Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan DNS Changer/Vimax Ads/ERROR 80244019 on Windows Update


  • This topic is locked This topic is locked
4 replies to this topic

#1 drmnys

drmnys

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 09 February 2009 - 06:42 AM

Hi every1. Im new to this forum site & stumbled upon it after a lot of futile online research. Anyway, here goes-

I have a Dell Inspiron 1520 laptop, Windows Vista home premium-SP1, 32-bit. A week ago my problems began. My Windows Update (as well as Windows Defender) failed to update-giving error Code-80244019. Also I was unable to access any of Microsoft or Anti-Virus web-sites to look for a solution.The problem persisted despite a number of adjustments & scans (Norton 360 v2.0, PC Tools Spyware Doctor, Windows defender, Windows Malicious software Removal Tool- None were able to detect anything) & a alot of online research.

At about the same time these horrible Vimax ads started appearing on every page I visited & my Laptop became considerably slower & Firefox became prone to crashing a lot. So after more online research I installed Malwarebytes-Anti Malware. I ran a Full-Scan & it showed me a number of Infections by Trojan DNS Changer & I 'Fixed' the infections using Malwarebytes- It said the prob is fixed, but they kept coming back (I also ran the scan in SAFE MODE but I didnt disable System Restore in any instance) & the problem remained. I also scanned my portable flash drives, but there was no infection there. I havent yet scanned my external HDD, so I dont know whether thats infected.

Finally, frustrated :thumbup2: , I came upon this site & I am posting my grievances. I am extremely distressed by this, as this is the first time I have failed to remove a Virus/Trojan by myself after considerable research & the problem is seriously messing with my PC. I would be extremely Gr8ful if some1 would be able to help me. I am posting a HijackThis log & DDS log (as well as MalwareBytes Log) as instructed by the Forum Instructions.

NOTE: I have run a number of scans with different software (& applied their Fixes) & also done a system restore in an attempt to rectify the problem B4 posting on this forum.


HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49:11, on 09-02-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\progra~1\micros~2\office12\outlook.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\program files\mozilla firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127

\SearchSettings.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec

Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12

\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec

Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\RunOnce: [] C:\program files\Mozilla Firefox\firefox.exe http://www.symantec.com/techsupp/servlet/ProductMessages?

module=2009&error=0&language=en&product=SymNRT&version=2009.0.0.41&build=Symantec&a=00000082.00000045.0000011b&b=00000082.000000e6.00

00026f&c=00000082.000000e6.00000275
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Mobipocket Reader Notifications] C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe (User

'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe"

"RealNetworks|RealPlayer|6.0" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Mobipocket Reader Notifications] C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe (User

'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe"

"RealNetworks|RealPlayer|6.0" (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0

\bin\npjpi160.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -

C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie.htm
O9 - Extra button: Play - {34F16BC0-FF5F-11D4-B08F-909356C10100} - C:\Program Files\Winamp BrowserBar\Links\play.lnk (HKCU)
O9 - Extra button: Stop - {3D5A6FA0-FF5F-11D4-B08F-909356C10100} - C:\Program Files\Winamp BrowserBar\Links\stop.lnk (HKCU)
O9 - Extra button: Previous - {49C350E0-FF5F-11D4-B08F-909356C10100} - C:\Program Files\Winamp BrowserBar\Links\prev.lnk (HKCU)
O9 - Extra button: Next - {59611E60-FF5F-11D4-B08F-909356C10100} - C:\Program Files\Winamp BrowserBar\Links\next.lnk (HKCU)
O9 - Extra button: Minimize/Restore Winamp - {86227B80-FF8F-11D4-B08F-90A456C10100} - C:\Program Files\Winamp

BrowserBar\Links\minmax.lnk (HKCU)
O9 - Extra button: Pause - {8D2B7B00-FF5F-11D4-B08F-909356C10100} - C:\Program Files\Winamp BrowserBar\Links\pause.lnk (HKCU)
O9 - Extra button: Open/Close Winamp - {A144BE80-FF5F-11D4-B08F-909356C10100} - C:\Program Files\Winamp BrowserBar\Links\start.lnk

(HKCU)
O13 - Gopher Prefix:
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-

secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.microsoft.com/windowsupd...b?1213769877128
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://www.update.microsoft.com/microsoftu...b?1213035725486
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DF9DAD4-AE0C-4DB5-849B-F420D472612F}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12

\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0028541199287591) (0028541199287591mcinstcleanup) - Unknown owner -

C:\Users\Mohammed\AppData\Local\Temp\002854~1.EXE (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs

Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program

Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program

Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32

\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 15646 bytes



DDS LOG



DDS (Ver_09-02-01.01) - NTFSx86
Run by Mohammed at 16:55:06.94 on 09-02-2009
Internet Explorer: 8.0.6001.18241
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.91.1033.18.2045.853 [GMT 5.5:30]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\progra~1\micros~2\office12\outlook.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\program files\mozilla firefox\firefox.exe
C:\Users\Mohammed\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Internet Explorer provided by Dell
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
uRun: [SRS Audio Sandbox] "c:\program files\srs labs\audio sandbox\SRSSSC.exe" /hideme
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Active Desktop Calendar] c:\program files\xemicomputers\active desktop calendar\ADC.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRunOnce: [<NO NAME>] c:\program files\mozilla firefox\firefox.exe http://www.symantec.com/techsupp/servlet/P...0000e6.00000275
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
dRun: [Mobipocket Reader Notifications] c:\program files\mobipocket.com\mobipocket reader\readernotify.exe
dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0"
StartupFolder: c:\users\mohammed\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213769877128
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213035725486
TCP: {6DF9DAD4-AE0C-4DB5-849B-F420D472612F} = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\mohammed\appdata\roaming\mozilla\firefox\profiles\ua66njqh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (English)
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - component: c:\users\mohammed\appdata\roaming\mozilla\firefox\profiles\ua66njqh.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\users\mohammed\appdata\roaming\mozilla\firefox\profiles\ua66njqh.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - component: c:\users\mohammed\appdata\roaming\mozilla\firefox\profiles\ua66njqh.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np32asw.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

---- FIREFOX POLICIES ----


============= SERVICES / DRIVERS ===============

R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-10-9 12800]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090129.001\IDSvix86.sys [2009-1-31 270384]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-11-22 73728]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-29 156968]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-19 149352]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2008-1-17 37296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-1-31 99376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2007-10-11 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2007-11-22 7424]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2008-6-13 41008]
S2 0028541199287591mcinstcleanup;McAfee Application Installer Cleanup (0028541199287591);c:\users\mohammed\appdata\local\temp\002854~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\users\mohammed\appdata\local\temp\002854~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-13 23888]
S3 iadusb;USB IAD LAN Modem;c:\windows\system32\drivers\glauiad.sys [2008-4-10 30336]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-2-1 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-2-1 8320]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-6-9 356920]

=============== Created Last 30 ================

2009-02-08 11:06 <DIR> --d----- c:\program files\Trend Micro
2009-02-07 17:49 <DIR> --d----- c:\users\mohammed\appdata\roaming\Malwarebytes
2009-02-07 17:49 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-07 17:49 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-07 17:49 <DIR> --d----- c:\programdata\Malwarebytes
2009-02-07 17:49 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-07 17:49 <DIR> --d----- c:\progra~2\Malwarebytes
2009-02-04 09:30 <DIR> --d----- C:\Nokia Music Manager
2009-02-04 09:00 <DIR> --d----- c:\program files\Orban
2009-02-03 07:21 <DIR> --d----- c:\programdata\PC Suite
2009-02-03 07:19 <DIR> --d----- c:\program files\common files\PCSuite
2009-02-03 07:19 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
2009-02-03 07:17 <DIR> --d----- c:\program files\PC Connectivity Solution
2009-02-03 07:14 91,136 a------- c:\windows\system32\nmwcdcls.dll
2009-02-02 08:56 <DIR> --d----- c:\program files\TouchStoneSoftware
2009-02-01 07:58 <DIR> --d----- c:\users\mohammed\appdata\roaming\XemiComputers
2009-02-01 07:57 <DIR> --d----- c:\program files\XemiComputers
2009-02-01 00:54 244 a---h--- C:\sqmnoopt00.sqm
2009-02-01 00:54 232 a---h--- C:\sqmdata00.sqm
2009-01-31 19:26 <DIR> --d----- c:\program files\Norton 360
2009-01-31 19:23 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-31 19:23 <DIR> --d----- c:\program files\Symantec
2009-01-31 12:02 380 a------- c:\windows\5743System.bat
2009-01-25 08:59 0 a------- c:\windows\system32\FaxMan
2009-01-25 08:58 <DIR> --d----- c:\program files\Fax Machine
2009-01-25 02:55 <DIR> --d----- c:\program files\AskBarDis
2009-01-25 02:55 <DIR> --d----- c:\users\mohammed\appdata\roaming\Foxit
2009-01-25 02:54 <DIR> --d----- c:\program files\Foxit Software
2009-01-25 02:04 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-01-21 11:15 <DIR> --d----- c:\program files\DivX
2009-01-21 08:46 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-01-21 04:36 <DIR> --d----- c:\programdata\Seagate
2009-01-21 04:36 <DIR> --d----- c:\program files\Seagate
2009-01-21 04:36 <DIR> --d----- c:\progra~2\Seagate
2009-01-21 04:34 <DIR> --dsh--- c:\windows\ftpcache
2009-01-18 02:12 611,984 a---h--- c:\windows\system32\mlfcache.dat
2009-01-14 07:34 288,768 a------- c:\windows\system32\drivers\srv.sys

==================== Find3M ====================

2009-02-09 13:45 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-09 13:45 86,016 a------- c:\windows\inf\infpub.dat
2009-02-09 10:28 55,672 a------- c:\programdata\nvModes.dat
2009-02-09 10:28 55,672 a------- c:\progra~2\nvModes.dat
2009-02-09 10:26 4,956 a------- c:\windows\bthservsdp.dat
2009-02-03 07:22 143,360 a------- c:\windows\inf\infstor.dat
2009-02-02 18:08 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-02 18:08 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-06 04:03 3,751,995 a------- c:\windows\system32\GPhotos.scr
2008-12-11 06:03 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-11 06:03 86,016 a------- c:\windows\system32\dpl100.dll
2008-12-09 07:58 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-12-09 07:58 344,064 a------- c:\windows\system32\dpus11.dll
2008-12-09 07:58 294,912 a------- c:\windows\system32\dpu11.dll
2008-12-09 07:58 57,344 a------- c:\windows\system32\dpv11.dll
2008-11-06 06:41 54,688 a------- c:\users\mohammed\appdata\roaming\nvModes.dat
2008-08-04 18:03 56 a---h--- c:\programdata\ezsidmv.dat
2008-08-04 18:03 56 a---h--- c:\progra~2\ezsidmv.dat
2008-06-18 14:33 174 a--sh--- c:\program files\desktop.ini
2008-06-18 14:16 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-02 20:27 32 a------- c:\programdata\ezsid.dat
2008-01-02 20:27 32 a------- c:\progra~2\ezsid.dat
2006-11-02 18:12 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 18:12 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 18:12 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 18:12 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 14:50 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 14:50 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 14:50 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 14:50 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-02-11 19:12 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-02-11 19:12 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-02-11 19:12 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2006-05-03 14:36 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 16:17 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 18:00 216,064 ---shr-- c:\windows\system32\nbDX.dll

============= FINISH: 16:55:47.07 ==============


MALWAREBYTES_ANTI MALWARE LOG

Malwarebytes' Anti-Malware 1.33
Database version: 1736
Windows 6.0.6001 Service Pack 1

09-02-2009 17:06:56
mbam-log-2009-02-09 (17-06-16).txt

Scan type: Quick Scan
Objects scanned: 60250
Time elapsed: 6 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{368e4595-008f-4f84-9a6c-06e176db5977}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{368e4595-008f-4f84-9a6c-06e176db5977}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{368e4595-008f-4f84-9a6c-06e176db5977}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.151 85.255.112.152 -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Well, There it is. Thanks in advance & any Help would be gr8ly appreciated. Thank You.

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:26 PM

Posted 20 February 2009 - 02:11 PM

Hello drmnys,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

The current formatting of your log makes it difficult to read. Please open Notepad:
On top, click Format >uncheck Word Wrap.

Please also leave out the chatspeak. It is neither welcome nor tolerated here.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 drmnys

drmnys
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 21 February 2009 - 02:07 AM

Hello Teacup61.

Thanks for the reply. But I was able to rectify the problem from information gathered from other posts on this site. Many others had also been suffering

from the same problem & one of the responses was very helpful. Following that advice, I disconnected my PC from the router & then reset the router,

while running MalwareBytes on my PC. Apparently each time I cleaned my PC it would get re-infected by the router when I reconnected them. Now the

problem is solved.

I apologize for not waiting longer but the problem had become very severe & I needed a solution quickly. Thank you & the other helpers on this gr8 site for the help.

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:26 PM

Posted 21 February 2009 - 11:05 AM

Hi there,

No need to apologize! I'm so glad you got it resolved, and thank you so much for letting me know. :thumbup2:

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:05:26 PM

Posted 26 February 2009 - 08:22 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users