Jump to content

Infection


Recommended Posts

Good Evening,

I am having issues with my computer attempting to connect to nefarious IPs that MWB is blocking. This happens at various times, I could be browsing the web or just sitting at my desktop with nothing actively open.

Latest Log from MWB.

03:16:29 Mr. Wuss MESSAGE IP Protection stopped

03:16:29 Mr. Wuss MESSAGE Scheduled update executed successfully

03:16:33 Mr. Wuss MESSAGE Database updated successfully

03:16:34 Mr. Wuss MESSAGE IP Protection started successfully

05:28:04 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

05:28:04 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

05:28:07 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

05:28:07 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

05:28:13 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

05:28:13 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

05:31:37 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

05:31:37 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

05:31:40 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

05:31:40 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

05:31:46 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

05:31:46 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

07:46:44 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

07:46:47 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

07:46:54 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

07:47:08 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

07:47:11 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

07:47:17 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:50:56 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:50:56 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:50:59 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:50:59 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:51:05 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:51:07 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:51:10 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:51:16 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:55:01 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:55:04 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:55:10 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:55:23 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:55:26 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:55:26 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:55:28 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:55:29 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:55:32 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:55:32 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:59:33 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:59:33 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:59:33 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:59:35 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:59:36 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:59:36 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:59:36 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:59:42 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

09:59:42 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

10:01:39 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

10:01:42 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

10:01:42 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

10:01:48 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

10:01:48 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

10:03:34 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

10:03:37 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

10:03:43 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)

10:17:05 Mr. Wuss MESSAGE IP Protection stopped

10:17:12 Mr. Wuss MESSAGE Database updated successfully

10:17:14 Mr. Wuss MESSAGE IP Protection started successfully

DDS Log

DDS (Ver_2011-06-12.02) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Mr. Wuss at 10:38:05 on 2011-06-15

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2435 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\sttray.exe

C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\WINDOWS\system32\ctfmon.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Documents and Settings\Mr. Wuss\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe

C:\Documents and Settings\Mr. Wuss\Desktop\lcdsirreal\LCDSirReal.exe

svchost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\WINDOWS\system32\STacSV.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Ventrilo\Ventrilo.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Documents and Settings\Mr. Wuss\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mr. Wuss\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mr. Wuss\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mr. Wuss\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mr. Wuss\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mr. Wuss\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Mr. Wuss\My Documents\Downloads\4jy2kkl4.exe

C:\Documents and Settings\Mr. Wuss\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wuauclt.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx

BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\mr. wuss\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [sigmatelSysTrayApp] sttray.exe

mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"

mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"

mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263354640156

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 208.67.222.222 207.67.220.220

TCP: Interfaces\{DE735380-6952-4DB9-BCF0-98E68D91039F} : NameServer = 208.67.222.222,208.67.220.220

TCP: Interfaces\{DE735380-6952-4DB9-BCF0-98E68D91039F} : DhcpNameServer = 208.67.222.222 207.67.220.220

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: igfxcui - igfxdev.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

IFEO: ageofconan.exe - c:\program files\aocqs\AoCQS.Launch.exe

IFEO: ageofconandx10.exe - c:\program files\aocqs\AoCQS.Launch.exe

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\mr. wuss\application data\mozilla\firefox\profiles\0dzef8pj.default\

FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll

FF - plugin: c:\documents and settings\mr. wuss\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\mr. wuss\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\mr. wuss\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165264]

R1 MpKsle8cc99fa;MpKsle8cc99fa;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{decfd154-954c-4ba1-98e6-773cce197a90}\MpKsle8cc99fa.sys [2011-6-14 28752]

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2011-6-15 33824]

R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-1-17 12672]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-9-30 10448]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-7 366640]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2010-1-25 14856]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-7 22712]

S1 MpKsl73a37ce1;MpKsl73a37ce1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df34ff08-1c93-48c5-a325-8d836b0e6d53}\mpksl73a37ce1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df34ff08-1c93-48c5-a325-8d836b0e6d53}\MpKsl73a37ce1.sys [?]

S1 MpKsl841f5186;MpKsl841f5186;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4d7bf525-a381-4935-9f44-b5ec3f2b41d5}\mpksl841f5186.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4d7bf525-a381-4935-9f44-b5ec3f2b41d5}\MpKsl841f5186.sys [?]

S1 MpKslda7ed594;MpKslda7ed594;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f7c4d8df-007b-4032-9f7c-ef21853727c3}\mpkslda7ed594.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f7c4d8df-007b-4032-9f7c-ef21853727c3}\MpKslda7ed594.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-3-15 183560]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-06-15 11:13:35 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys

2011-06-14 17:08:54 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{decfd154-954c-4ba1-98e6-773cce197a90}\MpKsle8cc99fa.sys

2011-06-14 15:47:29 -------- d-----w- c:\documents and settings\mr. wuss\application data\TerrariaWorldViewer

2011-06-14 02:35:12 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{decfd154-954c-4ba1-98e6-773cce197a90}\mpengine.dll

2011-06-07 13:12:42 -------- d-----w- c:\documents and settings\mr. wuss\application data\Malwarebytes

2011-06-07 13:12:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-07 13:12:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-06-07 13:12:06 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-07 13:12:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-05 11:09:21 -------- d-----w- c:\windows\pss

2011-06-04 14:16:12 281656 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-06-04 14:16:08 -------- d-----w- c:\documents and settings\mr. wuss\local settings\application data\PunkBuster

2011-06-04 14:10:29 141200 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-06-04 14:10:29 138056 ----a-w- c:\documents and settings\mr. wuss\application data\PnkBstrK.sys

2011-06-04 14:10:11 281656 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-06-04 14:10:11 281656 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-06-04 14:10:09 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-06-04 14:09:25 -------- d-----w- c:\program files\NVIDIA Corporation

2011-06-04 08:32:04 -------- d-----w- c:\documents and settings\mr. wuss\local settings\application data\GamersFirst LIVE!

2011-06-04 08:31:37 -------- d-----w- c:\program files\Pando Networks

2011-06-04 08:31:20 -------- d-----w- c:\program files\GamersFirst

2011-05-27 00:18:20 -------- d-----w- c:\program files\AMD APP

2011-05-20 12:38:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

==================== Find3M ====================

.

2011-05-27 00:12:13 3265920 ----a-w- c:\windows\system32\ativvaxx.dll

2011-05-27 00:11:58 651264 ----a-w- c:\windows\system32\atikvmag.dll

2011-05-27 00:11:56 302080 ----a-w- c:\windows\system32\ati2dvag.dll

2011-05-27 00:11:56 151552 ----a-w- c:\windows\system32\atiapfxx.exe

2011-05-27 00:11:47 17743872 ----a-w- c:\windows\system32\atioglxx.dll

2011-05-27 00:11:43 24064 ----a-w- c:\windows\system32\ativcoxx.dll

2011-05-27 00:11:27 4017408 ----a-w- c:\windows\system32\ati3duag.dll

2011-05-27 00:10:50 311296 ----a-w- c:\windows\system32\atiiiexx.dll

2011-05-27 00:10:48 57344 ----a-w- c:\windows\system32\aticalrt.dll

2011-05-27 00:10:37 200704 ----a-w- c:\windows\system32\atiadlxx.dll

2011-05-27 00:10:32 53248 ----a-w- c:\windows\system32\ATIDDC.DLL

2011-05-27 00:10:32 212992 ----a-w- c:\windows\system32\atipdlxx.dll

2011-05-27 00:10:30 643072 ----a-w- c:\windows\system32\ati2evxx.exe

2011-05-27 00:10:29 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys

2011-05-27 00:10:25 188416 ----a-w- c:\windows\system32\ati2evxx.dll

2011-05-27 00:10:20 5459968 ----a-w- c:\windows\system32\aticaldd.dll

2011-05-27 00:10:18 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2011-05-27 00:10:14 45056 ----a-w- c:\windows\system32\ATIODCLI.exe

2011-04-20 03:10:32 59904 ----a-w- c:\windows\system32\OVDecode.dll

2011-04-20 03:10:02 12385280 ----a-w- c:\windows\system32\amdocl.dll

2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

.

============= FINISH: 10:39:25.37 ===============

And the requested files are zipped and attached.

Attatch.zip

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

208.73.210.29

United States Los Angeles

My guess is that's your ISP

It's not my ISP. I live in Kentucky. If you do a reverse lookup on the IP then you can see that it has a very bad reputation and currently has roughly 2.1 million domains pointing to it. Most of the domains are the shoddy type of spellings and random letters/numbers.

Link to post
Share on other sites

check some settings on your system:

  1. Enter your Control Panel and double-click on Network Connections
  2. Then right click on your Default Connection
    • Usually Local Area Connection for Cable and DSL, or AOL Connection.

[*]Right click on Properties

[*]Double-Click on the Internet Protocol (TCP/IP) item

[*]Select the radio dial that says Obtain DNS Servers Automatically

[*]Press OK twice to get out of the properties screen

Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

IPCONFIG /release

IPCONFIG /renew

Type Exit

Restart the computer.

Link to post
Share on other sites

TCP: Interfaces\{DE735380-6952-4DB9-BCF0-98E68D91039F} : NameServer = 208.67.222.222,208.67.220.220

TCP: Interfaces\{DE735380-6952-4DB9-BCF0-98E68D91039F} : DhcpNameServer = 208.67.222.222 207.67.220.220

Your DNS goes to:

http://whois.domaintools.com/208.67.222.222

Very strange

Not really since that is the IPs for using openDNS which is a great solution for having an awful ISP who's DNS servers are down/broken or poitning incorrectly.

Link to post
Share on other sites

We can do some scans and see if we find anything bad.

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please do not attach the scan results from Combofx. Use copy/paste.

DO NOT use any TOOLS such as Combofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

Next:

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.