need help with zlob.DNSchanger

**yawsa** · 2008-10-23, 01:51

Hi pekku,

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"NV Hostname"="aRckAe_miAn"
"DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
"NameServer"=""
"ForwardBroadcasts"=dword:00000000
"IPEnableRouter"=dword:00000000
"Domain"=""
"Hostname"="aRckAe_miAn"
"SearchList"=""
"UseDomainNameDevolution"=dword:00000001
"EnableICMPRedirect"=dword:00000001
"DeadGWDetectDefault"=dword:00000001
"DontAddDefaultGatewayDefault"=dword:00000000
"EnableSecurityFilters"=dword:00000000
"DhcpNameServer"="85.255.115.21 85.255.112.151 1.2.3.4"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp]
"LLInterface"="WANARP"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,31,00,30,00,45,00,46,00,41,00,41,00,\
39,00,37,00,2d,00,36,00,30,00,41,00,36,00,2d,00,34,00,34,00,38,00,36,00,2d,\
00,42,00,32,00,34,00,36,00,2d,00,32,00,36,00,45,00,32,00,32,00,30,00,39,00,\
43,00,33,00,41,00,35,00,37,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,\
00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,\
6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,30,00,32,\
00,35,00,30,00,35,00,36,00,45,00,34,00,2d,00,45,00,44,00,38,00,43,00,2d,00,\
34,00,44,00,39,00,37,00,2d,00,42,00,45,00,30,00,38,00,2d,00,31,00,37,00,38,\
00,44,00,34,00,38,00,46,00,38,00,44,00,34,00,38,00,36,00,7d,00,00,00,00,00
"NumInterfaces"=dword:00000002
"IpInterfaces"=hex:97,aa,ef,10,a6,60,86,44,b2,46,26,e2,20,9c,3a,57,e4,56,50,02,\
8c,ed,97,4d,be,08,17,8d,48,f8,d4,86

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{5008440A-FCFB-433A-B42D-CE56FB09ADAC}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,35,00,30,00,30,00,38,00,34,00,34,00,\
30,00,41,00,2d,00,46,00,43,00,46,00,42,00,2d,00,34,00,33,00,33,00,41,00,2d,\
00,42,00,34,00,32,00,44,00,2d,00,43,00,45,00,35,00,36,00,46,00,42,00,30,00,\
39,00,41,00,44,00,41,00,43,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{B79CD0E0-7DB7-4724-A9D0-ED3179536593}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,42,00,37,00,39,00,43,00,44,00,30,00,\
45,00,30,00,2d,00,37,00,44,00,42,00,37,00,2d,00,34,00,37,00,32,00,34,00,2d,\
00,41,00,39,00,44,00,30,00,2d,00,45,00,44,00,33,00,31,00,37,00,39,00,35,00,\
33,00,36,00,35,00,39,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{D5C3C44D-4C60-4A17-8954-A3A67E195A48}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,44,00,35,00,43,00,33,00,43,00,34,00,\
34,00,44,00,2d,00,34,00,43,00,36,00,30,00,2d,00,34,00,41,00,31,00,37,00,2d,\
00,38,00,39,00,35,00,34,00,2d,00,41,00,33,00,41,00,36,00,37,00,45,00,31,00,\
39,00,35,00,41,00,34,00,38,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{DEE7AD16-3435-4314-B98D-3E92CD8BCB77}]
"LLInterface"="ARP1394"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,44,00,45,00,45,00,37,00,41,00,44,00,\
31,00,36,00,2d,00,33,00,34,00,33,00,35,00,2d,00,34,00,33,00,31,00,34,00,2d,\
00,42,00,39,00,38,00,44,00,2d,00,33,00,45,00,39,00,32,00,43,00,44,00,38,00,\
42,00,43,00,42,00,37,00,37,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{EECCA5C2-3F49-4A78-BDC8-4CBCD259D566}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,45,00,45,00,43,00,43,00,41,00,35,00,\
43,00,32,00,2d,00,33,00,46,00,34,00,39,00,2d,00,34,00,41,00,37,00,38,00,2d,\
00,42,00,44,00,43,00,38,00,2d,00,34,00,43,00,42,00,43,00,44,00,32,00,35,00,\
39,00,44,00,35,00,36,00,36,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{F6B91EF2-2894-4E32-82D6-0F15772048D5}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,46,00,36,00,42,00,39,00,31,00,45,00,\
46,00,32,00,2d,00,32,00,38,00,39,00,34,00,2d,00,34,00,45,00,33,00,32,00,2d,\
00,38,00,32,00,44,00,36,00,2d,00,30,00,46,00,31,00,35,00,37,00,37,00,32,00,\
30,00,34,00,38,00,44,00,35,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{025056E4-ED8C-4D97-BE08-178D48F8D486}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{10EFAA97-60A6-4486-B246-26E2209C3A57}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5008440A-FCFB-433A-B42D-CE56FB09ADAC}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
33,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="192.168.1.1"
"Lease"=dword:00015180
"LeaseObtainedTime"=dword:48ffba6c
"T1"=dword:4900632c
"T2"=dword:4900e1bc
"LeaseTerminatesTime"=dword:49010bec
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:acbcf250
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpIPAddress"="192.168.1.103"
"DhcpSubnetMask"="255.255.255.0"
"DhcpRetryTime"=dword:0000a8bd
"DhcpRetryStatus"=dword:00000000
"DhcpNameServer"="85.255.115.21 85.255.112.151 1.2.3.4"
"DhcpDefaultGateway"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,31,\
00,2e,00,31,00,00,00,00,00
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
00,35,00,35,00,2e,00,30,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B79CD0E0-7DB7-4724-A9D0-ED3179536593}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
32,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="16.92.3.250"
"Lease"=dword:0013c680
"LeaseObtainedTime"=dword:42bc893e
"T1"=dword:42c66c7e
"T2"=dword:42cdd6ee
"LeaseTerminatesTime"=dword:42d04fbe
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000
"DhcpRetryTime"=dword:0009e340
"DhcpRetryStatus"=dword:00000000
"DhcpIPAddress"="15.14.58.175"
"DhcpSubnetMask"="255.255.248.0"
"DhcpNameServer"="16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243"
"DhcpDefaultGateway"=hex(7):31,00,35,00,2e,00,31,00,34,00,2e,00,35,00,36,00,2e,\
00,31,00,00,00,00,00
"DhcpDomain"="americas.hpqcorp.net"
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
00,34,00,38,00,2e,00,30,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5C3C44D-4C60-4A17-8954-A3A67E195A48}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
33,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="192.168.1.1"
"Lease"=dword:00015180
"LeaseObtainedTime"=dword:48fc35ce
"T1"=dword:48fcde8e
"T2"=dword:48fd5d1e
"LeaseTerminatesTime"=dword:48fd874e
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpNameServer"=""
"DhcpDefaultGateway"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,31,\
00,2e,00,31,00,00,00,00,00
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
00,35,00,35,00,2e,00,30,00,00,00,00,00
"DhcpIPAddress"="192.168.1.103"
"DhcpSubnetMask"="255.255.255.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DEE7AD16-3435-4314-B98D-3E92CD8BCB77}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EECCA5C2-3F49-4A78-BDC8-4CBCD259D566}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
33,00,00,00,00,00
"DhcpClassIdBin"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F6B91EF2-2894-4E32-82D6-0F15772048D5}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
32,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock]
"UseDelayedAcceptance"=dword:00000000
"HelperDllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,00,6c,00,\
00,00
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"Mapping"=hex:0b,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,06,00,00,00,02,\
00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,06,00,00,00,00,00,\
00,00,00,00,00,00,06,00,00,00,00,00,00,00,01,00,00,00,06,00,00,00,02,00,00,\
00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,02,00,00,00,\
00,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,11,00,00,00,00,00,00,00,02,\
00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,00,00,00,00

**peku006** · 2008-10-23, 20:12

Hi yawsa
hmm...85.255.115.21 still there.......
Reset your hub and do a scan with rsit on other computers in the house (start with your uncle's computer)

**yawsa** · 2008-10-24, 01:11

hi pekku,

i have a problem, everytime i go to a certain website a popup ad keeps showing eventhough my pop-up blocker is on high it's still annoying and my yahoo search still ridirecting me to other sites, i'm pretty sure it's the zlob.DNSchanger but i think we get rid of it but then it is still ridirecting me.

**peku006** · 2008-10-24, 07:57

Hi

i think we get rid of it

No, it´s still there

Your last Malwarebytes' Anti-Malware log......

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.21 85.255.112.151 1.2.3.4 -> No action taken.

Run Malwarebytes' Anti-Malware again and make sure it is set to "Remove Selected". what it finds,

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this file

C:\look.txt

next.....

Locate Export.bat on your Desktop and double-click on it It will create a file called look.txt in C:\
Copy the entire text and past it to your reply here in this topic.

Please reply with

the Malwarebytes' Anti-Malware Log
the look.txt

**yawsa** · 2008-10-28, 05:24

Hi pekku,

so sorry for late reply..

Malwarebytes' Anti-Malware 1.29
Database version: 1298
Windows 5.1.2600 Service Pack 3

10/27/2008 9:07:19 PM
mbam-log-2008-10-27 (21-07-19).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 175124
Time elapsed: 3 hour(s), 8 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.21 85.255.112.151 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5008440a-fcfb-433a-b42d-ce56fb09adac}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.21 85.255.112.151 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.21 85.255.112.151 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5008440a-fcfb-433a-b42d-ce56fb09adac}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.21 85.255.112.151 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.21 85.255.112.151 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5008440a-fcfb-433a-b42d-ce56fb09adac}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.21 85.255.112.151 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**yawsa** · 2008-10-28, 05:25

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"NV Hostname"="aRckAe_miAn"
"DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
"NameServer"=""
"ForwardBroadcasts"=dword:00000000
"IPEnableRouter"=dword:00000000
"Domain"=""
"Hostname"="aRckAe_miAn"
"SearchList"=""
"UseDomainNameDevolution"=dword:00000001
"EnableICMPRedirect"=dword:00000001
"DeadGWDetectDefault"=dword:00000001
"DontAddDefaultGatewayDefault"=dword:00000000
"EnableSecurityFilters"=dword:00000000
"DhcpNameServer"="85.255.115.21 85.255.112.151 1.2.3.4"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp]
"LLInterface"="WANARP"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,31,00,30,00,45,00,46,00,41,00,41,00,\
39,00,37,00,2d,00,36,00,30,00,41,00,36,00,2d,00,34,00,34,00,38,00,36,00,2d,\
00,42,00,32,00,34,00,36,00,2d,00,32,00,36,00,45,00,32,00,32,00,30,00,39,00,\
43,00,33,00,41,00,35,00,37,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,\
00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,\
6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,30,00,32,\
00,35,00,30,00,35,00,36,00,45,00,34,00,2d,00,45,00,44,00,38,00,43,00,2d,00,\
34,00,44,00,39,00,37,00,2d,00,42,00,45,00,30,00,38,00,2d,00,31,00,37,00,38,\
00,44,00,34,00,38,00,46,00,38,00,44,00,34,00,38,00,36,00,7d,00,00,00,00,00
"NumInterfaces"=dword:00000002
"IpInterfaces"=hex:97,aa,ef,10,a6,60,86,44,b2,46,26,e2,20,9c,3a,57,e4,56,50,02,\
8c,ed,97,4d,be,08,17,8d,48,f8,d4,86

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{5008440A-FCFB-433A-B42D-CE56FB09ADAC}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,35,00,30,00,30,00,38,00,34,00,34,00,\
30,00,41,00,2d,00,46,00,43,00,46,00,42,00,2d,00,34,00,33,00,33,00,41,00,2d,\
00,42,00,34,00,32,00,44,00,2d,00,43,00,45,00,35,00,36,00,46,00,42,00,30,00,\
39,00,41,00,44,00,41,00,43,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{B79CD0E0-7DB7-4724-A9D0-ED3179536593}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,42,00,37,00,39,00,43,00,44,00,30,00,\
45,00,30,00,2d,00,37,00,44,00,42,00,37,00,2d,00,34,00,37,00,32,00,34,00,2d,\
00,41,00,39,00,44,00,30,00,2d,00,45,00,44,00,33,00,31,00,37,00,39,00,35,00,\
33,00,36,00,35,00,39,00,33,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{D5C3C44D-4C60-4A17-8954-A3A67E195A48}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,44,00,35,00,43,00,33,00,43,00,34,00,\
34,00,44,00,2d,00,34,00,43,00,36,00,30,00,2d,00,34,00,41,00,31,00,37,00,2d,\
00,38,00,39,00,35,00,34,00,2d,00,41,00,33,00,41,00,36,00,37,00,45,00,31,00,\
39,00,35,00,41,00,34,00,38,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{DEE7AD16-3435-4314-B98D-3E92CD8BCB77}]
"LLInterface"="ARP1394"
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,44,00,45,00,45,00,37,00,41,00,44,00,\
31,00,36,00,2d,00,33,00,34,00,33,00,35,00,2d,00,34,00,33,00,31,00,34,00,2d,\
00,42,00,39,00,38,00,44,00,2d,00,33,00,45,00,39,00,32,00,43,00,44,00,38,00,\
42,00,43,00,42,00,37,00,37,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{EECCA5C2-3F49-4A78-BDC8-4CBCD259D566}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,45,00,45,00,43,00,43,00,41,00,35,00,\
43,00,32,00,2d,00,33,00,46,00,34,00,39,00,2d,00,34,00,41,00,37,00,38,00,2d,\
00,42,00,44,00,43,00,38,00,2d,00,34,00,43,00,42,00,43,00,44,00,32,00,35,00,\
39,00,44,00,35,00,36,00,36,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{F6B91EF2-2894-4E32-82D6-0F15772048D5}]
"LLInterface"=""
"IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
00,61,00,63,00,65,00,73,00,5c,00,7b,00,46,00,36,00,42,00,39,00,31,00,45,00,\
46,00,32,00,2d,00,32,00,38,00,39,00,34,00,2d,00,34,00,45,00,33,00,32,00,2d,\
00,38,00,32,00,44,00,36,00,2d,00,30,00,46,00,31,00,35,00,37,00,37,00,32,00,\
30,00,34,00,38,00,44,00,35,00,7d,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{025056E4-ED8C-4D97-BE08-178D48F8D486}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{10EFAA97-60A6-4486-B246-26E2209C3A57}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5008440A-FCFB-433A-B42D-CE56FB09ADAC}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
33,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="192.168.1.1"
"Lease"=dword:00015180
"LeaseObtainedTime"=dword:4906916c
"T1"=dword:49073a2c
"T2"=dword:4907b8bc
"LeaseTerminatesTime"=dword:4907e2ec
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:acbcf250
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpRetryTime"=dword:0000a8bd
"DhcpRetryStatus"=dword:00000000
"DhcpNameServer"="85.255.115.21 85.255.112.151 1.2.3.4"
"DhcpDefaultGateway"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,31,\
00,2e,00,31,00,00,00,00,00
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
00,35,00,35,00,2e,00,30,00,00,00,00,00
"DhcpIPAddress"="192.168.1.103"
"DhcpSubnetMask"="255.255.255.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B79CD0E0-7DB7-4724-A9D0-ED3179536593}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
32,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="16.92.3.250"
"Lease"=dword:0013c680
"LeaseObtainedTime"=dword:42bc893e
"T1"=dword:42c66c7e
"T2"=dword:42cdd6ee
"LeaseTerminatesTime"=dword:42d04fbe
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000
"DhcpRetryTime"=dword:0009e340
"DhcpRetryStatus"=dword:00000000
"DhcpIPAddress"="15.14.58.175"
"DhcpSubnetMask"="255.255.248.0"
"DhcpNameServer"="16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243"
"DhcpDefaultGateway"=hex(7):31,00,35,00,2e,00,31,00,34,00,2e,00,35,00,36,00,2e,\
00,31,00,00,00,00,00
"DhcpDomain"="americas.hpqcorp.net"
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
00,34,00,38,00,2e,00,30,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5C3C44D-4C60-4A17-8954-A3A67E195A48}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
33,00,00,00,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="192.168.1.1"
"Lease"=dword:00015180
"LeaseObtainedTime"=dword:48fc35ce
"T1"=dword:48fcde8e
"T2"=dword:48fd5d1e
"LeaseTerminatesTime"=dword:48fd874e
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000
"IsServerNapAware"=dword:00000000
"DhcpNameServer"=""
"DhcpDefaultGateway"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,31,\
00,2e,00,31,00,00,00,00,00
"DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
00,35,00,35,00,2e,00,30,00,00,00,00,00
"DhcpIPAddress"="192.168.1.103"
"DhcpSubnetMask"="255.255.255.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DEE7AD16-3435-4314-B98D-3E92CD8BCB77}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EECCA5C2-3F49-4A78-BDC8-4CBCD259D566}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
33,00,00,00,00,00
"DhcpClassIdBin"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F6B91EF2-2894-4E32-82D6-0F15772048D5}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
"DefaultGateway"=hex(7):00,00
"DefaultGatewayMetric"=hex(7):00,00
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00,00,00,00
"UDPAllowedPorts"=hex(7):30,00,00,00,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
"NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
32,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock]
"UseDelayedAcceptance"=dword:00000000
"HelperDllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,00,6c,00,\
00,00
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"Mapping"=hex:0b,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,06,00,00,00,02,\
00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,06,00,00,00,00,00,\
00,00,00,00,00,00,06,00,00,00,00,00,00,00,01,00,00,00,06,00,00,00,02,00,00,\
00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,02,00,00,00,\
00,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,11,00,00,00,00,00,00,00,02,\
00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,00,00,00,00

**peku006** · 2008-10-28, 07:41

Hi yawsa

Malwarebytes' Anti-Malware log :
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.21 85.255.112.151 1.2.3.4 -> Quarantined and deleted successfully.
look.txt:
"DhcpNameServer"="85.255.115.21 85.255.112.151 1.2.3.4"
still there........
you must reset the hub

Please reset the hub

next...

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this file

C:\look.tx

Run Malwarebytes' Anti-Malware again and make sure it is set to "Remove Selected". what it finds,

Locate Export.bat on your Desktop and double-click on it It will create a file called look.txt in C:\
Copy the entire text and past it to your reply here in this topic.

Please reply with

the Malwarebytes' Anti-Malware Log
the look.txt

**yawsa** · 2008-10-29, 00:27

hi pekku,

is it the hub found in my uncle's computer?

**peku006** · 2008-10-29, 17:32

Hi yawsa

How is your PC connected to the Internet, are you using a hub or router?

**yawsa** · 2008-10-30, 02:29

Hi pekku,

im sorry, but what is the difference between those two? well, my uncle have the main connection to the internet, when he wants to reset the connection all the computers in the house get disconnected. i'm thinking we have a router? because we bought a seperate device(linksys) so that we can get connection to the internet.

Thread: need help with zlob.DNSchanger

Thread Tools

Display

Tags for this Thread

Posting Permissions