Possible Virus, Search Engine failure

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Biocore

Thread Starter
Joined
Feb 24, 2009
Messages
8
DRTCP021

Hello there, I recently was fiddling with my brother's computer and downloaded a program that I forget the name of, but the file is DRTCP021.exe, it's some sort of TCP/IP configuring tool. He was having an issue where he could only access google and search it, but not go to any websites, and that was a suggested fix. Well, it turned out he had manually set his DNS servers for some reason, so that issue was fixed. But now there's an issue in that every computer except his is unable to load Google (it times out), and yahoo search results time out when trying to get to them from Yahoo. Additionally, a new tab will open after a certain amount of browsing with a google ad, which will sometimes time out. That or ad images are not loading and I'm accidentally clicking them...

I'm on Ubuntu, and the other computers are on XP, and we all use different browsers.
 

Biocore

Thread Starter
Joined
Feb 24, 2009
Messages
8
Minor update, I have found that google does work, but in Chrome, I have to go to the google homepage before I can search, I no longer have the pleasure of simply typing a search term into the address bar. Still getting the "tab-up" ads, yahoo search results still time-out when going from yahoo to the website.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
follow advice here and post the logs those programs make
 

Biocore

Thread Starter
Joined
Feb 24, 2009
Messages
8
Had to run them on a laptop with windows, none of them are compatible with Ubuntu. But the laptop also had the issue where Yahoo results won't load (and I can't even access features like the mature filter page), and Google's homepage has changed or something so the built-in search function won't work either.

HijackThis found:

Code:
 Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:59:22 AM, on 27/12/2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8515 bytes
DDS found:

Code:
DDS (Ver_10-12-12.02) - NTFS_AMD64  
Run by Brennan at 11:00:12.89 on 27/12/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.2.1033.18.2811.1834 [GMT -5:00]

AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
E:\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [PLFSetI] C:\Windows\PLFSetI.exe
mRun-x64: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Brennan\AppData\Roaming\Mozilla\Firefox\Profiles\d94evpl8.default\
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1201000.025\SymDS64.sys [2010-12-22 450096]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1201000.025\SymEFA64.sys [2010-12-22 821808]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-22 953904]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20101224.001\IDSviA64.sys [2010-12-26 476792]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1201000.025\Ironx64.sys [2010-12-22 168496]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1201000.025\symnets.sys [2010-12-22 381488]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-21 202752]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-9-21 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-10-27 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe [2010-12-22 126904]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-9-21 243232]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-9-21 6406144]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-9-21 188928]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-9-21 384040]
S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-26 305520]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-21 246376]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-22 1255736]

=============== Created Last 30 ================

2010-12-22 10:06:46	--------	d-----w-	C:\Users\Brennan\oni
2010-12-22 10:00:07	--------	d-----w-	C:\Windows\SysWow64\Wat
2010-12-22 10:00:07	--------	d-----w-	C:\Windows\System32\Wat
2010-12-22 09:53:32	174640	----a-w-	C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2010-12-22 09:53:32	--------	d-----w-	C:\Program Files\Symantec
2010-12-22 09:53:32	--------	d-----w-	C:\Program Files\Common Files\Symantec Shared
2010-12-22 09:53:28	8199504	----a-w-	C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{BC74C5DA-12D3-4888-8CDB-A741E8BBCE2A}\mpengine.dll
2010-12-22 09:53:27	270720	------w-	C:\Windows\System32\MpSigStub.exe
2010-12-22 09:53:01	821808	----a-r-	C:\Windows\System32\drivers\NISx64\1201000.025\SymEFA64.sys
2010-12-22 09:53:01	715824	----a-r-	C:\Windows\System32\drivers\NISx64\1201000.025\srtsp64.sys
2010-12-22 09:53:01	450096	----a-r-	C:\Windows\System32\drivers\NISx64\1201000.025\SymDS64.sys
2010-12-22 09:53:01	40496	----a-r-	C:\Windows\System32\drivers\NISx64\1201000.025\srtspx64.sys
2010-12-22 09:53:01	381488	----a-r-	C:\Windows\System32\drivers\NISx64\1201000.025\symnets.sys
2010-12-22 09:53:01	168496	----a-r-	C:\Windows\System32\drivers\NISx64\1201000.025\Ironx64.sys
2010-12-22 09:52:46	--------	d-----w-	C:\Windows\System32\drivers\NISx64\1201000.025
2010-12-22 09:52:46	--------	d-----w-	C:\Windows\System32\drivers\NISx64
2010-12-22 09:52:43	--------	d-----w-	C:\Program Files (x86)\Norton Internet Security
2010-12-22 09:52:42	--------	d-----w-	C:\PROGRA~3\Norton
2010-12-22 09:50:32	--------	d-----w-	C:\Program Files (x86)\NortonInstaller
2010-12-22 09:50:31	--------	d-----w-	C:\PROGRA~3\NortonInstaller
2010-12-22 09:45:13	--------	d-----w-	C:\CyberStep
2010-12-22 09:42:04	99176	----a-w-	C:\Windows\SysWow64\PresentationHostProxy.dll
2010-12-22 09:42:04	49472	----a-w-	C:\Windows\SysWow64\netfxperf.dll
2010-12-22 09:42:04	48960	----a-w-	C:\Windows\System32\netfxperf.dll
2010-12-22 09:42:04	444752	----a-w-	C:\Windows\System32\mscoree.dll
2010-12-22 09:42:04	320352	----a-w-	C:\Windows\System32\PresentationHost.exe
2010-12-22 09:42:04	297808	----a-w-	C:\Windows\SysWow64\mscoree.dll
2010-12-22 09:42:04	295264	----a-w-	C:\Windows\SysWow64\PresentationHost.exe
2010-12-22 09:42:04	1942856	----a-w-	C:\Windows\System32\dfshim.dll
2010-12-22 09:42:04	1130824	----a-w-	C:\Windows\SysWow64\dfshim.dll
2010-12-22 09:42:04	109912	----a-w-	C:\Windows\System32\PresentationHostProxy.dll
2010-12-22 09:35:59	633856	----a-w-	C:\Windows\System32\comctl32.dll
2010-12-22 09:31:46	--------	d-----w-	C:\PROGRA~3\Messenger Plus!
2010-12-22 09:31:31	--------	d-----w-	C:\Program Files (x86)\Messenger Plus! Live
2010-12-22 06:24:35	--------	d-----w-	C:\Users\Brennan\AppData\Local\Mozilla
2010-12-22 06:17:01	--------	d-----w-	C:\Users\Brennan\Tracing
2010-12-22 06:14:30	--------	d-----r-	C:\Program Files (x86)\Skype
2010-12-22 06:10:58	--------	d---a-w-	C:\book
2010-12-22 06:09:48	4398360	----a-w-	C:\Windows\System32\d3dx9_32.dll
2010-12-22 06:09:48	3426072	----a-w-	C:\Windows\SysWow64\d3dx9_32.dll
2010-12-22 06:09:29	--------	d-----w-	C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2010-12-22 06:08:24	--------	d-----w-	C:\Program Files (x86)\Windows Live SkyDrive
2010-12-22 06:07:53	--------	d-----w-	C:\Windows\PCHEALTH
2010-12-22 06:07:37	74520	----a-w-	C:\Program Files (x86)\Common Files\Windows Live\.cache\885f174a1cba19e\DSETUP.dll
2010-12-22 06:07:37	484632	----a-w-	C:\Program Files (x86)\Common Files\Windows Live\.cache\885f174a1cba19e\DXSETUP.exe
2010-12-22 06:07:37	1670936	----a-w-	C:\Program Files (x86)\Common Files\Windows Live\.cache\885f174a1cba19e\dsetup32.dll
2010-12-22 06:06:59	141399376	----a-w-	C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc2B34.tmp
2010-12-22 06:06:51	--------	d-----w-	C:\Program Files (x86)\Common Files\Windows Live
2010-12-22 06:05:12	1819648	----a-w-	C:\PROGRA~3\Microsoft\OEMOffice14\Office14\Word.en-us\WordMUI.msi
2010-12-22 05:59:31	--------	d-----w-	C:\Users\Brennan\AppData\Local\ATI
2010-12-22 05:58:16	--------	d-----w-	C:\Users\Brennan\AppData\Local\EgisTec IPS
2010-12-22 05:57:41	--------	d-----w-	C:\Users\Brennan\AppData\Local\VirtualStore
2010-12-22 05:55:46	--------	d-----w-	C:\Program Files (x86)\OEM
2010-12-22 05:53:13	--------	d-sh--w-	C:\Recovery

==================== Find3M  ====================

2010-11-04 06:35:53	1194496	----a-w-	C:\Windows\System32\wininet.dll
2010-11-04 06:31:34	57856	----a-w-	C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17	978944	----a-w-	C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36	44544	----a-w-	C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14	482816	----a-w-	C:\Windows\System32\html.iec
2010-11-04 04:41:26	386048	----a-w-	C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37	1638912	----a-w-	C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54	1638912	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17	524288	----a-w-	C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38	473600	----a-w-	C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38	1169408	----a-w-	C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53	1114624	----a-w-	C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47	464384	----a-w-	C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32	285696	----a-w-	C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36	496128	----a-w-	C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36	305152	----a-w-	C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44	192000	----a-w-	C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33	179712	----a-w-	C:\Windows\SysWow64\schtasks.exe
2010-10-27 11:15:50	29480	----a-w-	C:\Windows\SysWow64\msxml3a.dll
2010-10-27 11:15:48	505128	----a-w-	C:\Windows\SysWow64\msvcp71.dll
2010-10-27 11:15:48	353576	----a-w-	C:\Windows\SysWow64\msvcr71.dll
2010-10-27 11:05:41	206208	----a-w-	C:\Windows\PLFSetI.exe
2010-10-27 10:59:25	0	----a-w-	C:\Windows\ativpsrm.bin
2010-10-27 10:58:27	3	----a-w-	C:\Windows\System32\PLD_Framework.cmd
2010-10-27 05:06:22	2048	----a-w-	C:\Windows\System32\tzres.dll
2010-10-27 04:32:36	2048	----a-w-	C:\Windows\SysWow64\tzres.dll
2010-10-20 05:20:01	46080	----a-w-	C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18	34304	----a-w-	C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15	3124224	----a-w-	C:\Windows\System32\win32k.sys
2010-10-20 03:05:46	367104	----a-w-	C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41	294400	----a-w-	C:\Windows\SysWow64\atmfd.dll
2010-10-16 05:23:13	112000	----a-w-	C:\Windows\System32\consent.exe
2010-10-16 05:19:41	395776	----a-w-	C:\Windows\System32\webio.dll
2010-10-16 04:36:10	314368	----a-w-	C:\Windows\SysWow64\webio.dll

============= FINISH: 11:01:26.00 ===============
GMER said nothing was wrong.
 

Attachments

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
of course they are for windows
if it is affectiong linux systems as well then it must be the router

you need to reset it it factory settings & make sure that teh dns settings are not hijacked

try setting the router dns to open dns
https://store.opendns.com/setup/router/
 

Biocore

Thread Starter
Joined
Feb 24, 2009
Messages
8
Reset the router to factory settings, that seems to have worked. I wonder what happed though....
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
There are malwares that can attack the router
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top