x0001a242
Faulting process id: 0xcd4
Faulting application start time: 0xSetACL_32.exe0
Faulting application path: SetACL_32.exe1
Faulting module path: SetACL_32.exe2
Report Id: SetACL_32.exe3


System errors:
=============
Error: (05/13/2015 10:49:10 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/13/2015 10:37:02 PM) (Source: DCOM) (User: )
Description: {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775}

Error: (05/13/2015 07:40:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80080005: Security Update for Windows 7 (KB3046002).

Error: (05/13/2015 07:40:44 PM) (Source: DCOM) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (05/12/2015 05:25:20 PM) (Source: Service Control Manager) (User: )
Description: The SQL Server (SQLEXPRESS) service failed to start due to the following error:
%%1053

Error: (05/12/2015 05:25:20 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.

Error: (05/11/2015 02:52:19 PM) (Source: Service Control Manager) (User: )
Description: The SQL Server (SQLEXPRESS) service failed to start due to the following error:
%%1053

Error: (05/11/2015 02:52:18 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.

Error: (05/10/2015 08:44:14 PM) (Source: Service Control Manager) (User: )
Description: The SQL Server (SQLEXPRESS) service failed to start due to the following error:
%%1053

Error: (05/10/2015 08:44:14 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.


Microsoft Office Sessions:
=========================
Error: (07/25/2014 05:04:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1030 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (06/12/2014 11:25:20 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/12/2014 11:25:09 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/12/2014 11:24:53 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/12/2014 11:24:36 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 159 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (06/04/2014 04:16:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 13 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/04/2014 04:15:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 105 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (06/04/2014 03:27:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 5148 seconds with 3360 seconds of active time.  This session ended with a crash.

Error: (06/02/2013 00:18:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/02/2013 00:17:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1122 seconds with 720 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-10-09 19:58:18.259
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-09 19:58:18.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-09 19:58:18.217
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-09 19:58:18.204
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-09 19:58:18.199
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-09 19:58:18.194
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-09 19:58:18.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-09 19:58:18.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-09 19:58:18.079
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-09 19:58:18.070
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.


**** End of log ****
 

 

Hope you can help !

Attached Files



BC AdBot (Login to Remove)

 


#2 maheshursekar

maheshursekar
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 14 May 2015 - 10:28 AM

The settings of the MiniToolBox that Nasdaq told me to set were:

 

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


#3 Nikhil_CV

Nikhil_CV

    Vestibulum Bleep


  • Members
  • 1,145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:err: Destination unreachable! bash!
  • Local time:04:02 AM

Posted 14 May 2015 - 11:43 AM

While I or any others help you, please understand that malware removal is not allowed outside MRL forum.
Can you post a fresh minitoolbox log, after disconnecting from all network and restarting your machine?
Also, while connected to internet, please watch the network tab of resource monitor (Start > run > resmon.exe), especially the svchost.exe process. You should check the second part of screen to see if suspected IP is found, post a screen shot.

Have you tried using a internet connection via any other sources, rather than this modem or router?
Can you please try it if possible, like say use USB modem.

Let me go through your previous posts.

You seem to be getting help from multiple sources, forum.kaspersky.com/lofiversion/index.php/t321406.html ? Was that you? Can we consider it closed? Or was it someone else?

Edited by Nikhil_CV, 14 May 2015 - 11:56 AM.

Regards : CV                                                                                                    There is no ONE TOUCH key to security!
                                                                                                                                       Be alert and vigilant....!
                                                                                                                                  Always have a Backup Plan!!! Because human idiotism doesn't have a cure! Stop highlighting!
                                                     Questions are to be asked, it helps you, me and others.  Knowledge is power, only when its shared to others.            :radioactive: signature contents © cv and Someone....... :wink:

#4 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:32 PM

Posted 14 May 2015 - 01:25 PM

ummm.....your status page shows your internet IP address as 192.168.1.2 and the default gateway as 192.168.1.1, it's like this router is behind another router giving you a private IP address. 

 

can you post a the results of a tracert yahoo.com please


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#5 Nikhil_CV

Nikhil_CV

    Vestibulum Bleep


  • Members
  • 1,145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:err: Destination unreachable! bash!
  • Local time:04:02 AM

Posted 14 May 2015 - 01:43 PM

Hi,
It seems your router is causing trouble, but I can't jump to a conclusion now.
Who is your ISP? Did they give you this router?
Please do these too:
Edit the DNS server addresses of all network adapters in the machine to any of following or their combination:
# Norton DNS: https://connectsafe.norton.com
# Comodo DNS: https://www.comodo.com/secure-dns/
# Google public DNS: https://developers.google.com/speed/public-dns/docs/using

This will hopefully override router DNS settings for your machine. Please verify that by checking the registry values (you seem to know where to check, else let me help you.)


CaveDweller2 has some findings. Please follow him while you use the Linksys router.

Edited by Nikhil_CV, 14 May 2015 - 02:01 PM.

Regards : CV                                                                                                    There is no ONE TOUCH key to security!
                                                                                                                                       Be alert and vigilant....!
                                                                                                                                  Always have a Backup Plan!!! Because human idiotism doesn't have a cure! Stop highlighting!
                                                     Questions are to be asked, it helps you, me and others.  Knowledge is power, only when its shared to others.            :radioactive: signature contents © cv and Someone....... :wink:

#6 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 14 May 2015 - 01:50 PM

 DNS Servers . . . . . . . . . . . : 46.161.41.146 is not a valid dns server.  You should remove it.

 

C:\Users\user>nslookup google.com 46.161.41.146
Server:  UnKnown
Address:  46.161.41.146

*** UnKnown can't find google.com: Query refused

 

I am not seeing any 192.168.1.x entries in the minidump.  Only 192.168.0.x



#7 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:32 PM

Posted 14 May 2015 - 02:17 PM

Wand3r3r - me either. but look at the picture of the status page. It's weird.


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#8 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:03:32 PM

Posted 14 May 2015 - 02:23 PM

Sure enough it lists x.x.1.x 

Now I see why you requested a tracert.



#9 Nikhil_CV

Nikhil_CV

    Vestibulum Bleep


  • Members
  • 1,145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:err: Destination unreachable! bash!
  • Local time:04:02 AM

Posted 14 May 2015 - 02:30 PM

may be the modem has been configured with the IP for DNS?
OP must have to check that too.
Regards : CV                                                                                                    There is no ONE TOUCH key to security!
                                                                                                                                       Be alert and vigilant....!
                                                                                                                                  Always have a Backup Plan!!! Because human idiotism doesn't have a cure! Stop highlighting!
                                                     Questions are to be asked, it helps you, me and others.  Knowledge is power, only when its shared to others.            :radioactive: signature contents © cv and Someone....... :wink:

#10 maheshursekar

maheshursekar
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 15 May 2015 - 12:33 AM

Hi - Have done as all suggested. I hope I have got it right.

 

(1) Can you post a fresh minitoolbox log, after disconnecting from all network and restarting your machine? It is below:

 

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by Test (administrator) on 15-05-2015 at 10:36:03
Running from "C:\Users\Test\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Model: Inspiron 535s Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Mahesh-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-25-64-05-68-6D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C3233060-B9BB-4DC1-8E2F-9E9306548D3D}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...00 25 64 05 68 6d ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 08 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/09/2015 06:11:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.2.5583, time stamp: 0x552ef76c
Faulting module name: mozalloc.dll, version: 37.0.2.5583, time stamp: 0x552ee9ae
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x10bc
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/09/2015 06:11:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.2.5583, time stamp: 0x552ef76c
Faulting module name: mozalloc.dll, version: 37.0.2.5583, time stamp: 0x552ee9ae
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1328
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/09/2015 06:11:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.2.5583, time stamp: 0x552ef76c
Faulting module name: mozalloc.dll, version: 37.0.2.5583, time stamp: 0x552ee9ae
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x169c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/07/2015 04:40:40 PM) (Source: Chrome) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=42.0.2311.135;lang=;guid=0CB261B7FC2B4068BE9AE7ABEC8A1BD8;is_machine=1;oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\932ee19f-884b-4114-be91-af942f9f80ea.dmp

Error: (05/05/2015 11:03:09 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.2.5583, time stamp: 0x552ef76c
Faulting module name: mozalloc.dll, version: 37.0.2.5583, time stamp: 0x552ee9ae
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1ef4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/05/2015 11:03:09 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.2.5583, time stamp: 0x552ef76c
Faulting module name: mozalloc.dll, version: 37.0.2.5583, time stamp: 0x552ee9ae
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1fb0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/05/2015 11:02:56 AM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.2.5583, time stamp: 0x552ef76c
Faulting module name: mozalloc.dll, version: 37.0.2.5583, time stamp: 0x552ee9ae
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1e24
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (04/25/2015 05:30:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: WebKit2WebProcess.exe, version: 7534.57.2.4, time stamp: 0x4f97642d
Faulting module name: np-mswmp.dll_unloaded, version: 0.0.0.0, time stamp: 0x461c294a
Exception code: 0xc0000005
Fault offset: 0x60099507
Faulting process id: 0x1f3c
Faulting application start time: 0xWebKit2WebProcess.exe0
Faulting application path: WebKit2WebProcess.exe1
Faulting module path: WebKit2WebProcess.exe2
Report Id: WebKit2WebProcess.exe3

Error: (04/24/2015 01:41:19 PM) (Source: Application Hang) (User: )
Description: The program avz.exe version 4.43.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 24c

Start Time: 01d07e659d243402

Termination Time: 6

Application Path: C:\Users\Test\Downloads\avz4\avz4\avz.exe

Report Id: 752041a8-ea59-11e4-9602-00256405686d

Error: (04/21/2015 04:29:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: SetACL_32.exe, version: 3.0.6.0, time stamp: 0x504e4cb4
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b3c6
Exception code: 0xc0000005
Fault offset: 0x0001a242
Faulting process id: 0xcd4
Faulting application start time: 0xSetACL_32.exe0
Faulting application path: SetACL_32.exe1
Faulting module path: SetACL_32.exe2
Report Id: SetACL_32.exe3


System errors:
=============
Error: (05/15/2015 09:57:35 AM) (Source: Service Control Manager) (User: )
Description: The SQL Server (SQLEXPRESS) service failed to start due to the following error:
%%1053

Error: (05/15/2015 09:57:35 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.

Error: (05/14/2015 08:28:26 PM) (Source: DCOM) (User: )
Description: {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775}

Error: (05/13/2015 10:49:10 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/13/2015 10:37:02 PM) (Source: DCOM) (User: )
Description: {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775}

Error: (05/13/2015 07:40:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80080005: Security Update for Windows 7 (KB3046002).

Error: (05/13/2015 07:40:44 PM) (Source: DCOM) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (05/12/2015 05:25:20 PM) (Source: Service Control Manager) (User: )
Description: The SQL Server (SQLEXPRESS) service failed to start due to the following error:
%%1053

Error: (05/12/2015 05:25:20 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.

Error: (05/11/2015 02:52:19 PM) (Source: Service Control Manager) (User: )
Description: The SQL Server (SQLEXPRESS) service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (07/25/2014 05:04:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1030 seconds with 480 seconds of active time.  This session ended with a crash.

Error: (06/12/2014 11:25:20 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/12/2014 11:25:09 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/12/2014 11:24:53 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/12/2014 11:24:36 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 159 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (06/04/2014 04:16:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 13 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/04/2014 04:15:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 105 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (06/04/2014 03:27:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 5148 seconds with 3360 seconds of active time.  This session ended with a crash.

Error: (06/02/2013 00:18:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (06/02/2013 00:17:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1122 seconds with 720 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-10-09 19:58:18.259
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-09 19:58:18.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-09 19:58:18.217
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-09 19:58:18.204
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-09 19:58:18.199
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-09 19:58:18.194
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-09 19:58:18.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-09 19:58:18.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-09 19:58:18.079
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-09 19:58:18.070
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.


**** End of log ****
 

(2) Also, while connected to internet, please watch the network tab of resource monitor (Start > run > resmon.exe), especially the svhost.exe process. You should check the second part of screen to see if suspected IP is found, post a screen shot.

I am unable to attach a snapshot as it says I have "exceeded allotted disk space for attachments". Here is a Google Drive link of the snapshot: https://drive.google.com/file/d/0Bw398McjwPAaSGpmU01VY0R1OFk/view?usp=sharing

 

(3) Have you tried using a internet connection via any other sources, rather than this modem or router? Can you please try it if possible, like say use USB modem.

Prior to using the WiFi Router, I was connected to the Internet via a Modem alone. Since I needed WiFi connectivity, I purchased this Router. As I am no network expert, I followed the instructions that came with the Linksys router to set-up connectivity. My PC connects to the Router which connects to the Modem which connects to the Internet

 

(4) can you post a the results of a tracert yahoo.com please. It is below:

Tracing route to yahoo.com [98.139.183.24]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.0.1
  2     1 ms     1 ms    <1 ms  192.168.1.1
  3     *        *        *     Request timed out.
  4     *       15 ms    16 ms  static-mum-59.185.211.205.mtnl.net.in [59.185.211.205]
  5    14 ms    16 ms    13 ms  static-mum-59.185.211.206.mtnl.net.in [59.185.211.206]
  6     *        *        *     Request timed out.
  7    75 ms    77 ms    78 ms  62.216.147.45
  8   232 ms   227 ms   228 ms  xe-0-1-1.0.pjr03.ldn001.flagtel.com [85.95.26.233]
  9   231 ms   228 ms   228 ms  xe-4-2-0.0.cji01.ldn004.flagtel.com [62.216.129.138]
 10     *        *        *     Request timed out.
 11     *      216 ms   218 ms  ae8.pat2.nyc.yahoo.com [66.196.65.15]
 12   230 ms   228 ms   230 ms  ae-2.pat2.bfz.yahoo.com [216.115.100.74]
 13   223 ms   225 ms   231 ms  ae-4.msr1.bf1.yahoo.com [216.115.100.25]
 14     *        *      225 ms  xe-11-2-1.clr1-a-gdc.bf1.yahoo.com [98.139.129.167]
 15   229 ms   227 ms   229 ms  UNKNOWN-72-30-22-X.yahoo.com [72.30.22.13]
 16   225 ms   228 ms   228 ms  po-15.bas1-7-prd.bf1.yahoo.com [98.139.129.241]
 17   230 ms   231 ms   233 ms  ir2.fp.vip.bf1.yahoo.com [98.139.183.24]

Trace complete.
 

(5) Who is your ISP? Did they give you this modem/ router?

My ISP is an organization called MTNL in Mumbai. The Modem was given by MTNL. I purchased the WiFi Router separately

 

(6) Edit the DNS server addresses of all network adapters in the machine to any of following or their combination:

Did not understand these instructions. Currently, my Network settings are "Obtain IP Address Automatically" and "Obtain DNS Server Automatically"

 

(7) DNS Servers . . . . . . . . . . . : 46.161.41.146 is not a valid dns server.  You should remove it.

Along with Nasdaq, we had run Rogue Killer multiple times which removed the IP address from the Registry but after a Reboot they appeared again automatically! The DNS entry on the Router Status Page has never been removed
 

(8) may be the modem has been configured with the IP for DNS? OP must have to check that too.

Not sure why I have to do here

 

 

 

 



#11 Nikhil_CV

Nikhil_CV

    Vestibulum Bleep


  • Members
  • 1,145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:err: Destination unreachable! bash!
  • Local time:04:02 AM

Posted 15 May 2015 - 06:29 AM

Hi Mahesh ,
Thanks for your prompted replies. From it its clear your machine is safe but problems occur from your network devices (either Linksys router or your ISP supplied modem.)

Now will you able to connect directly to your modem for checking if your router was bugged or modem is bugged? Try that before setting DNS address as mentioned below and post a new Minitoolbox log. Please avoid 'Last ten event viewer logs'.

Which is your modem make and model?
What happens when you type 192.168.1.1 on your browser's address bar? What about 192.168.0.1 ? Which logs you to modem and which to your Linksys router? (Linksys must be at 192.168.1.1 ) Can you modify any modem settings?
Perform this above step when not connected to internet but you're connected via Linksys to modem.

I'm sorry I couldn't help you with instructions on DNS directly as I am using a mobile to reply but all pre defined instructions are stored in my PC. Well, in order to change DNS address on any of your device, Google has it documented in its page linked in my first reply. ( you can see it at : https://developers.google.com/speed/public-dns/docs/using ) Scroll down the page and you'll surely see how you're helping yourself on all devices. This will make sure you are not DNS hijacked.
Regards : CV                                                                                                    There is no ONE TOUCH key to security!
                                                                                                                                       Be alert and vigilant....!
                                                                                                                                  Always have a Backup Plan!!! Because human idiotism doesn't have a cure! Stop highlighting!
                                                     Questions are to be asked, it helps you, me and others.  Knowledge is power, only when its shared to others.            :radioactive: signature contents © cv and Someone....... :wink:

#12 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:32 PM

Posted 15 May 2015 - 07:35 AM

One more thing - http://www.ipchicken.com/ does that show 192.168.1.1 as your IP address?


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#13 maheshursekar

maheshursekar
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:04:02 AM

Posted 16 May 2015 - 09:00 AM

Hi Nikhil:

 

(1) Now will you able to connect directly to your modem for checking if your router was bugged or modem is bugged?

 

I connected directly to the Modem and the Malwarebytes Website blocked pop-up kept coming, so I assumed it is the modem that was compromised.

 

(2) What happens when you type 192.168.1.1 on your browser's address bar?

 

I am supposed to get the modem web-page. But I was unable to login to it with the default Modem login/password (was this changed by the hacker?). So, I hard-reset the Modem since I am aware how to configure it. After doing that the Malwarebytes pop-up stopped coming up!! I reconnected my WiFi Router (so the setup was as before) and there was no pop-up again!!

 

Question: Do I need to change the password of the modem to something complex? Is it a vulnerability?

 

(3) What about 192.168.0.1 ?

 

This opens the Linksys router page. I generally don't setup the Router this way as I do not know how.

 

(4) post a new Minitoolbox log (It is below. It has been generated with the Router & Modem connected)

 

MiniToolBox by Farbar  Version: 11-05-2015 01
Ran by Test (administrator) on 16-05-2015 at 19:15:18
Running from "C:\Users\Test\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Model: Inspiron 535s Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Mahesh-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-25-64-05-68-6D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : fd2d:4885:86c6:0:ccf4:15ea:3ad9:6cbc(Preferred)
   Temporary IPv6 Address. . . . . . : fd2d:4885:86c6:0:acf5:cb89:c6f7:c856(Preferred)
   Link-local IPv6 Address . . . . . : fe80::ccf4:15ea:3ad9:6cbc%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.115(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, May 16, 2015 6:59:00 PM
   Lease Expires . . . . . . . . . . : Sunday, May 17, 2015 6:58:57 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 167781732
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-AF-1E-32-00-25-64-05-68-6D
   DNS Servers . . . . . . . . . . . : 203.94.243.70
                                       59.179.243.70
                                       192.168.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C3233060-B9BB-4DC1-8E2F-9E9306548D3D}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  ns2.mtnl.net.in
Address:  203.94.243.70

Name:    google.com
Addresses:  2404:6800:4002:802::1000
      173.194.36.65
      173.194.36.70
      173.194.36.64
      173.194.36.67
      173.194.36.78
      173.194.36.73
      173.194.36.72
      173.194.36.71
      173.194.36.68
      173.194.36.66
      173.194.36.69


Pinging google.com [173.194.36.65] with 32 bytes of data:
Reply from 173.194.36.65: bytes=32 time=32ms TTL=55
Reply from 173.194.36.65: bytes=32 time=34ms TTL=55

Ping statistics for 173.194.36.65:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 32ms, Maximum = 34ms, Average = 33ms
Server:  ns2.mtnl.net.in
Address:  203.94.243.70

Name:    yahoo.com
Addresses:  98.139.183.24
      206.190.36.45
      98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=221ms TTL=46
Reply from 98.139.183.24: bytes=32 time=225ms TTL=46

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 221ms, Maximum = 225ms, Average = 223ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...00 25 64 05 68 6d ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.115     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link     192.168.0.115    276
    192.168.0.115  255.255.255.255         On-link     192.168.0.115    276
    192.168.0.255  255.255.255.255         On-link     192.168.0.115    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.0.115    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.0.115    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10     28 fd2d:4885:86c6::/64      On-link
 10    276 fd2d:4885:86c6:0:acf5:cb89:c6f7:c856/128
                                    On-link
 10    276 fd2d:4885:86c6:0:ccf4:15ea:3ad9:6cbc/128
                                    On-link
 10    276 fe80::/64                On-link
 10    276 fe80::ccf4:15ea:3ad9:6cbc/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 08 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

**** End of log ****
 

(5) IP Chicken shows IP as 120.61.210.60

 

(6) In the Registry, the DhcpNameServer has the below values. I don't recognize them but they might be my ISP DNS IPs.

 

203.94.243.70 59.179.243.70 192.168.0.1

 

Do you reckon I am finally free of this malware??

 

Best, Mahesh



#14 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:32 PM

Posted 16 May 2015 - 09:29 AM

If it is working then I'd leave it alone. But your modem is a modem/router, we know this because when you do a tracert each hop is a router. The first was 192.168.0.1 which is your Linksys, the next is 192.168.1.1 which is your modem/router, then the next is timed out which means your ISP's router is set up not to answer, and on it goes.

 

I am not saying do this but you could just turn off DHCP on the Linksys and your modem/router will take care of handing out addresses but as I said it is working so I'd just leave it.

 

Those DNS servers are good so I wouldn't worry about them either.

 

Not really sure what got rid of the bad DNS server, probably resetting the modem/router, but whatever it was glad it's working as expected again.


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#15 Nikhil_CV

Nikhil_CV

    Vestibulum Bleep


  • Members
  • 1,145 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:err: Destination unreachable! bash!
  • Local time:04:02 AM

Posted 16 May 2015 - 09:34 AM

[quote]
Question: Do I need to change the password of the modem to something complex? Is it a vulnerability?

[\quote]
I would recommend changing the default passwords if both router and modem.
If you need more secure DNS, follow my previous posts to do so.

You're clean now, both system vise (per NASDAQ) and device vise :)

Please report this in your Malware assistance thread so that its locked and your helper(NASDAQ) doesn't need to wait for any replies more....
Good luck!


Something is glitching my replies , sorry.

Edited by Nikhil_CV, 16 May 2015 - 09:59 AM.

Regards : CV                                                                                                    There is no ONE TOUCH key to security!
                                                                                                                                       Be alert and vigilant....!
                                                                                                                                  Always have a Backup Plan!!! Because human idiotism doesn't have a cure! Stop highlighting!
                                                     Questions are to be asked, it helps you, me and others.  Knowledge is power, only when its shared to others.            :radioactive: signature contents © cv and Someone....... :wink:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users