Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS Changer


  • This topic is locked This topic is locked
4 replies to this topic

#1 sh3rk

sh3rk

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 03 December 2008 - 08:23 AM

Hi,apparently I've run into this DNS Changer thingy and is looking for a solution for that. This computer network stores important data and the last thing I wanna hear is that someone has steal the data within it.
I looked at 1 of the post by other user which has the same problem, but I couldnt proceed to the 1st step which is asked me to connect my computer directly to the modem, as I am using a router modem.

I used Malwarebytes to run a quick scan n remove all the threats found. Below is the logfile

Malwarebytes Log

Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 1

03/12/2008 13:29:58
mbam-log-2008-12-03 (13-29-58).txt

Scan type: Quick Scan
Objects scanned: 47503
Time elapsed: 1 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\antiwpa (Trojan.I.Stole.Windows) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Antispyware (Rogue.Antispyware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{8913a746-48c8-4f0c-a9c2-64b862f40ed4}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.213;85.255.112.227 -> Quarantined and deleted successfully.

Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\antiwpa.dll (Trojan.I.Stole.Windows) -> Delete on reboot.
C:\WINDOWS\Temp\tempo-ED3.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-299.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-02D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-165.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-451.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-769.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-883.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-5ED.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-EB7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-27D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-94D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-373.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

BC AdBot (Login to Remove)

 


#2 sh3rk

sh3rk
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 03 December 2008 - 08:32 AM

This is the RSIT log that I get, bear in mind that I am still connected to the router. But I've unplug the other pc which is also affected by this trojan.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Cad Designer at 2008-12-03 13:38:06
Microsoft Windows XP Professional Service Pack 1
System drive C: has 9 GB (44%) free of 21 GB
Total RAM: 511 MB (44% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Antispyware Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0005A87D-D626-4B3A-84F9-1D9571695F55}]
ThunderIEHelper Class - C:\WINDOWS\System32\xunleibho_v11.dll [2006-01-09 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F85D76C-0569-466F-A488-493E6BD0E955}]
dsWebAllowBHO Class - C:\Program Files\Windows Desktop Search\dsWebAllow.dll [2006-03-26 265432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-15 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-29 842268]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2006-03-17 7561216]
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2006-03-17 86016]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-07-21 86016]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2006-05-04 2808832]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"QuickTime Task"=E:\QuickTime\qttask.exe [2007-02-26 282624]
"C:\WINDOWS\System32\kdefu.exe"=C:\WINDOWS\system32\kdefu.exe []
"C:\WINDOWS\System32\kdcqh.exe"=C:\WINDOWS\System32\kdcqh.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\System32\ctfmon.exe [2002-08-29 13312]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"DriverUpdaterPro"=C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
E:\QuickTime\qttask.exe [2007-02-26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-01-26 495616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe [2003-11-15 689248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
C:\PROGRA~1\WINDOW~4\WINDOW~3.EXE [2006-03-26 257752]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
EPSON Status Monitor 3 Environment Check(3).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
EPSON Background Monitor.lnk - C:\Program Files\Common Files\EPSON\EBAPI\STMS.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\Cad Designer\Start Menu\Programs\Startup
WWU.lnk - C:\Program Files\issc\issc35\wwu.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 233472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoWindowsUpdate"=0
"NoFavoritesMenu"=0
"NoSMMyPictures"=0
"NoStartMenuMyMusic"=0
"NoRecentDocsHistory]"=0
"NoRecentDocsNetHood"=0
"NoFind"=0
"NoRun"=0
"NoUserNameInStartMenu"=0
"NoInstrumentation"=0
"NoStartMenuPinnedList"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWindowsUpdate"=
"NoFavoritesMenu"=
"NoSMMyPictures"=
"NoStartMenuMyMusic"=
"NoRecentDocsNetHood"=
"NoFind"=
"NoRun"=
"NoInstrumentation"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - open - "C:\Program Files\Macromedia\Dreamweaver UltraDev 4\UltraDev.exe" "%1"
.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2008-12-03 13:38:07 ----D---- C:\Program Files\trend micro
2008-12-03 13:38:06 ----D---- C:\rsit
2008-12-03 13:08:27 ----D---- C:\Documents and Settings\Cad Designer\Application Data\Malwarebytes
2008-12-03 13:08:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-03 13:08:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-03 12:57:24 ----D---- C:\Program Files\Lavasoft
2008-12-03 12:57:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-03 12:54:47 ----A---- C:\rapport.txt
2008-12-03 12:54:43 ----A---- C:\WINDOWS\System32\WS2Fix.exe
2008-12-03 12:54:43 ----A---- C:\WINDOWS\System32\VCCLSID.exe
2008-12-03 12:54:43 ----A---- C:\WINDOWS\System32\VACFix.exe
2008-12-03 12:54:43 ----A---- C:\WINDOWS\System32\swxcacls.exe
2008-12-03 12:54:43 ----A---- C:\WINDOWS\System32\swsc.exe
2008-12-03 12:54:43 ----A---- C:\WINDOWS\System32\swreg.exe
2008-12-03 12:54:43 ----A---- C:\WINDOWS\System32\IEDFix.exe
2008-12-03 12:54:43 ----A---- C:\WINDOWS\System32\dumphive.exe
2008-12-03 12:54:43 ----A---- C:\WINDOWS\System32\404Fix.exe
2008-12-03 12:53:56 ----D---- C:\_OTMoveIt
2008-12-03 12:43:11 ----A---- C:\WINDOWS\System32\SrchSTS.exe
2008-12-03 12:43:11 ----A---- C:\WINDOWS\System32\Process.exe
2008-12-03 12:43:11 ----A---- C:\WINDOWS\System32\o4Patch.exe
2008-12-03 12:43:11 ----A---- C:\WINDOWS\System32\IEDFix.C.exe
2008-12-03 12:09:44 ----D---- C:\Documents and Settings\Cad Designer\Application Data\Antispyware
2008-12-03 10:08:09 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-03 09:42:42 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-12-03 09:42:42 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-12-03 09:42:42 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-03 09:42:41 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2008-12-02 16:29:55 ----D---- C:\Program Files\Exterminate It!
2008-12-01 15:11:36 ----D---- C:\WINDOWS\LastGood.Tmp
2008-12-01 09:30:39 ----D---- C:\Documents and Settings\Cad Designer\Application Data\MAGIX
2008-12-01 09:30:39 ----D---- C:\Documents and Settings\All Users\Application Data\MAGIX
2008-12-01 09:30:30 ----D---- C:\Program Files\WMV9_VCM
2008-12-01 09:30:18 ----D---- C:\Program Files\Common Files\xara
2008-12-01 09:30:14 ----A---- C:\WINDOWS\System32\msxml4a.dll
2008-12-01 09:29:58 ----D---- C:\Documents and Settings\All Users\Application Data\Xara
2008-12-01 09:29:58 ----A---- C:\WINDOWS\System32\DLLDEV32i.dll
2008-12-01 09:29:45 ----D---- C:\WINDOWS\System32\MAGIX
2008-12-01 09:29:45 ----A---- C:\WINDOWS\System32\mgxoschk.dll
2008-12-01 09:29:45 ----A---- C:\WINDOWS\mgxoschk.ini
2008-11-24 13:51:04 ----D---- C:\Program Files\Orange
2008-11-14 16:24:26 ----D---- C:\Documents and Settings\Cad Designer\Application Data\Opera
2008-11-14 16:24:21 ----D---- C:\Program Files\Opera
2008-11-14 15:55:22 ----D---- C:\WINDOWS\Windows Update Setup Files
2008-11-14 15:53:30 ----A---- C:\WINDOWS\Active Setup Log.txt
2008-11-14 15:53:30 ----A---- C:\WINDOWS\Active Setup Log.BAK
2008-11-14 14:06:45 ----D---- C:\Documents and Settings\Cad Designer\Application Data\Talkback
2008-11-06 11:48:54 ----D---- C:\WINDOWS\pss
2008-11-05 15:39:06 ----D---- C:\Documents and Settings\Cad Designer\Application Data\Help
2008-11-04 13:38:35 ----A---- C:\WINDOWS\System32\Sh30w32.dll

======List of files/folders modified in the last 1 months======

2008-12-03 13:32:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-06 11:50:00 ----ASH---- C:\boot.ini
2008-11-06 11:50:00 ----A---- C:\WINDOWS\win.ini
2008-11-06 11:50:00 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 wbsecdrv;wbsecdrv Protocol Driver; C:\WINDOWS\System32\DRIVERS\wbsecdrv.sys [2006-07-25 17952]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\Aspi32.sys [1997-12-23 23936]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS []
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 vsdatant;vsdatant; \??\C:\WINDOWS\System32\vsdatant.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2002-08-29 57344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-01-30 4474368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2002-08-29 57984]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-03-17 3655712]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2001-08-17 23070]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-29 19328]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-29 51968]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-29 19328]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2002-08-29 68864]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2002-08-29 68864]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\C:\WINDOWS\System32\drivers\Ndisprot.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
S3 W35UND;ISSC35 802.11bg WLAN USB Adapter Driver; C:\WINDOWS\System32\DRIVERS\W35UND.SYS [2006-09-04 110976]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\System32\drivers\CDAC11BA.EXE [2007-02-27 54784]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [2002-01-30 77824]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-15 168432]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-03-17 143426]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZONELABS\vsmon.exe [2003-11-15 824408]
R2 wbsecsvc;wbsecsvc; C:\WINDOWS\System32\wbsecsvc.exe [2006-09-04 278528]
S2 Windows Aiesn;Windows Aiesn; C:\WINDOWS\Windows Aiesn [2007-04-24 679424]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2008-05-06 72704]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------


What should I do next? Please advise. Thanks!

#3 sh3rk

sh3rk
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:43 AM

Posted 03 December 2008 - 08:33 AM

This is the latest SmitFraudFix v2.380 logfile.

Scan done at 13:41:04.14, 03/12/2008
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

DNS Before Fix

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 10.0.0.2

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8913A746-48C8-4F0C-A9C2-64B862F40ED4}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C22B35BC-1FDB-4E76-9559-95E7A4E84316}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8913A746-48C8-4F0C-A9C2-64B862F40ED4}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C22B35BC-1FDB-4E76-9559-95E7A4E84316}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8913A746-48C8-4F0C-A9C2-64B862F40ED4}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C22B35BC-1FDB-4E76-9559-95E7A4E84316}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2

DNS After Fix

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 10.0.0.2

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8913A746-48C8-4F0C-A9C2-64B862F40ED4}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C22B35BC-1FDB-4E76-9559-95E7A4E84316}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8913A746-48C8-4F0C-A9C2-64B862F40ED4}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C22B35BC-1FDB-4E76-9559-95E7A4E84316}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8913A746-48C8-4F0C-A9C2-64B862F40ED4}: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C22B35BC-1FDB-4E76-9559-95E7A4E84316}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.2

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:11:43 PM

Posted 15 December 2008 - 09:51 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#5 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:11:43 PM

Posted 25 December 2008 - 03:06 PM

Due to the lack of feedback, this Topic is now closed.

In you still have problems, please Start a new topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users