infectedwuss Posted June 16, 2011 ID:441623 Share Posted June 16, 2011 Good Evening,I am having issues with my computer attempting to connect to nefarious IPs that MWB is blocking. This happens at various times, I could be browsing the web or just sitting at my desktop with nothing actively open.Latest Log from MWB.03:16:29 Mr. Wuss MESSAGE IP Protection stopped03:16:29 Mr. Wuss MESSAGE Scheduled update executed successfully03:16:33 Mr. Wuss MESSAGE Database updated successfully03:16:34 Mr. Wuss MESSAGE IP Protection started successfully05:28:04 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)05:28:04 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)05:28:07 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)05:28:07 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)05:28:13 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)05:28:13 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)05:31:37 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)05:31:37 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)05:31:40 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)05:31:40 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)05:31:46 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)05:31:46 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)07:46:44 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)07:46:47 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)07:46:54 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)07:47:08 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)07:47:11 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)07:47:17 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:50:56 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:50:56 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:50:59 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:50:59 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:51:05 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:51:07 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:51:10 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:51:16 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:55:01 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:55:04 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:55:10 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:55:23 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:55:26 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:55:26 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:55:28 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:55:29 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:55:32 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:55:32 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:59:33 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:59:33 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:59:33 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:59:35 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:59:36 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:59:36 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:59:36 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:59:42 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)09:59:42 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)10:01:39 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)10:01:42 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)10:01:42 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)10:01:48 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)10:01:48 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)10:03:34 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)10:03:37 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)10:03:43 Mr. Wuss IP-BLOCK 208.73.210.29 (Type: outgoing)10:17:05 Mr. Wuss MESSAGE IP Protection stopped10:17:12 Mr. Wuss MESSAGE Database updated successfully10:17:14 Mr. Wuss MESSAGE IP Protection started successfullyDDS LogDDS (Ver_2011-06-12.02) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by Mr. Wuss at 10:38:05 on 2011-06-15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2435 [GMT -5:00].AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.============== Running Processes ===============.C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\sttray.exeC:\Program Files\Logitech\GamePanel Software\LgDevAgt.exeC:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exeC:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exeC:\Program Files\Logitech\SetPointP\SetPoint.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXEC:\WINDOWS\system32\ctfmon.exec:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Documents and Settings\Mr. Wuss\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exeC:\Documents and Settings\Mr. Wuss\Desktop\lcdsirreal\LCDSirReal.exesvchost.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exec:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Program Files\Microsoft\BingBar\SeaPort.EXEC:\WINDOWS\system32\STacSV.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Ventrilo\Ventrilo.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Documents and Settings\Mr. Wuss\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Mr. Wuss\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Mr. Wuss\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Mr. Wuss\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Mr. Wuss\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Mr. Wuss\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Mr. Wuss\My Documents\Downloads\4jy2kkl4.exeC:\Documents and Settings\Mr. Wuss\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\WINDOWS\system32\wuauclt.exe.============== Pseudo HJT Report ===============.uInternet Settings,ProxyOverride = *.localBHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocxBHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [Google Update] "c:\documents and settings\mr. wuss\local settings\application data\google\update\GoogleUpdate.exe" /cmRun: [sigmatelSysTrayApp] sttray.exemRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDEmRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGamingmRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRunmRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraydRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263354640156DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 208.67.222.222 207.67.220.220TCP: Interfaces\{DE735380-6952-4DB9-BCF0-98E68D91039F} : NameServer = 208.67.222.222,208.67.220.220TCP: Interfaces\{DE735380-6952-4DB9-BCF0-98E68D91039F} : DhcpNameServer = 208.67.222.222 207.67.220.220Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: AtiExtEvent - Ati2evxx.dllNotify: igfxcui - igfxdev.dllNotify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllIFEO: ageofconan.exe - c:\program files\aocqs\AoCQS.Launch.exeIFEO: ageofconandx10.exe - c:\program files\aocqs\AoCQS.Launch.exeHosts: 127.0.0.1 www.spywareinfo.com.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\mr. wuss\application data\mozilla\firefox\profiles\0dzef8pj.default\FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dllFF - plugin: c:\documents and settings\mr. wuss\application data\mozilla\plugins\npgoogletalk.dllFF - plugin: c:\documents and settings\mr. wuss\application data\mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: c:\documents and settings\mr. wuss\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll.============= SERVICES / DRIVERS ===============.R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 165264]R1 MpKsle8cc99fa;MpKsle8cc99fa;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{decfd154-954c-4ba1-98e6-773cce197a90}\MpKsle8cc99fa.sys [2011-6-14 28752]R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2011-6-15 33824]R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-1-17 12672]R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-9-30 10448]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-7 366640]R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2010-1-25 14856]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-7 22712]S1 MpKsl73a37ce1;MpKsl73a37ce1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df34ff08-1c93-48c5-a325-8d836b0e6d53}\mpksl73a37ce1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{df34ff08-1c93-48c5-a325-8d836b0e6d53}\MpKsl73a37ce1.sys [?]S1 MpKsl841f5186;MpKsl841f5186;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4d7bf525-a381-4935-9f44-b5ec3f2b41d5}\mpksl841f5186.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4d7bf525-a381-4935-9f44-b5ec3f2b41d5}\MpKsl841f5186.sys [?]S1 MpKslda7ed594;MpKslda7ed594;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f7c4d8df-007b-4032-9f7c-ef21853727c3}\mpkslda7ed594.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f7c4d8df-007b-4032-9f7c-ef21853727c3}\MpKslda7ed594.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-3-15 183560]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== Created Last 30 ================.2011-06-15 11:13:35 33824 ----a-w- c:\windows\system32\drivers\oreans32.sys2011-06-14 17:08:54 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{decfd154-954c-4ba1-98e6-773cce197a90}\MpKsle8cc99fa.sys2011-06-14 15:47:29 -------- d-----w- c:\documents and settings\mr. wuss\application data\TerrariaWorldViewer2011-06-14 02:35:12 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{decfd154-954c-4ba1-98e6-773cce197a90}\mpengine.dll2011-06-07 13:12:42 -------- d-----w- c:\documents and settings\mr. wuss\application data\Malwarebytes2011-06-07 13:12:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-06-07 13:12:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2011-06-07 13:12:06 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-06-07 13:12:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-06-05 11:09:21 -------- d-----w- c:\windows\pss2011-06-04 14:16:12 281656 ----a-w- c:\windows\system32\PnkBstrB.xtr2011-06-04 14:16:08 -------- d-----w- c:\documents and settings\mr. wuss\local settings\application data\PunkBuster2011-06-04 14:10:29 141200 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys2011-06-04 14:10:29 138056 ----a-w- c:\documents and settings\mr. wuss\application data\PnkBstrK.sys2011-06-04 14:10:11 281656 ----a-w- c:\windows\system32\PnkBstrB.exe2011-06-04 14:10:11 281656 ----a-w- c:\windows\system32\PnkBstrB.ex02011-06-04 14:10:09 75136 ----a-w- c:\windows\system32\PnkBstrA.exe2011-06-04 14:09:25 -------- d-----w- c:\program files\NVIDIA Corporation2011-06-04 08:32:04 -------- d-----w- c:\documents and settings\mr. wuss\local settings\application data\GamersFirst LIVE!2011-06-04 08:31:37 -------- d-----w- c:\program files\Pando Networks2011-06-04 08:31:20 -------- d-----w- c:\program files\GamersFirst2011-05-27 00:18:20 -------- d-----w- c:\program files\AMD APP2011-05-20 12:38:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl.==================== Find3M ====================.2011-05-27 00:12:13 3265920 ----a-w- c:\windows\system32\ativvaxx.dll2011-05-27 00:11:58 651264 ----a-w- c:\windows\system32\atikvmag.dll2011-05-27 00:11:56 302080 ----a-w- c:\windows\system32\ati2dvag.dll2011-05-27 00:11:56 151552 ----a-w- c:\windows\system32\atiapfxx.exe2011-05-27 00:11:47 17743872 ----a-w- c:\windows\system32\atioglxx.dll2011-05-27 00:11:43 24064 ----a-w- c:\windows\system32\ativcoxx.dll2011-05-27 00:11:27 4017408 ----a-w- c:\windows\system32\ati3duag.dll2011-05-27 00:10:50 311296 ----a-w- c:\windows\system32\atiiiexx.dll2011-05-27 00:10:48 57344 ----a-w- c:\windows\system32\aticalrt.dll2011-05-27 00:10:37 200704 ----a-w- c:\windows\system32\atiadlxx.dll2011-05-27 00:10:32 53248 ----a-w- c:\windows\system32\ATIDDC.DLL2011-05-27 00:10:32 212992 ----a-w- c:\windows\system32\atipdlxx.dll2011-05-27 00:10:30 643072 ----a-w- c:\windows\system32\ati2evxx.exe2011-05-27 00:10:29 6537728 ----a-w- c:\windows\system32\drivers\ati2mtag.sys2011-05-27 00:10:25 188416 ----a-w- c:\windows\system32\ati2evxx.dll2011-05-27 00:10:20 5459968 ----a-w- c:\windows\system32\aticaldd.dll2011-05-27 00:10:18 43520 ----a-w- c:\windows\system32\ati2edxx.dll2011-05-27 00:10:14 45056 ----a-w- c:\windows\system32\ATIODCLI.exe2011-04-20 03:10:32 59904 ----a-w- c:\windows\system32\OVDecode.dll2011-04-20 03:10:02 12385280 ----a-w- c:\windows\system32\amdocl.dll2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe.============= FINISH: 10:39:25.37 ===============And the requested files are zipped and attached.Attatch.zip Link to post Share on other sites More sharing options...
LDTate Posted June 17, 2011 ID:442456 Share Posted June 17, 2011 Logs will be closed if you haven't replied within 3 days 208.73.210.29United States Los AngelesMy guess is that's your ISP Link to post Share on other sites More sharing options...
infectedwuss Posted June 17, 2011 Author ID:442464 Share Posted June 17, 2011 Logs will be closed if you haven't replied within 3 days 208.73.210.29United States Los AngelesMy guess is that's your ISPIt's not my ISP. I live in Kentucky. If you do a reverse lookup on the IP then you can see that it has a very bad reputation and currently has roughly 2.1 million domains pointing to it. Most of the domains are the shoddy type of spellings and random letters/numbers. Link to post Share on other sites More sharing options...
LDTate Posted June 17, 2011 ID:442466 Share Posted June 17, 2011 TCP: Interfaces\{DE735380-6952-4DB9-BCF0-98E68D91039F} : NameServer = 208.67.222.222,208.67.220.220TCP: Interfaces\{DE735380-6952-4DB9-BCF0-98E68D91039F} : DhcpNameServer = 208.67.222.222 207.67.220.220Your DNS goes to:http://whois.domaintools.com/208.67.222.222Very strange Link to post Share on other sites More sharing options...
LDTate Posted June 17, 2011 ID:442467 Share Posted June 17, 2011 check some settings on your system:Enter your Control Panel and double-click on Network ConnectionsThen right click on your Default ConnectionUsually Local Area Connection for Cable and DSL, or AOL Connection.[*]Right click on Properties[*]Double-Click on the Internet Protocol (TCP/IP) item[*]Select the radio dial that says Obtain DNS Servers Automatically[*]Press OK twice to get out of the properties screenGo to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:IPCONFIG /release IPCONFIG /renew Type ExitRestart the computer. Link to post Share on other sites More sharing options...
infectedwuss Posted June 17, 2011 Author ID:442468 Share Posted June 17, 2011 TCP: Interfaces\{DE735380-6952-4DB9-BCF0-98E68D91039F} : NameServer = 208.67.222.222,208.67.220.220TCP: Interfaces\{DE735380-6952-4DB9-BCF0-98E68D91039F} : DhcpNameServer = 208.67.222.222 207.67.220.220Your DNS goes to:http://whois.domaintools.com/208.67.222.222Very strangeNot really since that is the IPs for using openDNS which is a great solution for having an awful ISP who's DNS servers are down/broken or poitning incorrectly. Link to post Share on other sites More sharing options...
LDTate Posted June 17, 2011 ID:442469 Share Posted June 17, 2011 And that goes through San Francisco if you look at:http://whois.domaintools.com/208.67.222.222 Link to post Share on other sites More sharing options...
infectedwuss Posted June 17, 2011 Author ID:442470 Share Posted June 17, 2011 And that goes through San Francisco if you look at:http://whois.domaintools.com/208.67.222.222Hmmm, then I will shoot an email to openDNS and let them know that and see if they can look into the issue. Link to post Share on other sites More sharing options...
LDTate Posted June 17, 2011 ID:442471 Share Posted June 17, 2011 We can do some scans and see if we find anything bad.Logs will be closed if you haven't replied within 3 days Please do not attach the scan results from Combofx. Use copy/paste.DO NOT use any TOOLS such as Combofix, or HijackThis fixes without supervision.Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.Vista and Windows 7 users:1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator")Stay with this topic until I give you the all clean post.You might want to print these instructions out.I suggest you do this:XP UsersDouble-click My Computer. Click the Tools menu, and then click Folder Options. Click the View tab.Uncheck "Hide file extensions for known file types." Under the "Hidden files" folder, select "Show hidden files and folders." Uncheck "Hide protected operating system files." Click Apply, and then click OK.Vista UsersTo enable the viewing of hidden and protected system files in Windows Vista please follow these steps:Close all programs so that you are at your desktop.Click on the Start button. This is the small round button with the Windows flag in the lower left corner.Click on the Control Panel menu option.When the control panel opens you can either be in Classic View or Control Panel Home view: If you are in the Classic View do the following: Double-click on the Folder Options icon.Click on the View tab.If you are in the Control Panel Home view do the following: Click on the Appearance and Personalization link.Click on Show Hidden Files or Folders.Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.Remove the checkmark from the checkbox labeled Hide extensions for known file types.Remove the checkmark from the checkbox labeled Hide protected operating system files.Please do not delete anything unless instructed to. Next:Please download ATF Cleaner by Atribune.Download - ATF Cleaner Link to post Share on other sites More sharing options...
LDTate Posted June 19, 2011 ID:443161 Share Posted June 19, 2011 Do you still need help with this? Link to post Share on other sites More sharing options...
LDTate Posted June 21, 2011 ID:443919 Share Posted June 21, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts