Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Trojan.DNSChanger and browser is hijacked. Please Help
   
BullGuard Antivirus Forum > Virus > Virus Questions > Trojan.DNSChanger and browser is hijacked. Please Help  
Forum Quick Jump
 
New Topic Post reply to : Trojan.DNSChanger and browser is hijacked. Please Help Printable version of : Trojan.DNSChanger and browser is hijacked. Please Help
[ << Previous Thread | Next Thread >> ]

mise13
New Member


Date Joined Nov 2008
Total Posts : 4
  		   Posted 11-15-2008 2:10 (GMT +1)    Quote: Trojan.DNSChanger and browser is hijacked. Please HelpAlert an admin about: Trojan.DNSChanger and browser is hijacked. Please Help
Hi, I opened an email that has infected my computer. Ive tried to get rid of it but can't as it returns on reboot.
 
Here is the malwarebytes' Anti-Malware Log:
 
Malwarebytes' Anti-Malware 1.30
Database version: 1380
Windows 6.0.6000
15/11/2008 13:05:33
mbam-log-2008-11-15 (13-05-33).txt
Scan type: Quick Scan
Objects scanned: 50973
Time elapsed: 13 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0fc3e4d3-afbc-4c10-8590-9722b489daf4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0fc3e4d3-afbc-4c10-8590-9722b489daf4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
 
I have also run HijackThis
 
Here is the logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:09:16, on 15/11/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.co,uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http:www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.co,uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7578 bytes
 
I would be very grateful if anyone could help me, I've been trying myself since the 1st of November.
 
Thankyou,
 

 
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14325
  		   Posted 11-15-2008 3:48 (GMT +1)    Quote: Trojan.DNSChanger and browser is hijacked. Please HelpAlert an admin about: Trojan.DNSChanger and browser is hijacked. Please Help
Hello smile
 
 
Please reboot, and  post a combofix log along with new malwarebyte log 

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

mise13
New Member


Date Joined Nov 2008
Total Posts : 4
  		   Posted 11-15-2008 5:09 (GMT +1)    Quote: Trojan.DNSChanger and browser is hijacked. Please HelpAlert an admin about: Trojan.DNSChanger and browser is hijacked. Please Help
hi,
Thanks for your reply.
 
I ran Comofix and here is the log:
 
ComboFix 08-11-13.01 - leanne 2008-11-15 15:34:01.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.1.1033.18.186 [GMT 0:00]
Running from: c:\users\leanne\Desktop\ComboFix.exe
 * Resident AV is active
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\x64
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_WINDOWS_TRIBUTE_SERVICE

(((((((((((((((((((((((((   Files Created from 2008-10-15 to 2008-11-15  )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 15:48 --------- d-----w c:\programdata\Kaspersky Lab
2008-11-15 15:41 868,384 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-15 15:41 5,906,464 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-15 15:41 5,096 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-15 15:41 48,272 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-14 23:01 --------- d-----w c:\program files\Exterminate It!
2008-11-14 21:08 --------- d-----w c:\program files\Trend Micro
2008-11-10 23:46 --------- d-----w c:\program files\BT Engine
2008-11-10 23:29 103,944 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2008-11-10 23:10 --------- d-----w c:\programdata\BitDefender
2008-11-10 23:05 --------- d-----w c:\users\leanne\AppData\Roaming\BitDefender
2008-11-10 23:04 --------- d-----w c:\program files\Common Files\BitDefender
2008-11-10 23:04 --------- d-----w c:\program files\BitDefender
2008-11-10 17:54 --------- d-----w c:\program files\Browser Hijack Recover
2008-11-10 17:53 --------- d-----w c:\programdata\Spybot - Search & Destroy
2008-11-10 17:53 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-10 17:52 --------- d---a-w c:\programdata\TEMP
2008-11-09 19:27 --------- d-----w c:\users\leanne\AppData\Roaming\Malwarebytes
2008-11-09 19:27 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-09 19:26 --------- d-----w c:\programdata\Malwarebytes
2008-11-09 18:34 --------- d-----w c:\program files\Windows Live Safety Center
2008-11-03 23:06 --------- d-----w c:\users\leanne\AppData\Roaming\DNA
2008-11-03 15:59 --------- d-----w c:\program files\Common Files\Adobe
2008-11-03 01:50 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-11-03 01:18 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-11-03 01:16 --------- d-----w c:\program files\Kaspersky Lab
2008-11-01 18:44 --------- d-----w c:\users\leanne\AppData\Roaming\BitTorrent
2008-10-31 18:33 --------- d-----w c:\program files\BitTorrent
2008-10-31 17:32 --------- d-----w c:\program files\LimeWire
2008-10-29 00:20 --------- d-----w c:\users\leanne\AppData\Roaming\Canon
2008-10-22 16:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 16:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-20 16:07 --------- d-----w c:\program files\Windows Mail
2008-10-14 20:11 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-09 18:19 --------- d-----w c:\program files\Bonjour
2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-09-18 19:20 --------- d-----w c:\program files\SopCast
2008-09-18 04:35 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-08-29 09:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-08-29 08:53 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-07-14 02:14 174 --sha-w c:\program files\desktop.ini
2007-11-03 00:30 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-03 00:30 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-03 00:30 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="" [?]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-26 1862144]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-09 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2008-11-10 716800]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-08-10 69632]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-07-29 206088]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-04-13 415072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL,c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll,c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{300FC74B-2318-4D14-AC53-306200A8835E}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{47C39F74-3446-4FB4-B64D-B39E7559E330}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{15F6538A-EA39-4897-8E8D-3332E9C99DF3}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{36B73076-97AA-4FC8-8261-20DC2237666B}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{1560A0B6-4057-4707-8B11-EC18811F19F6}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{E20EADAE-9F1F-49F9-8911-7996F8DE5095}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{BA3066A5-B8DE-4FE3-AE56-174537207F3A}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{428E0AA4-3044-4EFB-9AEB-F066C7E2A46F}c:\\stubinstaller.exe"= UDP:C:\stubinstaller.exe:LimeWire swarmed installer
"UDP Query User{80850E50-D35D-4028-9CD4-36416462863B}c:\\stubinstaller.exe"= TCP:C:\stubinstaller.exe:LimeWire swarmed installer
"{0D9DE0EB-165E-449B-9F58-B07237BE3636}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{AD053A46-2E68-4EC4-9D20-7B96F5948654}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{47C7A0C0-4BEE-4E84-AF98-B87097B5CA69}c:\\users\\leanne\\program files\\bittorrent_dna\\dna.exe"= UDP:c:\users\leanne\program files\bittorrent_dna\dna.exe:dna.exe
"UDP Query User{FBDD1BCE-5A7B-431E-B5C1-A355893CFA13}c:\\users\\leanne\\program files\\bittorrent_dna\\dna.exe"= TCP:c:\users\leanne\program files\bittorrent_dna\dna.exe:dna.exe
"TCP Query User{499673F1-C860-4460-89E8-5469E8172085}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{99C65733-B15E-4BC2-BB49-DECA0B72B1B7}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{161E26EB-4237-457E-AB0F-53890F7024E3}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{FE1068F8-FB0F-447C-A954-A10BCA936A87}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{E26A79B3-2637-4C27-898D-B44D53B7F52F}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{A97F42DE-8C79-4C4B-98E2-2656582EAFD1}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"TCP Query User{6DB5BD73-4223-4ADD-821A-AC50759F05E0}c:\\program files\\bittyrant\\azureus.exe"= UDP:c:\program files\bittyrant\azureus.exe:Azureus
"UDP Query User{DDEDA018-B8F1-47A2-A4CB-17399B94FD30}c:\\program files\\bittyrant\\azureus.exe"= TCP:c:\program files\bittyrant\azureus.exe:Azureus
"{4953D261-4980-4807-9DA0-3FB850F8158D}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{903A3AED-070B-4944-8350-33AA72A3ADDE}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"TCP Query User{4BEEDEBE-0B80-484C-84C4-0115E34880EF}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{E76EF74B-A61B-4D98-A531-554F71D2DBF8}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{CA7BB756-35AA-494B-B2A2-5A9CCEB17A1E}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{C661DCC8-BC32-4BE5-99C4-BF1DC2C60EAD}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{514787B8-CCCB-485B-87B2-8519F8EE72E3}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{EA879B86-1637-4DCE-B3BB-E793A8529142}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{6E6C997C-28C6-4AAA-8EA0-EAE456E74AE2}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{8EB9AD33-EE45-49A8-87B7-D44C8E140A82}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{B5E040D3-9044-4FD7-ACD6-D63707999E92}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{56127337-95BB-45D2-86D2-91A3BD126B00}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{C48CB6A8-F292-4D06-B150-106E521F33D1}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{E2152AD5-034B-431A-BCDB-9AB6354094E7}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{83FD9395-C947-40EE-848D-A2968536810D}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{65E92840-F4EB-4C22-98C2-EE1CAD06022A}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{0B853AB3-7305-404E-905B-585A5A12D3E0}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{CF034C4C-30D1-4DB7-9CD6-6E746C0F83F3}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{5544BE4A-16EE-4345-A308-C56D60295D08}"= UDP:c:\program files\Common Files\AOL\1193914866\ee\aolsoftware.exe:AOL Shared Components
"{2B781FD3-A39E-4B8D-B50A-F573042E7EBC}"= TCP:c:\program files\Common Files\AOL\1193914866\ee\aolsoftware.exe:AOL Shared Components
"{2865A289-1184-4B67-8576-A97CEB434DEF}"= UDP:c:\program files\AOL 9.1\waol.exe:AOL
"{A1CF45BE-61F0-428A-B8F1-5E2D60279D3B}"= TCP:c:\program files\AOL 9.1\waol.exe:AOL
"{793C988B-B1F3-4F0C-AB04-DB2DDA084E27}"= UDP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{5B88FED1-C135-470B-AA8E-E1FE243DC77C}"= TCP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{C7D0E1FC-E3F9-4760-BD1A-C3A30EB2F03F}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A7C2DC08-5F38-416A-9620-05368411E877}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9F68AD57-47C3-48EC-A226-4AF3DBEEA850}"= UDP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{3574B566-751C-45D7-BF4E-3CBEC71414CD}"= TCP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{D17B0245-E358-4371-B26D-DF2B0927FCA6}"= UDP:c:\program files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"{BEBDA0AD-ADE7-44FD-903E-68477F32F90F}"= TCP:c:\program files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:AOL
"{03304486-A054-4F99-ABA7-F18E821A056C}"= UDP:c:\program files\Common Files\AOL\AOL Spyware Protection\asp.exe:AOL
"{F56CED7A-D8ED-4663-B14D-5816E01D1D6F}"= TCP:c:\program files\Common Files\AOL\AOL Spyware Protection\asp.exe:AOL
"{E43D98B9-C935-4FD4-9EF6-E458FFBA3773}"= UDP:c:\program files\AOL 9.1a\waol.exe:AOL
"{D2A8830F-B493-470C-BCC8-81FD5CF5D881}"= TCP:c:\program files\AOL 9.1a\waol.exe:AOL
"TCP Query User{4DD36BB4-9453-4565-A0B4-141813834D27}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{778A7EE8-1ADB-42FC-BA67-3B6A4A620E95}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{E2368D2D-0C48-40D4-8300-AB35228B8785}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{C427E50F-69BD-4FB3-921F-8CAF283B7CC7}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{2097B8A9-E16C-44D6-9B12-F7220FB445E1}c:\\users\\leanne\\appdata\\local\\temp\\temporary internet files\\content.ie5\\sqzbmo37\\housecall66[1].exe"= UDP:c:\users\leanne\appdata\local\temp\temporary internet files\content.ie5\sqzbmo37\housecall66[1].exe:housecall66[1].exe
"UDP Query User{65128F0A-0200-474E-8538-11F552B5DC16}c:\\users\\leanne\\appdata\\local\\temp\\temporary internet files\\content.ie5\\sqzbmo37\\housecall66[1].exe"= TCP:c:\users\leanne\appdata\local\temp\temporary internet files\content.ie5\sqzbmo37\housecall66[1].exe:housecall66[1].exe
"TCP Query User{1D2DC69E-8F2E-4F85-9BEB-244BF3E6F2F8}c:\\users\\leanne\\appdata\\local\\temp\\temporary internet files\\content.ie5\\o170rgo5\\housecall66[1].exe"= UDP:c:\users\leanne\appdata\local\temp\temporary internet files\content.ie5\o170rgo5\housecall66[1].exe:housecall66[1].exe
"UDP Query User{1335050A-CC76-482D-B853-69E035E63E25}c:\\users\\leanne\\appdata\\local\\temp\\temporary internet files\\content.ie5\\o170rgo5\\housecall66[1].exe"= TCP:c:\users\leanne\appdata\local\temp\temporary internet files\content.ie5\o170rgo5\housecall66[1].exe:housecall66[1].exe
"{6EB4DA96-658D-4F64-9452-71B9EC0BCF0F}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{5700303C-1E3F-4DB9-A1BF-FC17F19B47AE}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{4FC9C088-3110-4925-88FF-7A92434D2B01}c:\\users\\leanne\\program files\\dna\\btdna.exe"= UDP:c:\users\leanne\program files\dna\btdna.exe:btdna.exe
"UDP Query User{F764C951-FD46-417A-9C09-B057B726E711}c:\\users\\leanne\\program files\\dna\\btdna.exe"= TCP:c:\users\leanne\program files\dna\btdna.exe:btdna.exe
"{FC17D4BE-5E9A-403E-96F1-3DD42EA5435D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{5C087D1C-D63F-4ADA-A7D4-570439F91BAD}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{DDEEFB09-D9DE-4278-8E74-31336D25083B}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{31508259-FB4E-4401-9026-862E961E5BFC}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"{D6F5405C-71DD-42BF-8514-6297642F7788}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{7DEE2175-F54D-4A94-9E9D-C01D5904897F}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{EF47AA53-DD78-45DA-B48C-CBEB0DD24663}c:\\users\\leanne\\appdata\\local\\temp\\temporary internet files\\content.ie5\\mvtzzywy\\housecall66[1].exe"= UDP:c:\users\leanne\appdata\local\temp\temporary internet files\content.ie5\mvtzzywy\housecall66[1].exe:housecall66[1].exe
"UDP Query User{91F5D81E-C783-43F7-8C76-B3233B8FA09D}c:\\users\\leanne\\appdata\\local\\temp\\temporary internet files\\content.ie5\\mvtzzywy\\housecall66[1].exe"= TCP:c:\users\leanne\appdata\local\temp\temporary internet files\content.ie5\mvtzzywy\housecall66[1].exe:housecall66[1].exe
"TCP Query User{C8EBACF6-2975-421A-9FFA-C4773E634E5D}c:\\users\\leanne\\appdata\\local\\temp\\temporary internet files\\content.ie5\\[u]0[/u]ig0gan2\\housecall66[1].exe"= UDP:c:\users\leanne\appdata\local\temp\temporary internet files\content.ie5\[u]0[/u]ig0gan2\housecall66[1].exe:housecall66[1].exe
"UDP Query User{7792390E-F0AD-4B5B-914A-8A8E6C692B2F}c:\\users\\leanne\\appdata\\local\\temp\\temporary internet files\\content.ie5\\[u]0[/u]ig0gan2\\housecall66[1].exe"= TCP:c:\users\leanne\appdata\local\temp\temporary internet files\content.ie5\[u]0[/u]ig0gan2\housecall66[1].exe:housecall66[1].exe
"TCP Query User{8F972D88-D7C1-4DED-8CDA-77397E4C93B9}c:\\users\\leanne\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\users\leanne\program files\bittorrent\bittorrent.exe:bittorrent.exe
"UDP Query User{B5092063-BC51-4396-9A73-DD35CD9F18E6}c:\\users\\leanne\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\users\leanne\program files\bittorrent\bittorrent.exe:bittorrent.exe
"TCP Query User{6956424C-F316-415E-8100-6CBCF1FBE811}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7D4388BA-F567-47F1-BFC5-666DC58C4CA8}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{6B8A10DE-8A28-4515-8756-4A935B0B775A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E8A0B568-602D-4088-A273-2B756C7B00AD}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{C5FC39AA-FE80-474D-A801-D8521940DBF6}c:\\users\\leanne\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\xu71jqte\\housecall66[1].exe"= UDP:c:\users\leanne\appdata\local\microsoft\windows\temporary internet files\content.ie5\xu71jqte\housecall66[1].exe:housecall66[1].exe
"UDP Query User{BE90B41C-0E69-4B37-A877-36E932297611}c:\\users\\leanne\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\xu71jqte\\housecall66[1].exe"= TCP:c:\users\leanne\appdata\local\microsoft\windows\temporary internet files\content.ie5\xu71jqte\housecall66[1].exe:housecall66[1].exe
"{BB2F6489-22EF-446B-BC21-A6F4EA73F3AD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{999C62EB-AF06-4E2F-8CB0-30E0B0DBFB66}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{7382A3BC-DB67-4379-AB69-2EF4D90E2A0A}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{4EB69928-ED38-42A4-987B-8B438898831E}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"{D478E2C9-7EF3-4A90-8729-6150301354AB}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AA4A51A4-712A-474A-9B2B-B3C1D4E73BCF}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2008-07-02 82568]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2008-11-10 103944]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ    scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6677ce0e-b34c-11dc-9a98-00038a000015}]
\shell\AutoRun\command - G:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b381302-ef56-11dc-8e87-00038a000015}]
\shell\AutoRun\command - tmf3w3g0.com
\shell\explore\Command - tmf3w3g0.com
\shell\open\Command - tmf3w3g0.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa4df9a7-c082-11dc-9da4-00038a000015}]
\shell\AutoRun\command - G:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder
2008-11-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2008-11-15 c:\windows\Tasks\User_Feed_Synchronization-{CD28026F-5337-48D7-86C4-9D39C810AE24}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\leanne\AppData\Roaming\Mozilla\Firefox\Profiles\gycmqoj4.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.co.uk
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - c:\users\leanne\Program Files\DNA\plugins\npbtdna.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 15:48:40
Windows 6.0.6000  NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\windows\System32\audiodg.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
.
**************************************************************************
.
Completion time: 2008-11-15 15:58:59 - machine was rebooted
ComboFix-quarantined-files.txt  2008-11-15 15:57:23
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 13,830,815,744 bytes free
284 --- E O F --- 2008-11-10 00:13:37
 
 
 
 
Here is the malwarebytes log:
 
Malwarebytes' Anti-Malware 1.30
Database version: 1380
Windows 6.0.6000
15/11/2008 16:08:27
mbam-log-2008-11-15 (16-08-27).txt
Scan type: Quick Scan
Objects scanned: 50346
Time elapsed: 7 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0fc3e4d3-afbc-4c10-8590-9722b489daf4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0fc3e4d3-afbc-4c10-8590-9722b489daf4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
 
Thanks
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14325
  		   Posted 11-15-2008 5:30 (GMT +1)    Quote: Trojan.DNSChanger and browser is hijacked. Please HelpAlert an admin about: Trojan.DNSChanger and browser is hijacked. Please Help
Are the computer connected to a router ?

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

mise13
New Member


Date Joined Nov 2008
Total Posts : 4
  		   Posted 11-15-2008 5:41 (GMT +1)    Quote: Trojan.DNSChanger and browser is hijacked. Please HelpAlert an admin about: Trojan.DNSChanger and browser is hijacked. Please Help
yes, i've a netgear router, my ISP is AOl
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14325
  		   Posted 11-15-2008 5:58 (GMT +1)    Quote: Trojan.DNSChanger and browser is hijacked. Please HelpAlert an admin about: Trojan.DNSChanger and browser is hijacked. Please Help
Thought so smile
 
This adr: 85.255.112.165 85.255.112.23  are stored in the router. Don´t ask me how, because i can´t tell rolleyes
 
First  try turn off the power to the router, 5-10 minutes. Then turn it on, run a malwarebyte scan and se if these are found (again):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0fc3e4d3-afbc-4c10-8590-9722b489daf4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0fc3e4d3-afbc-4c10-8590-9722b489daf4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.165 85.255.112.23 -> Quarantined and deleted successfully.
 
 
If they do, You´ ll have to reset the router, look here how to do it:
 
 
Run a malwarebyte scan, and post the log
 
 
 

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

mise13
New Member


Date Joined Nov 2008
Total Posts : 4
  		   Posted 11-16-2008 8:08 (GMT +1)    Quote: Trojan.DNSChanger and browser is hijacked. Please HelpAlert an admin about: Trojan.DNSChanger and browser is hijacked. Please Help
hiya,
 
Reset the router and took an age to get my network set up again as ran into problems with AOL, so only getting back to you now.
 
All is working well with my computer now.
 
Thanks for your help, greatly appreciated.
 
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14325
  		   Posted 11-16-2008 8:26 (GMT +1)    Quote: Trojan.DNSChanger and browser is hijacked. Please HelpAlert an admin about: Trojan.DNSChanger and browser is hijacked. Please Help
Sounds good smile
 
 
If your computer problems are solved, it is time for the clean-up procedure. Download this file and save it on desktop as FIX_removal.exe

http://www.ctrlaltdel.dk/FIX_removal.exe

Double click FIX_removal.exe and follow the instructions - this will remove the programs that you have used during the cleaning process. Once the program is finished, reboot your computer to finalise the clean-up procedure.


I also suggest you read Tony Klein´s article :
So_how_did_I_get_infected_in_the_first_place.html
 

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 
New Topic Post reply to : Trojan.DNSChanger and browser is hijacked. Please Help Printable version of : Trojan.DNSChanger and browser is hijacked. Please Help
 
Forum Information
Currently it is Friday, January 09, 2009 1:28 AM (GMT +1)
There are a total of 65.960 posts in 16.185 threads.
In the last 3 days there were 24 new threads and 92 reply posts. View Active Threads
Who's Online
This forum has 27793 registered members. Please welcome our newest member, Roypat01.
50 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Random pop-ups (0)09-01-2009 00:10:41 (yogendra)
Some nasty trojan (4)08-01-2009 23:58:06 (buioch)
Anybody can help me remove Downloader Conhook Trojan? (2)08-01-2009 23:20:29 (menkixede)
Help with slow computer and file removal (3)08-01-2009 23:12:07 (papy1)
Help me please! (0)08-01-2009 22:45:39 (middy1234)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard