Sign In
Create Account
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:51 AM, on 12/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Spin32 - 3497d1fd-bd47-4046-b167-4e4382228237 - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Spin32\Spin32.lnk (HKCU)
O9 - Extra button: ReeferPoker - 60a501e4-a078-4cb2-8728-3fab4264f3c1 - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\ReeferPoker\ReeferPoker.lnk (HKCU)
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra button: The Poker Community - {23ce1f91-bc56-49f9-be01-bddf4ef76305} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\The Poker Community\The Poker Community.lnk (HKCU)
O9 - Extra button: WassPoker - {4053ebe6-a54d-4bb9-b118-ce1d8f99a548} - C:\Documents and Settings\HP_Administrator\Start Menu\Programs\WassPoker\WassPoker.lnk (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5507D818-39EC-44C4-9753-8F2583E8A15B}: NameServer = 85.255.114.55;85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\..\{59FE2AF6-C93A-4B84-ACFB-793A9D60E66B}: NameServer = 85.255.114.55;85.255.112.21
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.55;85.255.112.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.55;85.255.112.21
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 7934 bytes
-
This topic is locked
Back to top
#2
Posted 15 December 2008 - 10:58 AM
-
- Members
-
- 4 posts
New Member
Malwarebytes' Anti-Malware 1.23
Database version: 985
Windows 5.1.2600 Service Pack 2
4:57:15 AM 12/15/2008
mbam-log-12-15-2008 (04-57-15).txt
Scan type: Quick Scan
Objects scanned: 20384
Time elapsed: 4 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 12
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5507d818-39ec-44c4-9753-8f2583e8a15b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5507d818-39ec-44c4-9753-8f2583e8a15b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{5507d818-39ec-44c4-9753-8f2583e8a15b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Database version: 985
Windows 5.1.2600 Service Pack 2
4:57:15 AM 12/15/2008
mbam-log-12-15-2008 (04-57-15).txt
Scan type: Quick Scan
Objects scanned: 20384
Time elapsed: 4 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 12
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5507d818-39ec-44c4-9753-8f2583e8a15b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5507d818-39ec-44c4-9753-8f2583e8a15b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{5507d818-39ec-44c4-9753-8f2583e8a15b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
#3
Posted 15 December 2008 - 12:30 PM
-
- Administrators
-
- 5,158 posts
Forum Deity
- Location:Northampton, MA USA
There is a form of DNSChanger that adds its malicious DNS servers directly to your router/modem and in turn these servers are absorbed as defaults by windows as it boots .
You can confirm this by doing the following :
1. Boot
2. Do a MBAM scan and save the log (DO NOT REBOOT YET) .
3. Disconnect your networking cable (if you have wireless disable it temporarily) .
4. With your networking disconnected/disabled allow MBAM to remove these threats and then reboot your system .
5. Do a MBAM scan and save a (this log will be empty if your router/modem has been patched) .
6. Reconnect/enable your networking again , reboot and do another scan .
If your router/modem is patched you will have gotten the following :
1. Boot with networking enabled = dirty scan (you have already seen this one many times) .
2. Boot with networking disabled (and and after MBAM scan/remove) = clean scan .
3. Boot with networking re enabled = dirty scan again .
If we can confirm that malware is not reinstalling these servers then there are two ways to get these servers out of your router modem/router .
1. Use the hard reset button (this is NOT the same as power cycling/bouncing your modem/router) which sets it back to factory default .
2. Log into your router/modem and delete these servers directly .
Option 1 is easy and works 100% of the time but does also often force you to set up your ISP again (if you have DSL this is a 100% certainty) .
Option 2 is harder and if you have never logged into your modem/router requires either that you look up the info on your modem/router so that you can log in and make changes or that you call your ISP and ask for the same info .
If this info is enough for you to fix this on your own there are 2 critical final steps :
1. Set a username/password for your router/modem that is unique .
2. Disable UPNP in your router/modem settings (this is NOT the UPNP service in windows and MUST be done from within the option of the router/modem itself) .
Step 1 prevents anyone from logging into your router/modem with factory default set info .
Step 2 prevents a well known exploit of UPNP from allowing an attacker to bypass your router/modem username/password altogether .
You can confirm this by doing the following :
1. Boot
2. Do a MBAM scan and save the log (DO NOT REBOOT YET) .
3. Disconnect your networking cable (if you have wireless disable it temporarily) .
4. With your networking disconnected/disabled allow MBAM to remove these threats and then reboot your system .
5. Do a MBAM scan and save a (this log will be empty if your router/modem has been patched) .
6. Reconnect/enable your networking again , reboot and do another scan .
If your router/modem is patched you will have gotten the following :
1. Boot with networking enabled = dirty scan (you have already seen this one many times) .
2. Boot with networking disabled (and and after MBAM scan/remove) = clean scan .
3. Boot with networking re enabled = dirty scan again .
If we can confirm that malware is not reinstalling these servers then there are two ways to get these servers out of your router modem/router .
1. Use the hard reset button (this is NOT the same as power cycling/bouncing your modem/router) which sets it back to factory default .
2. Log into your router/modem and delete these servers directly .
Option 1 is easy and works 100% of the time but does also often force you to set up your ISP again (if you have DSL this is a 100% certainty) .
Option 2 is harder and if you have never logged into your modem/router requires either that you look up the info on your modem/router so that you can log in and make changes or that you call your ISP and ask for the same info .
If this info is enough for you to fix this on your own there are 2 critical final steps :
1. Set a username/password for your router/modem that is unique .
2. Disable UPNP in your router/modem settings (this is NOT the UPNP service in windows and MUST be done from within the option of the router/modem itself) .
Step 1 prevents anyone from logging into your router/modem with factory default set info .
Step 2 prevents a well known exploit of UPNP from allowing an attacker to bypass your router/modem username/password altogether .
#4
Posted 15 December 2008 - 06:29 PM
-
- Members
-
- 4 posts
New Member
its got me good.. 12 still show up after multiple MBAM scans with network disabled..anymore ideas?
Malwarebytes' Anti-Malware 1.23
Database version: 985
Windows 5.1.2600 Service Pack 2
12:27:19 PM 12/15/2008
mbam-log-12-15-2008 (12-27-19).txt
Scan type: Quick Scan
Objects scanned: 66271
Time elapsed: 13 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 12
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.23
Database version: 985
Windows 5.1.2600 Service Pack 2
12:27:19 PM 12/15/2008
mbam-log-12-15-2008 (12-27-19).txt
Scan type: Quick Scan
Objects scanned: 66271
Time elapsed: 13 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 12
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{59fe2af6-c93a-4b84-acfb-793a9d60e66b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.55;85.255.112.21 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
#5
Posted 15 December 2008 - 07:42 PM
-
- Administrators
-
- 5,158 posts
Forum Deity
- Location:Northampton, MA USA
Quote
Malwarebytes' Anti-Malware 1.23
Database version: 985
Database version: 985
This is current :
Malwarebytes' Anti-Malware 1.31
Database version: 1502
#6
Posted 16 December 2008 - 06:06 AM
-
- Members
-
- 4 posts
New Member
WOW TY..got a fresh updated copy..it found more stuff and FIXED EVERYTHING..PC is running great now tytytyytyty
#7
Posted 16 December 2008 - 06:35 AM
-
- Administrators
-
- 5,158 posts
Forum Deity
- Location:Northampton, MA USA
Glad to hear it .
Keep in mind that in this day and age going even a day without updates is dangerous .
Keep in mind that in this day and age going even a day without updates is dangerous .
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
