1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Possible Virus, Search Engine failure

Discussion in 'Virus & Other Malware Removal' started by Biocore, Dec 25, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Biocore

    Biocore Thread Starter

    Joined:
    Feb 24, 2009
    Messages:
    8
    DRTCP021

    Hello there, I recently was fiddling with my brother's computer and downloaded a program that I forget the name of, but the file is DRTCP021.exe, it's some sort of TCP/IP configuring tool. He was having an issue where he could only access google and search it, but not go to any websites, and that was a suggested fix. Well, it turned out he had manually set his DNS servers for some reason, so that issue was fixed. But now there's an issue in that every computer except his is unable to load Google (it times out), and yahoo search results time out when trying to get to them from Yahoo. Additionally, a new tab will open after a certain amount of browsing with a google ad, which will sometimes time out. That or ad images are not loading and I'm accidentally clicking them...

    I'm on Ubuntu, and the other computers are on XP, and we all use different browsers.
     
  2. Biocore

    Biocore Thread Starter

    Joined:
    Feb 24, 2009
    Messages:
    8
    Minor update, I have found that google does work, but in Chrome, I have to go to the google homepage before I can search, I no longer have the pleasure of simply typing a search term into the address bar. Still getting the "tab-up" ads, yahoo search results still time-out when going from yahoo to the website.
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    follow advice here and post the logs those programs make
     
  4. Biocore

    Biocore Thread Starter

    Joined:
    Feb 24, 2009
    Messages:
    8
    Had to run them on a laptop with windows, none of them are compatible with Ubuntu. But the laptop also had the issue where Yahoo results won't load (and I can't even access features like the mature filter page), and Google's homepage has changed or something so the built-in search function won't work either.

    HijackThis found:

    Code:
     Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:59:22 AM, on 27/12/2010
    Platform: Windows 7  (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16700)
    Boot mode: Normal
    
    Running processes:
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
    C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    E:\HijackThis.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
    O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
    O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
    O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    
    --
    End of file - 8515 bytes 
    DDS found:

    Code:
     
    DDS (Ver_10-12-12.02) - NTFS_AMD64  
    Run by Brennan at 11:00:12.89 on 27/12/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium   6.1.7600.0.1252.2.1033.18.2811.1834 [GMT -5:00]
    
    AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    
    ============== Running Processes ===============
    
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    E:\dds.scr
    C:\Windows\system32\conhost.exe
    
    ============== Pseudo HJT Report ===============
    
    uStart Page = hxxp://acer.msn.com
    uDefault_Page_URL = hxxp://acer.msn.com
    mDefault_Page_URL = hxxp://acer.msn.com
    mStart Page = hxxp://acer.msn.com
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    mRun-x64: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [PLFSetI] C:\Windows\PLFSetI.exe
    mRun-x64: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    
    ================= FIREFOX ===================
    
    FF - ProfilePath - C:\Users\Brennan\AppData\Roaming\Mozilla\Firefox\Profiles\d94evpl8.default\
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn
    FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn
    
    ============= SERVICES / DRIVERS ===============
    
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1201000.025\SymDS64.sys [2010-12-22 450096]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1201000.025\SymEFA64.sys [2010-12-22 821808]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-22 953904]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101224.001\IDSviA64.sys [2010-12-26 476792]
    R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
    R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
    R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1201000.025\Ironx64.sys [2010-12-22 168496]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1201000.025\symnets.sys [2010-12-22 381488]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-21 202752]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-9-21 321104]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-10-27 868896]
    R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [2010-12-22 126904]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
    R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-9-21 243232]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-9-21 6406144]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-9-21 188928]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-9-21 384040]
    S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-21 246376]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-22 1255736]
    
    =============== Created Last 30 ================
    
    2010-12-22 10:06:46	--------	d-----w-	C:\Users\Brennan\oni
    2010-12-22 10:00:07	--------	d-----w-	C:\Windows\SysWow64\Wat
    2010-12-22 10:00:07	--------	d-----w-	C:\Windows\System32\Wat
    2010-12-22 09:53:32	174640	----a-w-	C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2010-12-22 09:53:32	--------	d-----w-	C:\Program Files\Symantec
    2010-12-22 09:53:32	--------	d-----w-	C:\Program Files\Common Files\Symantec Shared
    2010-12-22 09:53:28	8199504	----a-w-	C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{BC74C5DA-12D3-4888-8CDB-A741E8BBCE2A}\mpengine.dll
    2010-12-22 09:53:27	270720	------w-	C:\Windows\System32\MpSigStub.exe
    2010-12-22 09:53:01	821808	----a-r-	C:\Windows\System32\drivers\NISx64\1201000.025\SymEFA64.sys
    2010-12-22 09:53:01	715824	----a-r-	C:\Windows\System32\drivers\NISx64\1201000.025\srtsp64.sys
    2010-12-22 09:53:01	450096	----a-r-	C:\Windows\System32\drivers\NISx64\1201000.025\SymDS64.sys
    2010-12-22 09:53:01	40496	----a-r-	C:\Windows\System32\drivers\NISx64\1201000.025\srtspx64.sys
    2010-12-22 09:53:01	381488	----a-r-	C:\Windows\System32\drivers\NISx64\1201000.025\symnets.sys
    2010-12-22 09:53:01	168496	----a-r-	C:\Windows\System32\drivers\NISx64\1201000.025\Ironx64.sys
    2010-12-22 09:52:46	--------	d-----w-	C:\Windows\System32\drivers\NISx64\1201000.025
    2010-12-22 09:52:46	--------	d-----w-	C:\Windows\System32\drivers\NISx64
    2010-12-22 09:52:43	--------	d-----w-	C:\Program Files (x86)\Norton Internet Security
    2010-12-22 09:52:42	--------	d-----w-	C:\PROGRA~3\Norton
    2010-12-22 09:50:32	--------	d-----w-	C:\Program Files (x86)\NortonInstaller
    2010-12-22 09:50:31	--------	d-----w-	C:\PROGRA~3\NortonInstaller
    2010-12-22 09:45:13	--------	d-----w-	C:\CyberStep
    2010-12-22 09:42:04	99176	----a-w-	C:\Windows\SysWow64\PresentationHostProxy.dll
    2010-12-22 09:42:04	49472	----a-w-	C:\Windows\SysWow64\netfxperf.dll
    2010-12-22 09:42:04	48960	----a-w-	C:\Windows\System32\netfxperf.dll
    2010-12-22 09:42:04	444752	----a-w-	C:\Windows\System32\mscoree.dll
    2010-12-22 09:42:04	320352	----a-w-	C:\Windows\System32\PresentationHost.exe
    2010-12-22 09:42:04	297808	----a-w-	C:\Windows\SysWow64\mscoree.dll
    2010-12-22 09:42:04	295264	----a-w-	C:\Windows\SysWow64\PresentationHost.exe
    2010-12-22 09:42:04	1942856	----a-w-	C:\Windows\System32\dfshim.dll
    2010-12-22 09:42:04	1130824	----a-w-	C:\Windows\SysWow64\dfshim.dll
    2010-12-22 09:42:04	109912	----a-w-	C:\Windows\System32\PresentationHostProxy.dll
    2010-12-22 09:35:59	633856	----a-w-	C:\Windows\System32\comctl32.dll
    2010-12-22 09:31:46	--------	d-----w-	C:\PROGRA~3\Messenger Plus!
    2010-12-22 09:31:31	--------	d-----w-	C:\Program Files (x86)\Messenger Plus! Live
    2010-12-22 06:24:35	--------	d-----w-	C:\Users\Brennan\AppData\Local\Mozilla
    2010-12-22 06:17:01	--------	d-----w-	C:\Users\Brennan\Tracing
    2010-12-22 06:14:30	--------	d-----r-	C:\Program Files (x86)\Skype
    2010-12-22 06:10:58	--------	d---a-w-	C:\book
    2010-12-22 06:09:48	4398360	----a-w-	C:\Windows\System32\d3dx9_32.dll
    2010-12-22 06:09:48	3426072	----a-w-	C:\Windows\SysWow64\d3dx9_32.dll
    2010-12-22 06:09:29	--------	d-----w-	C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2010-12-22 06:08:24	--------	d-----w-	C:\Program Files (x86)\Windows Live SkyDrive
    2010-12-22 06:07:53	--------	d-----w-	C:\Windows\PCHEALTH
    2010-12-22 06:07:37	74520	----a-w-	C:\Program Files (x86)\Common Files\Windows Live\.cache\885f174a1cba19e\DSETUP.dll
    2010-12-22 06:07:37	484632	----a-w-	C:\Program Files (x86)\Common Files\Windows Live\.cache\885f174a1cba19e\DXSETUP.exe
    2010-12-22 06:07:37	1670936	----a-w-	C:\Program Files (x86)\Common Files\Windows Live\.cache\885f174a1cba19e\dsetup32.dll
    2010-12-22 06:06:59	141399376	----a-w-	C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc2B34.tmp
    2010-12-22 06:06:51	--------	d-----w-	C:\Program Files (x86)\Common Files\Windows Live
    2010-12-22 06:05:12	1819648	----a-w-	C:\PROGRA~3\Microsoft\OEMOffice14\Office14\Word.en-us\WordMUI.msi
    2010-12-22 05:59:31	--------	d-----w-	C:\Users\Brennan\AppData\Local\ATI
    2010-12-22 05:58:16	--------	d-----w-	C:\Users\Brennan\AppData\Local\EgisTec IPS
    2010-12-22 05:57:41	--------	d-----w-	C:\Users\Brennan\AppData\Local\VirtualStore
    2010-12-22 05:55:46	--------	d-----w-	C:\Program Files (x86)\OEM
    2010-12-22 05:53:13	--------	d-sh--w-	C:\Recovery
    
    ==================== Find3M  ====================
    
    2010-11-04 06:35:53	1194496	----a-w-	C:\Windows\System32\wininet.dll
    2010-11-04 06:31:34	57856	----a-w-	C:\Windows\System32\licmgr10.dll
    2010-11-04 05:52:17	978944	----a-w-	C:\Windows\SysWow64\wininet.dll
    2010-11-04 05:48:36	44544	----a-w-	C:\Windows\SysWow64\licmgr10.dll
    2010-11-04 05:16:14	482816	----a-w-	C:\Windows\System32\html.iec
    2010-11-04 04:41:26	386048	----a-w-	C:\Windows\SysWow64\html.iec
    2010-11-04 04:35:37	1638912	----a-w-	C:\Windows\System32\mshtml.tlb
    2010-11-04 04:08:54	1638912	----a-w-	C:\Windows\SysWow64\mshtml.tlb
    2010-11-02 05:18:17	524288	----a-w-	C:\Windows\System32\wmicmiplugin.dll
    2010-11-02 05:17:38	473600	----a-w-	C:\Windows\System32\taskcomp.dll
    2010-11-02 05:17:38	1169408	----a-w-	C:\Windows\System32\taskschd.dll
    2010-11-02 05:16:53	1114624	----a-w-	C:\Windows\System32\schedsvc.dll
    2010-11-02 05:10:47	464384	----a-w-	C:\Windows\System32\taskeng.exe
    2010-11-02 05:10:32	285696	----a-w-	C:\Windows\System32\schtasks.exe
    2010-11-02 04:40:36	496128	----a-w-	C:\Windows\SysWow64\taskschd.dll
    2010-11-02 04:40:36	305152	----a-w-	C:\Windows\SysWow64\taskcomp.dll
    2010-11-02 04:34:44	192000	----a-w-	C:\Windows\SysWow64\taskeng.exe
    2010-11-02 04:34:33	179712	----a-w-	C:\Windows\SysWow64\schtasks.exe
    2010-10-27 11:15:50	29480	----a-w-	C:\Windows\SysWow64\msxml3a.dll
    2010-10-27 11:15:48	505128	----a-w-	C:\Windows\SysWow64\msvcp71.dll
    2010-10-27 11:15:48	353576	----a-w-	C:\Windows\SysWow64\msvcr71.dll
    2010-10-27 11:05:41	206208	----a-w-	C:\Windows\PLFSetI.exe
    2010-10-27 10:59:25	0	----a-w-	C:\Windows\ativpsrm.bin
    2010-10-27 10:58:27	3	----a-w-	C:\Windows\System32\PLD_Framework.cmd
    2010-10-27 05:06:22	2048	----a-w-	C:\Windows\System32\tzres.dll
    2010-10-27 04:32:36	2048	----a-w-	C:\Windows\SysWow64\tzres.dll
    2010-10-20 05:20:01	46080	----a-w-	C:\Windows\System32\atmlib.dll
    2010-10-20 04:54:18	34304	----a-w-	C:\Windows\SysWow64\atmlib.dll
    2010-10-20 03:09:15	3124224	----a-w-	C:\Windows\System32\win32k.sys
    2010-10-20 03:05:46	367104	----a-w-	C:\Windows\System32\atmfd.dll
    2010-10-20 02:58:41	294400	----a-w-	C:\Windows\SysWow64\atmfd.dll
    2010-10-16 05:23:13	112000	----a-w-	C:\Windows\System32\consent.exe
    2010-10-16 05:19:41	395776	----a-w-	C:\Windows\System32\webio.dll
    2010-10-16 04:36:10	314368	----a-w-	C:\Windows\SysWow64\webio.dll
    
    ============= FINISH: 11:01:26.00 =============== 
    GMER said nothing was wrong.
     

    Attached Files:

  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    of course they are for windows
    if it is affectiong linux systems as well then it must be the router

    you need to reset it it factory settings & make sure that teh dns settings are not hijacked

    try setting the router dns to open dns
    https://store.opendns.com/setup/router/
     
  6. Biocore

    Biocore Thread Starter

    Joined:
    Feb 24, 2009
    Messages:
    8
    Reset the router to factory settings, that seems to have worked. I wonder what happed though....
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    There are malwares that can attack the router
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/970562

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice