PLZ HELP!! Unable to update ANY programs!!!

ComboFix 09-06-04.09 - ROYAL 06/05/2009 9:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.285 [GMT -4:00]
Running from: c:\documents and settings\ROYAL\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\ROYAL\Desktop\CFScript.txt
AV: Defender Pro Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Defender Pro Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.

2009-06-05 02:47 . 2009-06-05 02:47 -------- d-----w- C:\_OTL
2009-06-04 13:00 . 2009-06-04 13:00 9062 ----a-r- c:\documents and settings\ROYAL\Application Data\Microsoft\Installer\{3FC93D65-51AC-492F-9414-26442BE521A1}\NewShortcut1_3FC93D6551AC492F941426442BE521A1.exe
2009-06-04 13:00 . 2009-06-04 13:00 9062 ----a-r- c:\documents and settings\ROYAL\Application Data\Microsoft\Installer\{3FC93D65-51AC-492F-9414-26442BE521A1}\DFCExe1_3FC93D6551AC492F941426442BE521A1.exe
2009-06-04 13:00 . 2009-06-04 13:00 49152 ----a-r- c:\documents and settings\ROYAL\Application Data\Microsoft\Installer\{3FC93D65-51AC-492F-9414-26442BE521A1}\ARPPRODUCTICON.exe
2009-06-04 13:00 . 2009-06-04 13:00 -------- d-----w- C:\INSTALLLEVEL_DIR
2009-06-04 13:00 . 2009-06-04 13:00 -------- d-----w- c:\program files\DtecNet Software
2009-05-29 23:19 . 2009-05-29 23:19 -------- d-----w- c:\program files\Windows Live Safety Center
2009-05-29 17:41 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-29 17:41 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-29 15:44 . 2009-05-29 15:44 -------- d-----w- c:\program files\Trend Micro
2009-05-28 09:29 . 2009-06-04 16:23 -------- d-----w- c:\program files\Trojan Remover
2009-05-28 09:29 . 2009-05-28 09:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-05-28 06:10 . 2009-05-28 06:10 -------- d-----w- c:\documents and settings\ROYAL\Application Data\Windows Search
2009-05-27 22:35 . 2009-05-29 17:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-27 20:48 . 2009-05-27 20:48 -------- d-----w- c:\documents and settings\ROYAL\Application Data\BitDefender
2009-05-27 20:47 . 2009-05-27 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-05-27 14:34 . 2009-06-04 00:01 -------- d-----w- c:\program files\Spyware Terminator
2009-05-27 14:24 . 2009-05-29 15:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-14 09:37 . 2009-05-14 09:37 -------- d--h--w- c:\documents and settings\missy lynn\Picasa3Temp
2009-05-12 18:24 . 2009-05-12 18:24 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-05-12 18:24 . 2009-05-12 18:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2009-05-06 18:59 . 2008-04-13 18:39 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2009-05-06 18:59 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-05-06 18:58 . 2008-04-13 18:46 10880 -c--a-w- c:\windows\system32\dllcache\ndisip.sys
2009-05-06 18:58 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-05-06 18:57 . 2008-04-13 18:46 15232 -c--a-w- c:\windows\system32\dllcache\streamip.sys
2009-05-06 18:57 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-05-06 18:57 . 2008-04-13 18:46 11136 -c--a-w- c:\windows\system32\dllcache\slip.sys
2009-05-06 18:57 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-05-06 18:57 . 2008-04-13 18:46 19200 -c--a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-05-06 18:57 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-05-06 18:57 . 2008-04-13 18:46 85248 -c--a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-05-06 18:57 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-05-06 18:57 . 2008-04-13 18:46 17024 -c--a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-05-06 18:57 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-05-06 18:56 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-05-06 18:56 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-05-06 18:45 . 2009-05-06 18:45 -------- d-----w- c:\program files\MyDSC2
2009-05-06 18:45 . 2009-05-06 18:45 -------- d-----w- c:\program files\Mars
2009-05-06 18:45 . 2005-12-15 21:34 135168 ----a-w- c:\windows\system32\jl_jdct.drv
2009-05-06 18:45 . 2009-05-06 18:45 -------- d-----w- c:\windows\twain_32
2009-05-06 18:45 . 2007-11-17 19:46 68954 ----a-w- c:\windows\system32\drivers\jl2005c.sys
2009-05-06 18:45 . 2009-05-06 18:45 -------- d-----w- c:\program files\JL2005C
2009-05-06 18:43 . 2009-06-04 00:01 -------- d-----w- c:\program files\PhoTags Express

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-04 12:59 . 2007-09-02 18:36 -------- d-----w- c:\program files\QuickTime
2009-06-04 12:56 . 2008-12-22 06:11 -------- d-----w- c:\program files\LimeWire
2009-06-03 23:55 . 2005-12-17 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-03 23:54 . 2009-01-17 01:05 -------- d-----w- c:\program files\PokerStars
2009-06-03 23:53 . 2009-01-27 20:36 -------- d-----w- c:\program files\MySpace
2009-05-31 05:50 . 2008-12-21 14:20 -------- d-----w- c:\program files\Absolute Poker
2009-05-27 20:47 . 2009-04-14 00:05 -------- d-----w- c:\program files\Common Files\BitDefender
2009-05-19 15:01 . 2009-04-13 22:56 81984 ----a-w- c:\windows\system32\bdod.bin
2009-05-07 01:17 . 2009-01-07 17:02 -------- d-----w- c:\documents and settings\ROYAL\Application Data\LimeWire
2009-05-04 11:21 . 2007-09-02 18:38 -------- d-----w- c:\program files\iTunes
2009-05-04 11:21 . 2007-09-18 18:27 -------- d-----w- c:\program files\iPod
2009-05-02 23:40 . 2009-05-02 23:28 -------- d-----w- c:\documents and settings\ROYAL\Application Data\Coby Media Manager
2009-05-02 23:27 . 2009-05-02 23:27 50098 ----a-r- c:\documents and settings\ROYAL\Application Data\Microsoft\Installer\{F635E1AB-144A-44C0-BD47-D0DF04E78DD6}\controlPanelIcon.exe
2009-05-02 23:27 . 2009-05-02 23:27 10134 ----a-r- c:\documents and settings\ROYAL\Application Data\Microsoft\Installer\{F635E1AB-144A-44C0-BD47-D0DF04E78DD6}\SystemFolder_msiexec.exe
2009-05-02 23:26 . 2009-05-02 23:26 -------- d-----w- c:\program files\Coby
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-30 11:31 . 2008-02-01 16:49 -------- d-----w- c:\documents and settings\ROYAL\Application Data\Move Networks
2009-04-18 22:56 . 2005-12-28 14:34 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-14 00:06 . 2009-04-10 17:59 -------- d-----w- c:\program files\BitDefender
2009-04-13 23:44 . 2009-04-13 23:44 -------- d-----w- c:\program files\Microsoft
2009-04-13 23:17 . 2009-04-13 23:17 -------- d-----w- c:\documents and settings\ROYAL\Application Data\Profiles
2009-04-13 23:17 . 2009-04-13 23:17 -------- d-----w- c:\documents and settings\ROYAL\Application Data\Desktop
2009-04-13 21:32 . 2009-04-13 21:32 -------- d-----w- c:\program files\Microsoft Silverlight
2009-04-10 20:54 . 2009-04-10 20:54 34062 ----a-w- c:\documents and settings\ROYAL\Application Data\Move Networks\ie_bin\Uninst.exe
2009-04-10 20:52 . 2009-04-10 20:51 1047072 ----a-w- c:\documents and settings\ROYAL\Application Data\Move Networks\MoveMediaPlayer_071303000006.exe
2009-04-10 18:24 . 2005-12-15 22:33 25568 -c--a-w- c:\documents and settings\ROYAL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-10 16:56 . 2009-04-10 16:56 -------- d-----w- c:\program files\MSBuild
2009-04-06 03:55 . 2009-04-06 03:55 152576 ----a-w- c:\documents and settings\ROYAL\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-01 12:48 . 2009-02-28 07:22 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-01 12:46 . 2009-03-18 22:54 152576 ----a-w- c:\documents and settings\ROYAL\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-03-09 17:29 . 2009-03-09 17:29 97144 ----a-w- c:\documents and settings\ROYAL\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-03-09 17:29 . 2009-03-09 17:29 1010552 ----a-w- c:\documents and settings\ROYAL\Application Data\Move Networks\ie_bin\qsp2ie071303000006.dll
2009-03-09 15:34 . 2009-03-26 16:07 971776 ----a-w- c:\documents and settings\ROYAL\Application Data\Mozilla\Firefox\Profiles\4mm7qruw.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
2009-03-08 08:34 . 2004-08-04 12:00 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-08-04 12:00 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-08-04 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-08-04 12:00 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-08-04 12:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-08-04 12:00 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-08-04 12:00 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-08-04 12:00 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-08-04 12:00 156160 ----a-w- c:\windows\system32\msls31.dll
2008-08-20 22:03 . 2008-08-20 22:03 35840 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-05_11.37.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-05 12:20 . 2009-06-05 12:20 16384 c:\windows\Temp\Perflib_Perfdata_f74.dat
+ 2004-08-04 12:00 . 2009-06-05 11:44 78516 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2009-06-05 04:01 78516 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-06-05 11:44 462736 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-06-05 04:01 462736 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-10-02 69632]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-01-08 708608]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-05-26 414480]
"Digital File Check"="c:\program files\DtecNet Software\Digital File Check\DigitalFileCheck.exe" [2009-06-04 1447240]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2002-10-18 87751]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-05 28672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Wireless-G Notebook Adapter Utility.lnk - c:\program files\Linksys\Wireless-G Notebook Adapter\Startup.exe [2006-3-8 24576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitDefender\\BitDefender 2009\\DpReg.exe"=

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [8/7/2008 9:16 AM 108176]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [9/18/2008 11:11 AM 103944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/29/2009 1:41 PM 19096]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/29/2009 1:41 PM 194832]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [7/17/2008 12:06 PM 118784]

--- Other Services/Drivers In Memory ---

*Deregistered* - VSSERV
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-05 c:\windows\Tasks\Malwarebytes' Scheduled Update for ROYAL.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-05-29 17:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/?_bdetect=1
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\ROYAL\Application Data\Mozilla\Firefox\Profiles\4mm7qruw.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\ROYAL\Application Data\Mozilla\Firefox\Profiles\4mm7qruw.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 09:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1108)
c:\windows\system32\SynTPFcs.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2009-06-05 9:41
ComboFix-quarantined-files.txt 2009-06-05 13:40
ComboFix2.txt 2009-06-05 11:52

Pre-Run: 7,678,369,792 bytes free
Post-Run: 7,643,381,760 bytes free

207 --- E O F --- 2009-06-04 13:35

I tried to update my anti-virus and got the 403 error.

I followed the directions;

Now try to update your antivirus once more.
If you couldn't go to start => Run =>
copy/paste the following line in the run box and click OK.

cmd /c (ipconfig /all&nslookup upgrade.bitdefender.com&ping
-n 2 upgrade.bitdefender.com&route print) >log.txt&log.txt& del log.txt

A command screen opened for one second and closed and no log.txt file opened.

I don't know how you try to copy and paste. Yours is broken. It should be one line, and not two. Try the original command again please.

Now when I go to put it into run it brings up a window asking me what program I want to use to open it.

How do you do it?

I copy the line

cmd /c (ipconfig /all&nslookup upgrade.bitdefender.com&ping -n 2 upgrade.bitdefender.com&route print) >log.txt&log.txt& del log.txt

Then I go to run and paste it into the line and hit enter...

A window opens and asks what program I want to use to open it.

However when I open the command prompt from my list of programs and paste the line into that it brings up a list of info (server, address, name, addresses, alias's, pinging, ping statistics.... etc) but I can not copy it and when the txt window opens there is no text in it.

OK. While you copy and paste something gets lost from the command. Let do it this way:

Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

@echo off
cd\
>Log1.txt (
ipconfig /all
nslookup upgrade.bitdefender.com
ping -n 2 upgrade.bitdefender.com
route print
)
start Log1.txt
Del %0

• Go to the File menu at the top of the Notepad and select Save as.
• Select save in: desktop
• Fill in File name: test.bat
• Save as type: All file types (*.*)
• Click save.
• Close the Notepad.
• Locate and double-click tast.bat on the desktop.
• A notepad opens, copy and paste the content it (log.txt) to your reply.

Windows IP Configuration



Host Name . . . . . . . . . . . . : thinkpad

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-06-1B-C9-C4-A0



Ethernet adapter Wireless Network Connection 3:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Wireless-G Notebook Adapter

Physical Address. . . . . . . . . : 00-0C-41-E3-E4-1C

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 93.188.161.105

93.188.166.105

Lease Obtained. . . . . . . . . . : Friday, June 05, 2009 10:57:28 AM

Lease Expires . . . . . . . . . . : Saturday, June 06, 2009 10:57:28 AM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-01-02

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.2%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: 93.188.161.105.static.ukrtelegroup.com.ua
Address: 93.188.161.105

Name: a1937.g.akamai.net
Addresses: 72.247.238.184, 72.247.238.202
Aliases: upgrade.bitdefender.com, upgrade.bitdefender.com.edgesuite.net



Pinging a1937.g.akamai.net [72.247.238.184] with 32 bytes of data:



Reply from 72.247.238.184: bytes=32 time=68ms TTL=54

Reply from 72.247.238.184: bytes=32 time=79ms TTL=54



Ping statistics for 72.247.238.184:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 68ms, Maximum = 79ms, Average = 73ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 06 1b c9 c4 a0 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
0x3 ...00 0c 41 e3 e4 1c ...... Wireless-G Notebook Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 25
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 25
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 25
255.255.255.255 255.255.255.255 192.168.1.2 2 1
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

We got it. It took me longer than normal because the traces on the computer were removed.

We are dealing with the router hijacking trojan DNS-changer. I could have spotted it if I have seen the log of the items were removed before.

• Please read this: Malware Silently Alters Wireless Router Settings
  
  
• Consult this link to find out what is the default username and password of your router and note down them: Route Passwords
  
  
• Then rest your router to it's factory default settings:
  
  

  "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)"

  
  
• This is the difficult part.
  First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
  Fill in the password you have already found and you will get the configuration page.
  Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
  You can also call your ISP if you don't have your initial password.
  Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.
  
  After this to make sure the DNS setting on the computer is not altered proceed with the following:
  
  
• Go to Start -> Control Panel -> Double click on Network Connections.
• Right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and select Properties.
• Select the General tab.
• Double click on Internet Protocol (TCP/IP) under General tab:
• Check Obtain an IP address automatically and Obtain DNS server address automatically.
• Click OK twice to save the settings.
• Reboot.

Edited by farbar, 05 June 2009 - 10:47 AM.

Ok.

I have not gotten a router yet. Right now I am bouncing off an unsecured wireless network. So is that the problem?

Yes that wireless network settings are hijacked. So all the internet traffic is redirected to a server in Ukraine. What can you do about it?

Edited by farbar, 05 June 2009 - 11:39 AM.

I guess I am gonna have to stay off the internet and get a router, so that I can add the wireless internet onto my cable account.

I have a linksys wireless card so should I get a linksys router too??

Do you have a modem? Do you have your own ISP?
Could you inform the owner of the router?

I had a desktop that I had a ISP for and a modem but it crashed in Dec (I had had it FOREVER and way over due for another comp). So I canceled service and returned the modem.

I can inform the owner of the router.

I can inform the owner of the router.

Great.

You need to have your own ISP, and if you want to have a wireless connection you need a router. I don't think the make up of the router makes a difference.

Please do the following:

• You Java version 6 update 12. Keep it for now. Later on uninstall it and install the current Java (version 6 update 14). Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components:
  Click "start" and then "Control Panel" icon.
  Doubleclick the "Add or Remove Programs" icon
  A list of programs installed will be "populated" this may take a bit of time.
  Uninstall the following by clicking on the following entries and selecting "remove":
  
  J2SE Runtime Environment 5.0 Update 11
  Java™ 6 Update 5
  
  
• Go to start > run and copy and paste or type next command in the field then hit enter:
  
  ComboFix /u
  
  Note: There's a space between Combofix and /
  
  This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
  
  It makes a clean Restore Point and clears all the old restore points in order to prevent possible reinfection from an old one through system restore.
  
  The first reboot might be a little slow, the next one will be faster.

Optional Recommendations:

• This is also for prevention when you have your own connection.
  
• I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.
  
  
• Install Javacools© SpywareBlaster
  SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. What you need is updating it once in 2-3 weeks and enabling the restriction. You can find more information and a download link.
  After each update click on Protection Status in the left pane. Then click on Enable All Protection (bottom left of the right pane).
  
• The rule of thumb: One AntiVirus with real-time protection, one firewall (other than Windows firewall) and one antispyware with real-time protection. Any additional anti-malware shouldn't be running. You might have two or three antispyware but they should not be running at the same time and should be set not to start with Windows.

Do you have any question?