Redirect issue. Please help :/

R

Robin.

New member
Hi,

since a few days my browser is being redirected, and Spybot's url's are blocked, as are some process names. Any of the ordinary Malware removers I tried (including GMER) did not find a thing.

It seems this forum is flooding with people having similar problems as I have, so considering you guys are extra busy I'm extra gratefull for any help and the excellent forums. Anyway, here's my log, thanks!


DDS (Ver_10-03-17.01) - NTFSx86
Run by Robin Lucassen at 21:08:12.09 on Thu 09/23/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1425 [GMT 2:00]

AV: avast! antivirus 4.8.1368 [VPS 100923-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Robin Lucassen\Bureaublad\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\razawebhook32.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_21\bin\ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CTHelper] CTHELPER.EXE
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_21\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: nvidia.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
TCP: NameServer = 93.188.162.233,93.188.161.233
TCP: {912393CD-00DB-469E-BE45-AE564683D6DD} = 93.188.162.233,93.188.161.233
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\robinl~1\applic~1\mozilla\firefox\profiles\mlamxpb4.default\
FF - prefs.js: browser.startup.homepage - www.google.nl
FF - plugin: c:\documents and settings\robin lucassen\application data\mozilla\firefox\profiles\mlamxpb4.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_21\bin\NPJPI150_21.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-18 114768]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-2-28 147416]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 sfvmr;sfvmr;c:\windows\system32\drivers\sfvmr.sys [2010-8-25 11584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-18 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-18 138680]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2010-3-18 18904]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-4-17 115944]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-18 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-18 352920]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-8-3 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2010-09-23 17:49:39 0 d-----w- c:\program files\SpywareBlaster
2010-09-20 22:58:57 4931577 ------w- c:\windows\{00000001-00000000-00000009-00001102-00000004-10021102}.BAK
2010-09-08 19:07:40 962612 ----a-w- c:\windows\system32\mfc42d.dll
2010-09-08 19:07:40 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL
2010-09-08 19:06:44 12096 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys
2010-09-08 19:06:44 10304 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys
2010-08-27 01:26:09 0 d-----w- c:\windows\KConvert Temp
2010-08-27 01:26:09 0 d-----w- c:\windows\KConvert Logs
2010-08-27 01:26:01 0 d-----w- c:\program files\Windows Media Connect 2
2010-08-27 01:24:45 0 d-----w- c:\windows\system32\LogFiles
2010-08-25 15:05:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Sibelius Software
2010-08-25 15:05:24 0 d-----w- c:\docume~1\robinl~1\applic~1\Sibelius Software
2010-08-25 15:02:03 0 d-----w- c:\program files\Sibelius Software
2010-08-25 15:02:01 452 ----a-w- c:\windows\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
2010-08-25 13:52:32 0 d-----w- c:\program files\MIDIOX
2010-08-25 12:39:06 19968 ----a-r- c:\windows\system32\sfvmr.dll
2010-08-25 12:39:06 11584 ----a-r- c:\windows\system32\drivers\sfvmr.sys

==================== Find3M ====================

2010-08-25 15:05:26 604 ---ha-w- c:\program files\STLL Notifier
2010-08-24 12:58:28 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-17 15:42:16 91664 ----a-w- c:\windows\system32\perfc013.dat
2010-08-17 15:42:16 512128 ----a-w- c:\windows\system32\perfh013.dat
2010-08-03 20:52:49 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-08-03 20:52:49 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-08-01 21:02:43 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-30 14:34:55 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-30 14:34:47 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-09 22:38:00 6343040 ----a-w- c:\windows\system32\nv4_disp.dll
2010-07-09 22:38:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-09 22:38:00 604776 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-09 22:38:00 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-09 22:38:00 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
2010-07-09 22:38:00 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-09 22:38:00 236136 ----a-w- c:\windows\system32\nvcodins.dll
2010-07-09 22:38:00 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-07-09 22:38:00 2195030 ----a-w- c:\windows\system32\nvdata.bin
2010-07-09 22:38:00 1388544 ----a-w- c:\windows\system32\nvapi.dll
2010-07-09 22:38:00 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
2010-07-09 22:38:00 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-09 14:24:26 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 14:24:18 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 14:24:18 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:24:16 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 14:24:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 14:24:16 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-07 11:46:46 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-30 12:33:19 149504 ----a-w- c:\windows\system32\schannel.dll
2009-09-20 21:59:19 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012009092020090921\index.dat

============= FINISH: 21:09:56.53 ===============
 
Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent
Shareaza
Soulseek


I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Post fresh dds logs when ready.
 
No problem, I must have missed that thread concerning P2P. Here are fresh logs, thanks.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Robin Lucassen at 14:32:13.21 on Mon 09/27/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1581 [GMT 2:00]

AV: avast! antivirus 4.8.1368 [VPS 100927-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Robin Lucassen\Bureaublad\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_21\bin\ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CTHelper] CTHELPER.EXE
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_21\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: nvidia.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
TCP: NameServer = 93.188.162.233,93.188.161.233
TCP: {912393CD-00DB-469E-BE45-AE564683D6DD} = 93.188.162.233,93.188.161.233
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\robinl~1\applic~1\mozilla\firefox\profiles\mlamxpb4.default\
FF - prefs.js: browser.startup.homepage - www.google.nl
FF - plugin: c:\documents and settings\robin lucassen\application

data\mozilla\firefox\profiles\mlamxpb4.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_21\bin\NPJPI150_21.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-18 114768]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-2-28 147416]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 sfvmr;sfvmr;c:\windows\system32\drivers\sfvmr.sys [2010-8-25 11584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-18 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-18 138680]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2010-3-18 18904]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-4-17 115944]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-18 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-18 352920]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs

shared\service\CTAELicensing.exe [2010-8-3 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2010-09-25 10:07:17 0 d-----w- C:\TEMP
2010-09-23 17:49:39 0 d-----w- c:\program files\SpywareBlaster
2010-09-20 22:58:57 4931577 ----a-w- c:\windows\{00000001-00000000-00000009-00001102-00000004-10021102}.BAK
2010-09-08 19:07:40 962612 ----a-w- c:\windows\system32\mfc42d.dll
2010-09-08 19:07:40 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL
2010-09-08 19:06:44 12096 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys
2010-09-08 19:06:44 10304 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys

==================== Find3M ====================

2010-08-25 15:05:26 604 ---ha-w- c:\program files\STLL Notifier
2010-08-24 12:58:28 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-17 15:42:16 91664 ----a-w- c:\windows\system32\perfc013.dat
2010-08-17 15:42:16 512128 ----a-w- c:\windows\system32\perfh013.dat
2010-08-03 20:52:49 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-08-03 20:52:49 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-08-01 21:02:43 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-30 14:34:55 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-30 14:34:47 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-09 22:38:00 6343040 ----a-w- c:\windows\system32\nv4_disp.dll
2010-07-09 22:38:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-09 22:38:00 604776 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-09 22:38:00 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-09 22:38:00 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
2010-07-09 22:38:00 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-09 22:38:00 236136 ----a-w- c:\windows\system32\nvcodins.dll
2010-07-09 22:38:00 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-07-09 22:38:00 2195030 ----a-w- c:\windows\system32\nvdata.bin
2010-07-09 22:38:00 1388544 ----a-w- c:\windows\system32\nvapi.dll
2010-07-09 22:38:00 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
2010-07-09 22:38:00 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-09 14:24:26 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 14:24:18 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 14:24:18 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:24:16 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 14:24:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 14:24:16 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-07 11:46:46 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-30 12:33:19 149504 ----a-w- c:\windows\system32\schannel.dll
2009-09-20 21:59:19 32768 --sha-w- c:\windows\system32\config\systemprofile\local

settings\geschiedenis\history.ie5\mshist012009092020090921\index.dat

============= FINISH: 14:34:44.50 ===============
 
Hi,

Please make sure word wrap in notepad is disabled.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
Hi Blade81,

since combofix has ran my PC does not redirect anymore, aaand its because it does not connect to any site. Although I can connect to servers, there seems to be something critical missing for http/ftp communication. My hope is the logs I included could shed light light on that matter, aside from my malware problems, so please let me know if you can help me with this. I can post additional info whenever you want. Thanks for attending to my case and I look forward to you response, Robin.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Robin Lucassen at 12:50:13.56 on Tue 09/28/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1550 [GMT 2:00]

AV: avast! antivirus 4.8.1368 [VPS 100927-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Documents and Settings\Robin Lucassen\Bureaublad\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_21\bin\ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CTHelper] CTHELPER.EXE
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_21\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: nvidia.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\robinl~1\applic~1\mozilla\firefox\profiles\mlamxpb4.default\
FF - prefs.js: browser.startup.homepage - www.google.nl
FF - plugin: c:\documents and settings\robin lucassen\application data\mozilla\firefox\profiles\mlamxpb4.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_21\bin\NPJPI150_21.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-18 114768]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-2-28 147416]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 sfvmr;sfvmr;c:\windows\system32\drivers\sfvmr.sys [2010-8-25 11584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-18 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-18 138680]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-18 352920]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2010-3-18 18904]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-4-17 115944]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-18 254040]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-8-3 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]

=============== Created Last 30 ================

2010-09-28 09:48:43 0 dc-h--w- c:\windows\ie8
2010-09-27 18:34:47 0 d-sha-r- C:\cmdcons
2010-09-27 18:29:23 98816 ----a-w- c:\windows\sed.exe
2010-09-27 18:29:23 77312 ----a-w- c:\windows\MBR.exe
2010-09-27 18:29:23 256512 ----a-w- c:\windows\PEV.exe
2010-09-27 18:29:23 161792 ----a-w- c:\windows\SWREG.exe
2010-09-25 10:07:17 0 d-----w- C:\TEMP
2010-09-23 17:49:39 0 d-----w- c:\program files\SpywareBlaster
2010-09-20 22:58:57 4931577 ----a-w- c:\windows\{00000001-00000000-00000009-00001102-00000004-10021102}.BAK
2010-09-08 19:07:40 962612 ----a-w- c:\windows\system32\mfc42d.dll
2010-09-08 19:07:40 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL
2010-09-08 19:06:44 12096 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys
2010-09-08 19:06:44 10304 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys

==================== Find3M ====================

2010-08-25 15:05:26 604 ---ha-w- c:\program files\STLL Notifier
2010-08-24 12:58:28 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-17 15:42:16 91664 ----a-w- c:\windows\system32\perfc013.dat
2010-08-17 15:42:16 512128 ----a-w- c:\windows\system32\perfh013.dat
2010-08-03 20:52:49 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-08-03 20:52:49 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-08-01 21:02:43 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-30 14:34:55 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-30 14:34:47 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-09 22:38:00 6343040 ----a-w- c:\windows\system32\nv4_disp.dll
2010-07-09 22:38:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-09 22:38:00 604776 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-09 22:38:00 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-09 22:38:00 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
2010-07-09 22:38:00 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-09 22:38:00 236136 ----a-w- c:\windows\system32\nvcodins.dll
2010-07-09 22:38:00 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-07-09 22:38:00 2195030 ----a-w- c:\windows\system32\nvdata.bin
2010-07-09 22:38:00 1388544 ----a-w- c:\windows\system32\nvapi.dll
2010-07-09 22:38:00 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
2010-07-09 22:38:00 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-09 14:24:26 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 14:24:18 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 14:24:18 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:24:16 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 14:24:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 14:24:16 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-07 11:46:46 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-30 12:33:19 149504 ----a-w- c:\windows\system32\schannel.dll
2009-09-20 21:59:19 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012009092020090921\index.dat

============= FINISH: 12:51:07.64 ===============
 
Hi,

Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the quote box into a new file:

@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
ping -n 2 google.com
route print
)
start Log1.txt
del %0
Click to expand...

  • Go to the File menu at the top of the Notepad and select Save as.
  • Select save in: desktop
  • Fill in File name: test.bat
  • Save as type: All file types (*.*)
  • Click save.
  • Close the Notepad.
  • Locate and double-click test.bat on the desktop.
  • A notepad opens, copy and paste the content it (log1.txt) to your reply.
 
Excuse me, I forgot to disable avast during the previous DDS scan. My bad.

New logs:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Robin Lucassen at 13:00:29.35 on Tue 09/28/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1640 [GMT 2:00]

AV: avast! antivirus 4.8.1368 [VPS 100927-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Documents and Settings\Robin Lucassen\Bureaublad\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_21\bin\ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CTHelper] CTHELPER.EXE
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_21\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: nvidia.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\robinl~1\applic~1\mozilla\firefox\profiles\mlamxpb4.default\
FF - prefs.js: browser.startup.homepage - www.google.nl
FF - plugin: c:\documents and settings\robin lucassen\application data\mozilla\firefox\profiles\mlamxpb4.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_21\bin\NPJPI150_21.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-18 114768]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-2-28 147416]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R1 sfvmr;sfvmr;c:\windows\system32\drivers\sfvmr.sys [2010-8-25 11584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-18 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-18 138680]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2010-3-18 18904]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-4-17 115944]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-18 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-18 352920]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-8-3 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]

=============== Created Last 30 ================

2010-09-28 09:48:43 0 dc-h--w- c:\windows\ie8
2010-09-27 18:34:47 0 d-sha-r- C:\cmdcons
2010-09-27 18:29:23 98816 ----a-w- c:\windows\sed.exe
2010-09-27 18:29:23 77312 ----a-w- c:\windows\MBR.exe
2010-09-27 18:29:23 256512 ----a-w- c:\windows\PEV.exe
2010-09-27 18:29:23 161792 ----a-w- c:\windows\SWREG.exe
2010-09-25 10:07:17 0 d-----w- C:\TEMP
2010-09-23 17:49:39 0 d-----w- c:\program files\SpywareBlaster
2010-09-20 22:58:57 4931577 ----a-w- c:\windows\{00000001-00000000-00000009-00001102-00000004-10021102}.BAK
2010-09-08 19:07:40 962612 ----a-w- c:\windows\system32\mfc42d.dll
2010-09-08 19:07:40 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL
2010-09-08 19:06:44 12096 ----a-w- c:\windows\system32\drivers\AsInsHelp64.sys
2010-09-08 19:06:44 10304 ----a-w- c:\windows\system32\drivers\AsInsHelp32.sys

==================== Find3M ====================

2010-08-25 15:05:26 604 ---ha-w- c:\program files\STLL Notifier
2010-08-24 12:58:28 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-08-17 15:42:16 91664 ----a-w- c:\windows\system32\perfc013.dat
2010-08-17 15:42:16 512128 ----a-w- c:\windows\system32\perfh013.dat
2010-08-03 20:52:49 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-08-03 20:52:49 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-08-01 21:02:43 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-30 14:34:55 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-30 14:34:47 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-09 22:38:00 6343040 ----a-w- c:\windows\system32\nv4_disp.dll
2010-07-09 22:38:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-09 22:38:00 604776 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-09 22:38:00 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-09 22:38:00 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
2010-07-09 22:38:00 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-09 22:38:00 236136 ----a-w- c:\windows\system32\nvcodins.dll
2010-07-09 22:38:00 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-07-09 22:38:00 2195030 ----a-w- c:\windows\system32\nvdata.bin
2010-07-09 22:38:00 1388544 ----a-w- c:\windows\system32\nvapi.dll
2010-07-09 22:38:00 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
2010-07-09 22:38:00 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-09 14:24:26 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 14:24:18 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 14:24:18 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 14:24:16 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 14:24:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 14:24:16 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-07 11:46:46 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-30 12:33:19 149504 ----a-w- c:\windows\system32\schannel.dll
2009-09-20 21:59:19 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\geschiedenis\history.ie5\mshist012009092020090921\index.dat

============= FINISH: 13:00:44.25 ===============
 
Hi, thanks for the quick reply, here are the results:

Windows IP-configuratie



Host-naam . . . . . . . . . . . .: ADMIN-F7761109E

Primair DNS-achtervoegsel. . . . .:

Knooppunttype: . . . . . . . . . .: onbekend

IP-routering ingeschakeld. . . . .: nee

WINS-proxy ingeschakeld . . . . . : nee



Ethernet-adapter LAN-verbinding:



Verbindingsspec. DNS-achtervoegsel:

Beschrijving . . . . . . . . . . .:

NVIDIA nForce Networking Controller

Fysiek adres. . . . . . . . . . . : 00-1E-8C-6A-FE-E1

DHCP ingeschakeld:. . . . . . . . : nee

IP-adres. . . . . . . . . . . . . : 192.168.1.10

Subnetmasker. . . . . . . . . . . : 255.255.255.0

Standaardgateway. . . . . . . . . : 192.168.1.1

Server: UnKnown
Address: 127.0.0.1

Ping-aanvraag kan host google.com niet vinden. Controleer de naam en probeer het

opnieuw.

===========================================================================
Interfacelijst
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1e 8c 6a fe e1 ...... NVIDIA nForce Networking Controller - Pakketplanner-minipoort
===========================================================================
===========================================================================
Actieve routes:
Netwerkadres Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.10 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.10 192.168.1.10 20
192.168.1.10 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.10 192.168.1.10 20
224.0.0.0 240.0.0.0 192.168.1.10 192.168.1.10 20
255.255.255.255 255.255.255.255 192.168.1.10 192.168.1.10 1
Standaard-gateway: 192.168.1.1
===========================================================================
Permanente routes:
Geen
 
Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category
View, select the Network and Internet Connections category otherwise
double click on Network Connections. Then right click on your default
connection, usually local area connection for cable and dsl, and left
click on properties. Click the Networking tab. Double-click on the
Internet Protocol (TCP/IP) item and select the radio dial that says
Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be available on some systems
Next Go start run type cmd and hit OK
type ipconfig /flushdns
then hit enter, type exit hit enter
(note: that space between g and / is needed)

See if the access is now working.
 
That did the trick :D Noticed DNS serverlist was blank, but didn't know how to fix it. Everything seems to be in perfect order, so are we done with this ugly rootkit stuff?
 
Good. Got some more steps for your ready :)


Uninstall old Adobe Reader versions and get the latest one with updates (9.3 and updates 9.3.2 & 9.3.3 & 9.3.4) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 21.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report & a fresh dds.txt log.
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top