Jump to content

Different Ip Blocks Everytime I Click On A Website?

thomachan21
 Share

Recommended Posts

thomachan21

thomachan21

Posted
Posted

Alright so I posted the DDS & Attach.txt and I still have the same problems no matter what website I went to. I had been waiting at least 3 days for a single reply, yet you guys cannot do that.

I see people that start a new one, and then automatically recieve a response.

I dont know if you guys are busy, but any help with this can and will be appreciated thanks.

2012/01/31 06:21:12 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 212.40.120.230 (Type: outgoing)

2012/01/31 06:21:15 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 212.40.120.230 (Type: outgoing)

2012/01/31 06:21:15 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 212.40.120.230 (Type: outgoing)

2012/01/31 06:21:21 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 212.40.120.230 (Type: outgoing)

2012/01/31 06:21:38 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 212.40.120.230 (Type: outgoing)

2012/01/31 06:21:38 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 212.40.120.230 (Type: outgoing)

2012/01/31 06:21:41 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 212.40.120.230 (Type: outgoing)

2012/01/31 06:21:41 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 212.40.120.230 (Type: outgoing)

2012/01/31 06:21:47 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 212.40.120.230 (Type: outgoing)

2012/01/31 06:21:47 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 212.40.120.230 (Type: outgoing)

2012/01/31 07:42:25 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 77.78.249.224 (Type: incoming)

2012/01/31 07:42:28 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 77.78.249.224 (Type: incoming)

2012/01/31 07:42:40 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 77.78.249.224 (Type: incoming)

2012/01/31 07:42:43 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 77.78.249.224 (Type: incoming)

2012/01/31 07:43:01 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 77.78.249.224 (Type: incoming)

2012/01/31 07:43:04 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 77.78.249.224 (Type: incoming)

2012/01/31 07:43:07 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 77.78.249.224 (Type: incoming)

2012/01/31 07:43:09 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 77.78.249.224 (Type: incoming)

2012/01/31 07:43:13 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 77.78.249.224 (Type: incoming)

2012/01/31 07:43:16 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 77.78.249.224 (Type: incoming)

2012/01/31 07:43:22 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 77.78.249.224 (Type: incoming)

2012/01/31 07:43:34 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 77.78.249.224 (Type: incoming)

2012/01/31 07:43:36 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 77.78.249.224 (Type: incoming)

2012/01/31 16:14:58 -0800 HOME-DD8DC15EFD Silvia MESSAGE Starting database refresh

2012/01/31 16:14:58 -0800 HOME-DD8DC15EFD Silvia MESSAGE Stopping IP protection

2012/01/31 16:14:58 -0800 HOME-DD8DC15EFD Silvia MESSAGE IP Protection stopped

2012/01/31 16:15:07 -0800 HOME-DD8DC15EFD Silvia MESSAGE Database refreshed successfully

2012/01/31 16:15:07 -0800 HOME-DD8DC15EFD Silvia MESSAGE Starting IP protection

2012/01/31 16:15:09 -0800 HOME-DD8DC15EFD Silvia MESSAGE IP Protection started successfully

2012/01/31 20:57:12 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/01/31 20:57:12 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/01/31 20:57:15 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/01/31 20:57:15 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/01/31 20:57:21 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/01/31 20:57:21 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/01/31 21:11:51 -0800 HOME-DD8DC15EFD Silvia MESSAGE Starting protection

2012/01/31 21:12:03 -0800 HOME-DD8DC15EFD Silvia MESSAGE Protection started successfully

2012/01/31 21:12:06 -0800 HOME-DD8DC15EFD Silvia MESSAGE Starting IP protection

2012/01/31 21:12:08 -0800 HOME-DD8DC15EFD Silvia MESSAGE IP Protection started successfully

2012/02/02 06:26:18 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 06:26:18 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 06:26:21 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 06:26:21 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 06:26:27 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 06:26:27 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 14:35:36 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 14:35:36 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 14:35:39 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 14:35:39 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 14:35:45 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 14:35:45 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 16:48:09 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 16:48:09 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 16:48:11 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 16:48:12 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 16:48:18 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 16:48:18 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 17:25:20 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 17:25:20 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 17:25:22 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 17:25:23 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 17:25:28 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 17:25:29 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 18:43:21 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 18:43:21 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 18:43:24 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 18:43:24 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 18:43:30 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

2012/02/02 18:43:30 -0800 HOME-DD8DC15EFD Silvia IP-BLOCK 91.212.226.7 (Type: outgoing)

dds.txt

attach.txt

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hello and :welcome:

Nothing obvious shows up in your logs, so lets do some rootkit and advanced scanning to see if we can pinpoint the cause of the problem.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites
thomachan21

thomachan21

Posted
  • Author
Posted

Alright! Thanks for the helpful advice. I ran the scan once for TDSSKILLER.exe and it came up with 2 different malware problems which I cured. I ran it again and this is the results. Bear with me as im new to this ;)

TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49

07:59:16.0890 3100 ============================================================

07:59:16.0890 3100 Current date / time: 2012/02/04 07:59:16.0890

07:59:16.0890 3100 SystemInfo:

07:59:16.0890 3100

07:59:16.0890 3100 OS Version: 5.1.2600 ServicePack: 3.0

07:59:16.0890 3100 Product type: Workstation

07:59:16.0890 3100 ComputerName: HOME-DD8DC15EFD

07:59:16.0890 3100 UserName: Silvia

07:59:16.0890 3100 Windows directory: C:\WINDOWS

07:59:16.0890 3100 System windows directory: C:\WINDOWS

07:59:16.0890 3100 Processor architecture: Intel x86

07:59:16.0890 3100 Number of processors: 4

07:59:16.0890 3100 Page size: 0x1000

07:59:16.0890 3100 Boot type: Normal boot

07:59:16.0890 3100 ============================================================

07:59:18.0265 3100 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

07:59:18.0265 3100 \Device\Harddisk0\DR0:

07:59:18.0265 3100 MBR used

07:59:18.0265 3100 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41

07:59:18.0265 3100 Initialize success

07:59:18.0265 3100 ============================================================

07:59:19.0609 3612 ============================================================

07:59:19.0609 3612 Scan started

07:59:19.0609 3612 Mode: Manual;

07:59:19.0609 3612 ============================================================

07:59:20.0375 3612 Abiosdsk - ok

07:59:20.0375 3612 abp480n5 - ok

07:59:20.0421 3612 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

07:59:20.0421 3612 ACPI - ok

07:59:20.0453 3612 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

07:59:20.0453 3612 ACPIEC - ok

07:59:20.0453 3612 adpu160m - ok

07:59:20.0484 3612 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

07:59:20.0484 3612 aec - ok

07:59:20.0531 3612 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

07:59:20.0531 3612 AFD - ok

07:59:20.0531 3612 Aha154x - ok

07:59:20.0531 3612 aic78u2 - ok

07:59:20.0531 3612 aic78xx - ok

07:59:20.0546 3612 AliIde - ok

07:59:20.0546 3612 amsint - ok

07:59:20.0578 3612 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

07:59:20.0578 3612 Arp1394 - ok

07:59:20.0578 3612 asc - ok

07:59:20.0578 3612 asc3350p - ok

07:59:20.0578 3612 asc3550 - ok

07:59:20.0593 3612 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

07:59:20.0593 3612 AsyncMac - ok

07:59:20.0625 3612 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

07:59:20.0625 3612 atapi - ok

07:59:20.0625 3612 Atdisk - ok

07:59:20.0656 3612 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

07:59:20.0656 3612 Atmarpc - ok

07:59:20.0671 3612 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

07:59:20.0671 3612 audstub - ok

07:59:20.0718 3612 ax88772 (19bb95d5e3c6c22e8677c1d9a84323cc) C:\WINDOWS\system32\DRIVERS\ax88772.sys

07:59:20.0718 3612 ax88772 - ok

07:59:20.0750 3612 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

07:59:20.0750 3612 Beep - ok

07:59:20.0781 3612 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

07:59:20.0781 3612 BVRPMPR5 - ok

07:59:20.0796 3612 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

07:59:20.0796 3612 cbidf2k - ok

07:59:20.0812 3612 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

07:59:20.0812 3612 CCDECODE - ok

07:59:20.0812 3612 cd20xrnt - ok

07:59:20.0843 3612 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

07:59:20.0843 3612 Cdaudio - ok

07:59:20.0843 3612 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

07:59:20.0843 3612 Cdfs - ok

07:59:20.0890 3612 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

07:59:20.0890 3612 Cdrom - ok

07:59:20.0890 3612 Changer - ok

07:59:20.0890 3612 CmdIde - ok

07:59:20.0937 3612 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOWS\system32\drivers\cmaudio.sys

07:59:20.0937 3612 cmpci - ok

07:59:20.0953 3612 Cpqarray - ok

07:59:21.0031 3612 cpuz132 - ok

07:59:21.0031 3612 dac2w2k - ok

07:59:21.0031 3612 dac960nt - ok

07:59:21.0046 3612 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

07:59:21.0046 3612 Disk - ok

07:59:21.0078 3612 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

07:59:21.0078 3612 dmboot - ok

07:59:21.0093 3612 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

07:59:21.0093 3612 dmio - ok

07:59:21.0109 3612 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

07:59:21.0109 3612 dmload - ok

07:59:21.0140 3612 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

07:59:21.0140 3612 DMusic - ok

07:59:21.0156 3612 dpti2o - ok

07:59:21.0156 3612 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

07:59:21.0156 3612 drmkaud - ok

07:59:21.0156 3612 EagleNT - ok

07:59:21.0171 3612 EagleXNt - ok

07:59:21.0171 3612 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

07:59:21.0171 3612 Fastfat - ok

07:59:21.0187 3612 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

07:59:21.0187 3612 Fdc - ok

07:59:21.0187 3612 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

07:59:21.0187 3612 Fips - ok

07:59:21.0203 3612 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

07:59:21.0203 3612 Flpydisk - ok

07:59:21.0218 3612 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

07:59:21.0218 3612 FltMgr - ok

07:59:21.0234 3612 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

07:59:21.0234 3612 Fs_Rec - ok

07:59:21.0250 3612 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

07:59:21.0250 3612 Ftdisk - ok

07:59:21.0296 3612 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

07:59:21.0296 3612 gameenum - ok

07:59:21.0296 3612 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

07:59:21.0296 3612 Gpc - ok

07:59:21.0312 3612 gyitujfl - ok

07:59:21.0328 3612 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

07:59:21.0328 3612 HDAudBus - ok

07:59:21.0328 3612 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

07:59:21.0328 3612 hidusb - ok

07:59:21.0343 3612 hpn - ok

07:59:21.0390 3612 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

07:59:21.0390 3612 HTTP - ok

07:59:21.0390 3612 i2omgmt - ok

07:59:21.0390 3612 i2omp - ok

07:59:21.0437 3612 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

07:59:21.0437 3612 i8042prt - ok

07:59:21.0453 3612 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

07:59:21.0453 3612 Imapi - ok

07:59:21.0453 3612 ini910u - ok

07:59:21.0468 3612 IntelIde - ok

07:59:21.0468 3612 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

07:59:21.0468 3612 intelppm - ok

07:59:21.0484 3612 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

07:59:21.0484 3612 Ip6Fw - ok

07:59:21.0515 3612 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

07:59:21.0515 3612 IpFilterDriver - ok

07:59:21.0531 3612 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

07:59:21.0531 3612 IpInIp - ok

07:59:21.0546 3612 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

07:59:21.0546 3612 IpNat - ok

07:59:21.0546 3612 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

07:59:21.0546 3612 IPSec - ok

07:59:21.0578 3612 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

07:59:21.0593 3612 IRENUM - ok

07:59:21.0609 3612 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys

07:59:21.0609 3612 irsir - ok

07:59:21.0609 3612 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

07:59:21.0609 3612 isapnp - ok

07:59:21.0609 3612 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

07:59:21.0609 3612 Kbdclass - ok

07:59:21.0640 3612 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

07:59:21.0640 3612 kbdhid - ok

07:59:21.0656 3612 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

07:59:21.0656 3612 kmixer - ok

07:59:21.0687 3612 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

07:59:21.0687 3612 KSecDD - ok

07:59:21.0687 3612 lbrtfdc - ok

07:59:21.0703 3612 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

07:59:21.0703 3612 MBAMProtector - ok

07:59:21.0718 3612 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

07:59:21.0718 3612 mnmdd - ok

07:59:21.0734 3612 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

07:59:21.0734 3612 Modem - ok

07:59:21.0734 3612 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

07:59:21.0734 3612 Mouclass - ok

07:59:21.0765 3612 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

07:59:21.0765 3612 mouhid - ok

07:59:21.0765 3612 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

07:59:21.0765 3612 MountMgr - ok

07:59:21.0781 3612 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

07:59:21.0781 3612 MpFilter - ok

07:59:21.0890 3612 MpKsl3bdc1248 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68EB6E3E-EA34-4432-B17D-45401594CA46}\MpKsl3bdc1248.sys

07:59:21.0890 3612 MpKsl3bdc1248 - ok

07:59:21.0890 3612 mraid35x - ok

07:59:21.0921 3612 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

07:59:21.0921 3612 MRxDAV - ok

07:59:21.0968 3612 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

07:59:21.0984 3612 MRxSmb - ok

07:59:21.0984 3612 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

07:59:21.0984 3612 Msfs - ok

07:59:22.0015 3612 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

07:59:22.0015 3612 MSKSSRV - ok

07:59:22.0031 3612 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

07:59:22.0031 3612 MSPCLOCK - ok

07:59:22.0031 3612 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

07:59:22.0031 3612 MSPQM - ok

07:59:22.0062 3612 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

07:59:22.0062 3612 mssmbios - ok

07:59:22.0093 3612 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

07:59:22.0093 3612 MSTEE - ok

07:59:22.0093 3612 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

07:59:22.0093 3612 Mup - ok

07:59:22.0125 3612 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

07:59:22.0125 3612 NABTSFEC - ok

07:59:22.0125 3612 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

07:59:22.0125 3612 NDIS - ok

07:59:22.0156 3612 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

07:59:22.0156 3612 NdisIP - ok

07:59:22.0171 3612 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

07:59:22.0171 3612 NdisTapi - ok

07:59:22.0218 3612 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

07:59:22.0218 3612 Ndisuio - ok

07:59:22.0234 3612 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

07:59:22.0234 3612 NdisWan - ok

07:59:22.0250 3612 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

07:59:22.0250 3612 NDProxy - ok

07:59:22.0250 3612 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

07:59:22.0250 3612 NetBIOS - ok

07:59:22.0281 3612 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

07:59:22.0281 3612 NetBT - ok

07:59:22.0296 3612 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

07:59:22.0296 3612 NIC1394 - ok

07:59:22.0296 3612 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

07:59:22.0296 3612 Npfs - ok

07:59:22.0312 3612 nrazsvcm - ok

07:59:22.0359 3612 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

07:59:22.0359 3612 Ntfs - ok

07:59:22.0406 3612 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

07:59:22.0406 3612 Null - ok

07:59:22.0562 3612 nv (6350e7b41c7b6ee630ab1b011ffd4ce2) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

07:59:22.0578 3612 nv - ok

07:59:22.0593 3612 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

07:59:22.0593 3612 NwlnkFlt - ok

07:59:22.0609 3612 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

07:59:22.0609 3612 NwlnkFwd - ok

07:59:22.0625 3612 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

07:59:22.0625 3612 ohci1394 - ok

07:59:22.0625 3612 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

07:59:22.0625 3612 Parport - ok

07:59:22.0640 3612 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

07:59:22.0640 3612 PartMgr - ok

07:59:22.0656 3612 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

07:59:22.0656 3612 ParVdm - ok

07:59:22.0671 3612 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

07:59:22.0671 3612 PCI - ok

07:59:22.0671 3612 PCIDump - ok

07:59:22.0671 3612 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

07:59:22.0687 3612 PCIIde - ok

07:59:22.0718 3612 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

07:59:22.0718 3612 Pcmcia - ok

07:59:22.0734 3612 PDCOMP - ok

07:59:22.0734 3612 PDFRAME - ok

07:59:22.0734 3612 PDRELI - ok

07:59:22.0750 3612 PDRFRAME - ok

07:59:22.0750 3612 perc2 - ok

07:59:22.0750 3612 perc2hib - ok

07:59:22.0781 3612 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

07:59:22.0781 3612 PptpMiniport - ok

07:59:22.0781 3612 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

07:59:22.0781 3612 PSched - ok

07:59:22.0796 3612 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

07:59:22.0796 3612 Ptilink - ok

07:59:22.0812 3612 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

07:59:22.0812 3612 PxHelp20 - ok

07:59:22.0812 3612 ql1080 - ok

07:59:22.0828 3612 Ql10wnt - ok

07:59:22.0828 3612 ql12160 - ok

07:59:22.0828 3612 ql1240 - ok

07:59:22.0828 3612 ql1280 - ok

07:59:22.0843 3612 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

07:59:22.0843 3612 RasAcd - ok

07:59:22.0859 3612 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

07:59:22.0859 3612 Rasirda - ok

07:59:22.0859 3612 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

07:59:22.0859 3612 Rasl2tp - ok

07:59:22.0859 3612 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

07:59:22.0859 3612 RasPppoe - ok

07:59:22.0875 3612 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

07:59:22.0875 3612 Raspti - ok

07:59:22.0875 3612 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

07:59:22.0875 3612 Rdbss - ok

07:59:22.0875 3612 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

07:59:22.0875 3612 RDPCDD - ok

07:59:22.0921 3612 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

07:59:22.0921 3612 RDPWD - ok

07:59:22.0937 3612 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

07:59:22.0937 3612 redbook - ok

07:59:22.0953 3612 RTLE8023xp (6ebfbbf24fed8285928b825a46618f8a) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

07:59:22.0953 3612 RTLE8023xp - ok

07:59:22.0968 3612 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

07:59:22.0968 3612 Secdrv - ok

07:59:22.0984 3612 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

07:59:22.0984 3612 serenum - ok

07:59:22.0984 3612 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

07:59:22.0984 3612 Serial - ok

07:59:23.0000 3612 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

07:59:23.0000 3612 Sfloppy - ok

07:59:23.0046 3612 Simbad - ok

07:59:23.0281 3612 SiS7018 (d3ba744433f14e5c77107d9d82297801) C:\WINDOWS\system32\drivers\ac97sis.sys

07:59:23.0281 3612 SiS7018 - ok

07:59:23.0406 3612 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

07:59:23.0406 3612 SLIP - ok

07:59:23.0406 3612 Sparrow - ok

07:59:23.0437 3612 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

07:59:23.0437 3612 splitter - ok

07:59:23.0453 3612 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

07:59:23.0453 3612 sr - ok

07:59:23.0484 3612 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

07:59:23.0484 3612 Srv - ok

07:59:23.0578 3612 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

07:59:23.0578 3612 streamip - ok

07:59:23.0578 3612 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

07:59:23.0578 3612 swenum - ok

07:59:23.0593 3612 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

07:59:23.0593 3612 swmidi - ok

07:59:23.0593 3612 symc810 - ok

07:59:23.0593 3612 symc8xx - ok

07:59:23.0609 3612 sym_hi - ok

07:59:23.0609 3612 sym_u3 - ok

07:59:23.0625 3612 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

07:59:23.0625 3612 sysaudio - ok

07:59:23.0671 3612 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

07:59:23.0671 3612 Tcpip - ok

07:59:23.0703 3612 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

07:59:23.0703 3612 TDPIPE - ok

07:59:23.0718 3612 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

07:59:23.0718 3612 TDTCP - ok

07:59:23.0718 3612 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

07:59:23.0718 3612 TermDD - ok

07:59:23.0718 3612 TosIde - ok

07:59:23.0750 3612 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

07:59:23.0750 3612 Udfs - ok

07:59:23.0750 3612 ultra - ok

07:59:23.0765 3612 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

07:59:23.0765 3612 Update - ok

07:59:23.0781 3612 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

07:59:23.0781 3612 usbaudio - ok

07:59:23.0781 3612 usbcamcl - ok

07:59:23.0812 3612 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

07:59:23.0812 3612 usbccgp - ok

07:59:23.0828 3612 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

07:59:23.0828 3612 usbehci - ok

07:59:23.0843 3612 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

07:59:23.0843 3612 usbhub - ok

07:59:23.0890 3612 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

07:59:23.0890 3612 usbohci - ok

07:59:23.0906 3612 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

07:59:23.0906 3612 USBSTOR - ok

07:59:23.0937 3612 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

07:59:23.0937 3612 usbuhci - ok

07:59:23.0968 3612 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

07:59:23.0968 3612 usbvideo - ok

07:59:24.0000 3612 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

07:59:24.0000 3612 VgaSave - ok

07:59:24.0000 3612 ViaIde - ok

07:59:24.0046 3612 VIAudio (7eafdd6a53e69a85519f7463a1f4978c) C:\WINDOWS\system32\drivers\viaudio.sys

07:59:24.0046 3612 VIAudio - ok

07:59:24.0062 3612 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

07:59:24.0062 3612 VolSnap - ok

07:59:24.0062 3612 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

07:59:24.0062 3612 Wanarp - ok

07:59:24.0078 3612 WDICA - ok

07:59:24.0078 3612 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

07:59:24.0078 3612 wdmaud - ok

07:59:24.0125 3612 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

07:59:24.0125 3612 WS2IFSL - ok

07:59:24.0125 3612 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

07:59:24.0125 3612 WSTCODEC - ok

07:59:24.0140 3612 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

07:59:24.0156 3612 WudfPf - ok

07:59:24.0156 3612 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

07:59:24.0156 3612 WudfRd - ok

07:59:24.0171 3612 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

07:59:24.0281 3612 \Device\Harddisk0\DR0 - ok

07:59:24.0281 3612 Boot (0x1200) (bac1445f88f363fe4e01549b39cf4177) \Device\Harddisk0\DR0\Partition0

07:59:24.0281 3612 \Device\Harddisk0\DR0\Partition0 - ok

07:59:24.0281 3612 ============================================================

07:59:24.0281 3612 Scan finished

07:59:24.0281 3612 ============================================================

07:59:24.0281 3884 Detected object count: 0

07:59:24.0281 3884 Actual detected object count: 0

Then I ran the combofix which came up with;

ComboFix 12-02-03.02 - Silvia 02/04/2012 8:04.1.4 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2615 [GMT -8:00]

Running from: c:\documents and settings\Silvia\My Documents\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users.WINDOWS\Application Data\AMMYY

c:\documents and settings\All Users.WINDOWS\Application Data\AMMYY\hr

c:\documents and settings\All Users.WINDOWS\Application Data\AMMYY\settings.bin

c:\documents and settings\All Users.WINDOWS\Application Data\TEMP

c:\documents and settings\Silvia\Application Data\PriceGong

c:\documents and settings\Silvia\Application Data\PriceGong\Data\1.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\450.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\6781.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\7030.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\9480.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\a.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\b.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\c.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\d.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\e.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\f.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\g.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\h.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\i.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\j.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\k.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\l.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\m.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Silvia\Application Data\PriceGong\Data\n.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\o.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\p.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\q.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\r.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\s.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\t.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\u.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\v.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\w.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\wlu.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\x.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\y.txt

c:\documents and settings\Silvia\Application Data\PriceGong\Data\z.txt

c:\documents and settings\Silvia\Local Settings\Application Data\Soft32\Soft32 Updater\Soft32 Updater.exe

C:\Install.exe

c:\program files\PC Doc Pro v5

c:\program files\PC Doc Pro v5\Backups\40443.7688094907

c:\program files\PC Doc Pro v5\Backups\40443.7977237037

c:\program files\PC Doc Pro v5\Backups\40443.7991388079

c:\program files\PC Doc Pro v5\Backups\40446.4492610648

c:\program files\PC Doc Pro v5\Backups\40451.6120482407

c:\program files\PC Doc Pro v5\Backups\40452.872948125

c:\program files\PC Doc Pro v5\Backups\40454.6671369213

c:\program files\PC Doc Pro v5\Backups\40459.5168497338

c:\program files\PC Doc Pro v5\Backups\40459.5186878472

c:\program files\PC Doc Pro v5\Backups\40460.9539912963

c:\program files\PC Doc Pro v5\Backups\40461.3763952083

c:\program files\PC Doc Pro v5\Backups\40461.3778063426

c:\program files\PC Doc Pro v5\Backups\40463.6085064005

c:\program files\PC Doc Pro v5\Backups\40467.4771822454

c:\program files\PC Doc Pro v5\Backups\40467.4944214699

c:\program files\PC Doc Pro v5\Backups\40468.4559848727

c:\program files\PC Doc Pro v5\Backups\40472.9202774074

c:\program files\PC Doc Pro v5\Backups\40494.9621540393

c:\program files\PC Doc Pro v5\Backups\40501.4550599074

c:\program files\PC Doc Pro v5\Backups\40531.5491675694

c:\program files\PC Doc Pro v5\Backups\40538.0814351042

c:\program files\PC Doc Pro v5\Backups\40538.4580825

c:\program files\PC Doc Pro v5\Backups\40551.0574878819

c:\program files\PC Doc Pro v5\Backups\40572.5340776852

c:\program files\PC Doc Pro v5\Backups\40573.8562416782

c:\program files\PC Doc Pro v5\Backups\40573.858140544

c:\program files\PC Doc Pro v5\Backups\40584.7001667361

c:\program files\PC Doc Pro v5\Backups\40596.0158702199

c:\program files\PC Doc Pro v5\Backups\40596.0173996296

c:\program files\PC Doc Pro v5\Backups\40612.8827701736

c:\program files\PC Doc Pro v5\Backups\40612.8852909722

c:\program files\PC Doc Pro v5\Backups\40625.2203128704

c:\program files\PC Doc Pro v5\Backups\40625.2273792014

c:\program files\PC Doc Pro v5\Backups\40637.6351084607

c:\program files\PC Doc Pro v5\Backups\40642.2345958102

c:\program files\PC Doc Pro v5\Backups\40642.2357597222

c:\program files\PC Doc Pro v5\Backups\40660.9352102083

c:\program files\PC Doc Pro v5\Backups\40665.6973104977

c:\program files\PC Doc Pro v5\Backups\40665.7831818519

c:\program files\PC Doc Pro v5\Backups\40692.2127966319

c:\program files\PC Doc Pro v5\Backups\40705.0213216088

c:\program files\PC Doc Pro v5\Backups\40708.0478186458

c:\program files\PC Doc Pro v5\Backups\40712.2668945255

c:\program files\PC Doc Pro v5\Backups\40713.2227701736

c:\program files\PC Doc Pro v5\Backups\40739.0133190394

c:\program files\PC Doc Pro v5\Backups\40739.0261371528

c:\program files\PC Doc Pro v5\Backups\40739.0278001968

c:\program files\PC Doc Pro v5\Backups\40748.631379294

c:\program files\PC Doc Pro v5\Backups\40749.8798148148

c:\program files\PC Doc Pro v5\Backups\40749.8807465278

c:\program files\PC Doc Pro v5\Backups\40774.2525488194

c:\program files\PC Doc Pro v5\Backups\40774.2534185069

c:\program files\PC Doc Pro v5\Backups\40788.0401743287

c:\program files\PC Doc Pro v5\PC Doc Pro.ini

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

c:\windows\Dir

c:\windows\XSxS

.

.

((((((((((((((((((((((((( Files Created from 2012-01-04 to 2012-02-04 )))))))))))))))))))))))))))))))

.

.

2012-02-04 15:49 . 2012-02-04 15:49 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-04 05:12 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{68EB6E3E-EA34-4432-B17D-45401594CA46}\mpengine.dll

2012-02-04 00:20 . 2012-02-04 00:20 -------- d-----w- c:\program files\7-Zip

2012-01-29 21:15 . 2012-01-29 21:15 -------- d-----w- c:\program files\WOT

2012-01-10 05:02 . 2012-02-04 04:00 -------- d-----w- c:\program files\World of Warcraft

2012-01-10 04:44 . 2012-01-10 04:48 -------- d-----w- c:\program files\CCleaner

2012-01-08 02:41 . 2012-01-08 02:41 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\IncrediMail_MediaBar_2

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-04 15:52 . 2008-04-14 12:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys

2012-01-31 12:44 . 2010-09-23 03:53 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-06 04:19 . 2011-08-22 09:29 6557240 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-01-05 02:53 . 2003-03-19 05:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-01-05 02:53 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-12-10 23:24 . 2011-05-03 23:21 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-26 19:16 . 2011-05-18 16:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-25 21:57 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35 . 2008-04-14 12:00 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:21 . 2008-04-14 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-16 14:21 . 2008-04-14 12:00 152064 ----a-w- c:\windows\system32\schannel.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-27 3077528]

"Akamai NetSession Interface"="c:\documents and settings\Silvia\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-12-23 3334432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-27 13570048]

"nwiz"="nwiz.exe" [2008-07-27 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-27 86016]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

"washindex"="c:\program files\Washer\washidx.exe" [2001-04-03 64512]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

.

c:\documents and settings\Silvia\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2010-9-20 208896]

.

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-9-20 106560]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Documents and Settings\\Silvia\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\World of Warcraft\\Repair.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881

"56797:TCP"= 56797:TCP:Pando Media Booster

"56797:UDP"= 56797:UDP:Pando Media Booster

"1080:TCP"= 1080:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 4:00 AM 14336]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/3/2011 3:21 PM 652360]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/3/2011 3:21 PM 20464]

S1 gyitujfl;gyitujfl;\??\c:\windows\system32\drivers\gyitujfl.sys --> c:\windows\system32\drivers\gyitujfl.sys [?]

S1 nrazsvcm;nrazsvcm;\??\c:\windows\system32\drivers\nrazsvcm.sys --> c:\windows\system32\drivers\nrazsvcm.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2011 12:22 PM 136176]

S2 RasMan32;Remote Access Connection Manager ; [x]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2011 12:22 PM 136176]

S3 usbcamcl;Driver for video Device;c:\windows\system32\DRIVERS\usbcamcl.sys --> c:\windows\system32\DRIVERS\usbcamcl.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-30 05:21]

.

2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-30 05:21]

.

2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-854245398-1644491937-1004Core.job

- c:\documents and settings\Silvia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-31 08:47]

.

2012-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-854245398-1644491937-1004UA.job

- c:\documents and settings\Silvia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-31 08:47]

.

2012-02-04 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]

.

2012-02-04 c:\windows\Tasks\User_Feed_Synchronization-{50611D33-AA37-456E-80F6-72EF0BF0A028}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}

Trusted Zone: netflix.com\signup

TCP: DhcpNameServer = 172.16.0.1

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

HKCU-Run-Soft32 Updater.exe - c:\documents and settings\Silvia\Local Settings\Application Data\Soft32\Soft32 Updater\Soft32 Updater.exe

SafeBoot-13015537.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-04 08:10

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_e286960.dll"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1604)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\RUNDLL32.EXE

.

**************************************************************************

.

Completion time: 2012-02-04 08:13:29 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-04 16:13

.

Pre-Run: 406,533,582,848 bytes free

Post-Run: 407,480,397,824 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - F635A974B7BAB88C6C49672F0465FFCC

Looking forward to the next reply! Thanks ;)

Link to post
Share on other sites
Elise

Elise

Posted
Posted

That is looking a lot better already! :)

How are things running now? Do you still get the IP blocks?

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


DDS::
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites
thomachan21

thomachan21

Posted
  • Author
Posted

Hahaha!! Thank you sooo much! It actually worked, no more ip-blocks for me. Here is the completed list of the Combofix

ComboFix 12-02-03.02 - Silvia 02/05/2012 20:06:27.2.4 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2506 [GMT -8:00]

Running from: c:\documents and settings\Silvia\My Documents\ComboFix.exe

Command switches used :: c:\documents and settings\Silvia\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))))

.

.

2012-02-05 16:10 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D64CC292-E0C5-46DD-9443-203BD6D31C99}\mpengine.dll

2012-02-04 15:49 . 2012-02-04 15:49 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-04 00:20 . 2012-02-04 00:20 -------- d-----w- c:\program files\7-Zip

2012-01-29 21:15 . 2012-01-29 21:15 -------- d-----w- c:\program files\WOT

2012-01-10 05:02 . 2012-02-05 21:46 -------- d-----w- c:\program files\World of Warcraft

2012-01-10 04:44 . 2012-01-10 04:48 -------- d-----w- c:\program files\CCleaner

2012-01-08 02:41 . 2012-01-08 02:41 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\IncrediMail_MediaBar_2

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-04 15:52 . 2008-04-14 12:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys

2012-01-31 12:44 . 2010-09-23 03:53 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-06 04:19 . 2011-08-22 09:29 6557240 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-01-05 02:53 . 2003-03-19 05:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-01-05 02:53 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-12-10 23:24 . 2011-05-03 23:21 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-26 19:16 . 2011-05-18 16:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-25 21:57 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35 . 2008-04-14 12:00 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:21 . 2008-04-14 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-16 14:21 . 2008-04-14 12:00 152064 ----a-w- c:\windows\system32\schannel.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-04_16.10.18 )))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-27 3077528]

"Akamai NetSession Interface"="c:\documents and settings\Silvia\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-12-23 3334432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-27 13570048]

"nwiz"="nwiz.exe" [2008-07-27 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-27 86016]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

"washindex"="c:\program files\Washer\washidx.exe" [2001-04-03 64512]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

.

c:\documents and settings\Silvia\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

Webshots.lnk - c:\program files\Webshots\WebshotsTray.exe [2010-9-20 208896]

.

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-9-20 106560]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\World of Warcraft\\Launcher.exe"=

"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Documents and Settings\\Silvia\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\World of Warcraft\\Repair.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881

"56797:TCP"= 56797:TCP:Pando Media Booster

"56797:UDP"= 56797:UDP:Pando Media Booster

.

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 4:00 AM 14336]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/3/2011 3:21 PM 652360]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/3/2011 3:21 PM 20464]

S1 gyitujfl;gyitujfl;\??\c:\windows\system32\drivers\gyitujfl.sys --> c:\windows\system32\drivers\gyitujfl.sys [?]

S1 nrazsvcm;nrazsvcm;\??\c:\windows\system32\drivers\nrazsvcm.sys --> c:\windows\system32\drivers\nrazsvcm.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2011 12:22 PM 136176]

S2 RasMan32;Remote Access Connection Manager ; [x]

S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2011 12:22 PM 136176]

S3 usbcamcl;Driver for video Device;c:\windows\system32\DRIVERS\usbcamcl.sys --> c:\windows\system32\DRIVERS\usbcamcl.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]

.

2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-30 05:21]

.

2012-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-30 05:21]

.

2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-854245398-1644491937-1004Core.job

- c:\documents and settings\Silvia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-31 08:47]

.

2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-854245398-1644491937-1004UA.job

- c:\documents and settings\Silvia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-31 08:47]

.

2012-02-05 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]

.

2012-02-06 c:\windows\Tasks\User_Feed_Synchronization-{50611D33-AA37-456E-80F6-72EF0BF0A028}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

.

.

------- Supplementary Scan -------

.

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}

Trusted Zone: netflix.com\signup

TCP: DhcpNameServer = 172.16.0.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-05 20:10

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_e286960.dll"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1368)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2012-02-05 20:10:59

ComboFix-quarantined-files.txt 2012-02-06 04:10

ComboFix2.txt 2012-02-04 16:13

.

Pre-Run: 405,999,587,328 bytes free

Post-Run: 407,020,228,608 bytes free

.

- - End Of File - - F3EE866185FEEF1B0A457C05C60C196F

Do you think you also know the cause of that ip-blocking? Your awesome! Looking forward to the next reply

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Its good to hear that! :)

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 7u2.
  • Look for "JDK 7u2 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

Now please launch MBAM, update it and run a full scan. Post me the resulting log.

Link to post
Share on other sites
thomachan21

thomachan21

Posted
  • Author
Posted

Hmm this is totally weird. Idk why it says that, i used it plenty of times, and scanned it before, and there was nothing wrong. Here it is

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.06.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Silvia :: HOME-DD8DC15EFD [administrator]

Protection: Enabled

2/6/2012 2:31:04 PM

mbam-log-2012-02-06 (14-31-04).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 404261

Time elapsed: 45 minute(s), 52 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 6

C:\Perfect World Entertainment\Battle of the Immortals\Bin\PerfectProtector.sys (Trojan.Phobiq) -> Quarantined and deleted successfully.

C:\Perfect World Entertainment\Battle of the Immortals\Bin\pp\perfectprotector-x64.sys (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Perfect World Entertainment\Battle of the Immortals\Bin\pp\perfectprotector.sys (Trojan.Phobiq) -> Quarantined and deleted successfully.

C:\Program Files\BOI-War\Bin\PerfectProtector.sys (Trojan.Phobiq) -> Quarantined and deleted successfully.

C:\Program Files\BOI-War\Bin\pp\perfectprotector-x64.sys (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\BOI-War\Bin\pp\perfectprotector.sys (Trojan.Phobiq) -> Quarantined and deleted successfully.

(end)

What should I do then

Link to post
Share on other sites
Elise

Elise

Posted
Posted

If you know for sure these files are okay, you can restore them from MBAMs quarantine (in MBAM click the Quarantine tab in order to see quarantined items).

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    2. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    3. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    4. Check "YES, I accept the Terms of Use."
    5. Click the Start button.
    6. Accept any security warnings from your browser.
    7. Under scan settings, check "Scan Archives" and "Remove found threats"
    8. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites
thomachan21

thomachan21

Posted
  • Author
Posted

C:\System Volume Information\_restore{C522A3FE-317A-4D59-AD47-9B853030B701}\RP758\A0297885.dll Win32/OpenCandy application cleaned by deleting - quarantined

C:\System Volume Information\_restore{C522A3FE-317A-4D59-AD47-9B853030B701}\RP762\A0302106.exe a variant of Win32/Adware.RegGenie application cleaned by deleting - quarantined

Thats all it said. Took 1 hour to do. I got rid of it using the ESET scanner option.

So what does all that mean?

Link to post
Share on other sites
Elise

Elise

Posted
Posted

These two objects were present in system restore, so no longer active. :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.