Page 6 of 8 FirstFirst ... 2345678 LastLast
Results 51 to 60 of 77

Thread: need help with zlob.DNSchanger

  1. #51
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi yawsa

    WAREOUT

    You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

    Please download FixWareout from one of these sites:
    http://downloads.subratam.org/Fixwareout.exe
    http://www.bleepingcomputer.com/file...Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin;
    follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    At the end of the fix, you may need to restart your computer again.

    Post back the contents of the logfile C:\fixwareout\report.txt.

    Now lets check some settings on your system.
    (2000/XP) Only
    In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
    Press OK twice to get out of the properties screen and reboot if it asks.
    That option might not be avaiable on some systems.
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  2. #52
    Member
    Join Date
    Sep 2008
    Posts
    41

    Default

    Hi Pekku,

    Username "Compaq_Owner" - 10/15/2008 17:24:03 [Fixwareout edited 9/01/2007]

    ~~~~~ Prerun check

    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5008440A-FCFB-433A-B42D-CE56FB09ADAC}
    "DhcpNameServer"="85.255.115.21" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D5C3C44D-4C60-4A17-8954-A3A67E195A48}
    "DhcpNameServer"="85.255.115.21" <Value cleared.

    Could not flush the DNS Resolver Cache: Function failed during execution.


    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "System"=""
    ....
    ....
    ~~~~~ Misc files.
    ....
    ~~~~~ Checking for older varients.
    ....

    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
    "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
    "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
    "MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
    "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
    "MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
    "VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
    "VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
    "OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
    "MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe"
    "PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
    "HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
    "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe\""
    "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
    "UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
    6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
    "YSearchProtection"="\"C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe\""
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "AppleSyncNotifier"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe"
    "LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "Y!TunnelBasic"="C:\\Program Files\\Digital Asphyxia\\Y!TunnelBasic 2.0\\YTBasic.exe"
    "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
    "Search Protection"="C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe"
    "YSearchProtection"="C:\\Program Files\\Yahoo!\\Search Protection\\SearchProtection.exe"
    "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
    "Google Update"="\"C:\\Documents and Settings\\Compaq_Owner\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe\" /c"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it...
    ~~~~~ End report ~~~~~

  3. #53
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi yawsa

    we need to reset your modem

    turn off your PC

    Reset/Reboot your modem/router.

    restart you computer.

    Open Notepad.
    Copy the text from the box to an empty file.
    Save it as dhcp.bat to your desktop.
    Choose save as all types

    Code:
    regedit /e c:\dhcp.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters"
    Close Notepad.

    Locate dhcp.bat on your Desktop and double-click on it It will create a file called dhcp.txt in C:\
    Copy the entire text and past it to your reply here in this topic.[/QUOTE]
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  4. #54
    Member
    Join Date
    Sep 2008
    Posts
    41

    Default

    Hi Pekku,

    how can i reboot the modem? i'm sorry but there is 2 instructions here because of a little instruction and "restarting the computer" BEFORE the dhcp.bat OR is dhcp.bat will be the procedure of rebooting the modem?

  5. #55
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi yawsa

    Shut down the computer, unplug the modem for at least one minute.
    Plug the modem in, let it synchronize, lights flash until steady light remains.
    Restart the computer.

    then........

    Open Notepad.
    Copy the text from the box to an empty file.
    Save it as dhcp.bat to your desktop.
    Choose save as all types

    Code:
    regedit /e c:\dhcp.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters"
    Close Notepad.

    Locate dhcp.bat on your Desktop and double-click on it It will create a file called dhcp.txt in C:\
    Copy the entire text and past it to your reply here in this topic.
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  6. #56
    Member
    Join Date
    Sep 2008
    Posts
    41

    Unhappy

    hey pekku..

    i tried restarting it, but then it didnt work that way because i only have an adapter because the modem is connected on my uncle's computer. he is the one who holds the main hub for our house. and all the computers in this house are connected through adapters. i still tried reconnecting it but with the computer off the lights won't turn on either so i let it synchronize while it was booting up. then a message saying that the adapter has malfunctioned popped up. so i tried reconnecting it by constantly pulling the plug off the adapter and then putting it back on til it powered on.. then when i tried running the dhcp.bat, c:/ wouldn't be opened. do u think something's wrong with my adapter? should i replace it? thanks..

  7. #57
    Member
    Join Date
    Sep 2008
    Posts
    41

    Default

    hi Pekku,

    forgot to look in C:\.. here it is..

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
    "NV Hostname"="aRckAe_miAn"
    "DataBasePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
    00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
    64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,65,00,74,00,63,00,00,00
    "NameServer"=""
    "ForwardBroadcasts"=dword:00000000
    "IPEnableRouter"=dword:00000000
    "Domain"=""
    "Hostname"="aRckAe_miAn"
    "SearchList"=""
    "UseDomainNameDevolution"=dword:00000001
    "EnableICMPRedirect"=dword:00000001
    "DeadGWDetectDefault"=dword:00000001
    "DontAddDefaultGatewayDefault"=dword:00000000
    "EnableSecurityFilters"=dword:00000000
    "DhcpNameServer"="85.255.115.21 85.255.112.151 1.2.3.4"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\NdisWanIp]
    "LLInterface"="WANARP"
    "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
    6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
    00,61,00,63,00,65,00,73,00,5c,00,7b,00,31,00,30,00,45,00,46,00,41,00,41,00,\
    39,00,37,00,2d,00,36,00,30,00,41,00,36,00,2d,00,34,00,34,00,38,00,36,00,2d,\
    00,42,00,32,00,34,00,36,00,2d,00,32,00,36,00,45,00,32,00,32,00,30,00,39,00,\
    43,00,33,00,41,00,35,00,37,00,7d,00,00,00,54,00,63,00,70,00,69,00,70,00,5c,\
    00,50,00,61,00,72,00,61,00,6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,\
    6e,00,74,00,65,00,72,00,66,00,61,00,63,00,65,00,73,00,5c,00,7b,00,30,00,32,\
    00,35,00,30,00,35,00,36,00,45,00,34,00,2d,00,45,00,44,00,38,00,43,00,2d,00,\
    34,00,44,00,39,00,37,00,2d,00,42,00,45,00,30,00,38,00,2d,00,31,00,37,00,38,\
    00,44,00,34,00,38,00,46,00,38,00,44,00,34,00,38,00,36,00,7d,00,00,00,00,00
    "NumInterfaces"=dword:00000002
    "IpInterfaces"=hex:97,aa,ef,10,a6,60,86,44,b2,46,26,e2,20,9c,3a,57,e4,56,50,02,\
    8c,ed,97,4d,be,08,17,8d,48,f8,d4,86

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{5008440A-FCFB-433A-B42D-CE56FB09ADAC}]
    "LLInterface"=""
    "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
    6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
    00,61,00,63,00,65,00,73,00,5c,00,7b,00,35,00,30,00,30,00,38,00,34,00,34,00,\
    30,00,41,00,2d,00,46,00,43,00,46,00,42,00,2d,00,34,00,33,00,33,00,41,00,2d,\
    00,42,00,34,00,32,00,44,00,2d,00,43,00,45,00,35,00,36,00,46,00,42,00,30,00,\
    39,00,41,00,44,00,41,00,43,00,7d,00,00,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{B79CD0E0-7DB7-4724-A9D0-ED3179536593}]
    "LLInterface"=""
    "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
    6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
    00,61,00,63,00,65,00,73,00,5c,00,7b,00,42,00,37,00,39,00,43,00,44,00,30,00,\
    45,00,30,00,2d,00,37,00,44,00,42,00,37,00,2d,00,34,00,37,00,32,00,34,00,2d,\
    00,41,00,39,00,44,00,30,00,2d,00,45,00,44,00,33,00,31,00,37,00,39,00,35,00,\
    33,00,36,00,35,00,39,00,33,00,7d,00,00,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{D5C3C44D-4C60-4A17-8954-A3A67E195A48}]
    "LLInterface"=""
    "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
    6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
    00,61,00,63,00,65,00,73,00,5c,00,7b,00,44,00,35,00,43,00,33,00,43,00,34,00,\
    34,00,44,00,2d,00,34,00,43,00,36,00,30,00,2d,00,34,00,41,00,31,00,37,00,2d,\
    00,38,00,39,00,35,00,34,00,2d,00,41,00,33,00,41,00,36,00,37,00,45,00,31,00,\
    39,00,35,00,41,00,34,00,38,00,7d,00,00,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{DEE7AD16-3435-4314-B98D-3E92CD8BCB77}]
    "LLInterface"="ARP1394"
    "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
    6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
    00,61,00,63,00,65,00,73,00,5c,00,7b,00,44,00,45,00,45,00,37,00,41,00,44,00,\
    31,00,36,00,2d,00,33,00,34,00,33,00,35,00,2d,00,34,00,33,00,31,00,34,00,2d,\
    00,42,00,39,00,38,00,44,00,2d,00,33,00,45,00,39,00,32,00,43,00,44,00,38,00,\
    42,00,43,00,42,00,37,00,37,00,7d,00,00,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{EECCA5C2-3F49-4A78-BDC8-4CBCD259D566}]
    "LLInterface"=""
    "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
    6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
    00,61,00,63,00,65,00,73,00,5c,00,7b,00,45,00,45,00,43,00,43,00,41,00,35,00,\
    43,00,32,00,2d,00,33,00,46,00,34,00,39,00,2d,00,34,00,41,00,37,00,38,00,2d,\
    00,42,00,44,00,43,00,38,00,2d,00,34,00,43,00,42,00,43,00,44,00,32,00,35,00,\
    39,00,44,00,35,00,36,00,36,00,7d,00,00,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{F6B91EF2-2894-4E32-82D6-0F15772048D5}]
    "LLInterface"=""
    "IpConfig"=hex(7):54,00,63,00,70,00,69,00,70,00,5c,00,50,00,61,00,72,00,61,00,\
    6d,00,65,00,74,00,65,00,72,00,73,00,5c,00,49,00,6e,00,74,00,65,00,72,00,66,\
    00,61,00,63,00,65,00,73,00,5c,00,7b,00,46,00,36,00,42,00,39,00,31,00,45,00,\
    46,00,32,00,2d,00,32,00,38,00,39,00,34,00,2d,00,34,00,45,00,33,00,32,00,2d,\
    00,38,00,32,00,44,00,36,00,2d,00,30,00,46,00,31,00,35,00,37,00,37,00,32,00,\
    30,00,34,00,38,00,44,00,35,00,7d,00,00,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{025056E4-ED8C-4D97-BE08-178D48F8D486}]
    "UseZeroBroadcast"=dword:00000000
    "EnableDHCP"=dword:00000000
    "IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
    "SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
    "DefaultGateway"=hex(7):00,00
    "EnableDeadGWDetect"=dword:00000001
    "DontAddDefaultGateway"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{10EFAA97-60A6-4486-B246-26E2209C3A57}]
    "UseZeroBroadcast"=dword:00000000
    "EnableDHCP"=dword:00000000
    "IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
    "SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
    "DefaultGateway"=hex(7):00,00
    "EnableDeadGWDetect"=dword:00000001
    "DontAddDefaultGateway"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5008440A-FCFB-433A-B42D-CE56FB09ADAC}]
    "UseZeroBroadcast"=dword:00000000
    "EnableDeadGWDetect"=dword:00000001
    "EnableDHCP"=dword:00000001
    "IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
    "SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
    "DefaultGateway"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
    "DefaultGatewayMetric"=hex(7):00,00
    "NameServer"=""
    "Domain"=""
    "RegistrationEnabled"=dword:00000001
    "RegisterAdapterName"=dword:00000000
    "TCPAllowedPorts"=hex(7):30,00,00,00,00,00
    "UDPAllowedPorts"=hex(7):30,00,00,00,00,00
    "RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
    "NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
    33,00,00,00,00,00
    "DhcpClassIdBin"=hex:
    "DhcpServer"="192.168.1.1"
    "Lease"=dword:00015180
    "LeaseObtainedTime"=dword:48fbbfaf
    "T1"=dword:48fc686f
    "T2"=dword:48fce6ff
    "LeaseTerminatesTime"=dword:48fd112f
    "IPAutoconfigurationAddress"="0.0.0.0"
    "IPAutoconfigurationMask"="255.255.0.0"
    "IPAutoconfigurationSeed"=dword:acbcf250
    "AddressType"=dword:00000000
    "IsServerNapAware"=dword:00000000
    "DhcpNameServer"="85.255.115.21 85.255.112.151 1.2.3.4"
    "DhcpDefaultGateway"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,31,\
    00,2e,00,31,00,00,00,00,00
    "DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
    00,35,00,35,00,2e,00,30,00,00,00,00,00
    "DhcpIPAddress"="192.168.1.103"
    "DhcpSubnetMask"="255.255.255.0"
    "DhcpRetryStatus"=dword:00000000
    "DhcpRetryTime"=dword:0000a8be

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B79CD0E0-7DB7-4724-A9D0-ED3179536593}]
    "UseZeroBroadcast"=dword:00000000
    "EnableDeadGWDetect"=dword:00000001
    "EnableDHCP"=dword:00000001
    "IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
    "SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
    "DefaultGateway"=hex(7):00,00
    "DefaultGatewayMetric"=hex(7):00,00
    "NameServer"=""
    "Domain"=""
    "RegistrationEnabled"=dword:00000001
    "RegisterAdapterName"=dword:00000000
    "TCPAllowedPorts"=hex(7):30,00,00,00,00,00
    "UDPAllowedPorts"=hex(7):30,00,00,00,00,00
    "RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
    "NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
    32,00,00,00,00,00
    "DhcpClassIdBin"=hex:
    "DhcpServer"="16.92.3.250"
    "Lease"=dword:0013c680
    "LeaseObtainedTime"=dword:42bc893e
    "T1"=dword:42c66c7e
    "T2"=dword:42cdd6ee
    "LeaseTerminatesTime"=dword:42d04fbe
    "IPAutoconfigurationAddress"="0.0.0.0"
    "IPAutoconfigurationMask"="255.255.0.0"
    "IPAutoconfigurationSeed"=dword:00000000
    "AddressType"=dword:00000000
    "DhcpRetryTime"=dword:0009e340
    "DhcpRetryStatus"=dword:00000000
    "DhcpIPAddress"="15.14.58.175"
    "DhcpSubnetMask"="255.255.248.0"
    "DhcpNameServer"="16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243"
    "DhcpDefaultGateway"=hex(7):31,00,35,00,2e,00,31,00,34,00,2e,00,35,00,36,00,2e,\
    00,31,00,00,00,00,00
    "DhcpDomain"="americas.hpqcorp.net"
    "DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
    00,34,00,38,00,2e,00,30,00,00,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5C3C44D-4C60-4A17-8954-A3A67E195A48}]
    "UseZeroBroadcast"=dword:00000000
    "EnableDeadGWDetect"=dword:00000001
    "EnableDHCP"=dword:00000001
    "IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
    "SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
    "DefaultGateway"=hex(7):00,00
    "DefaultGatewayMetric"=hex(7):00,00
    "NameServer"=""
    "Domain"=""
    "RegistrationEnabled"=dword:00000001
    "RegisterAdapterName"=dword:00000000
    "TCPAllowedPorts"=hex(7):30,00,00,00,00,00
    "UDPAllowedPorts"=hex(7):30,00,00,00,00,00
    "RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
    "NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
    33,00,00,00,00,00
    "DhcpClassIdBin"=hex:
    "DhcpServer"="192.168.1.1"
    "Lease"=dword:00015180
    "LeaseObtainedTime"=dword:48fbc6ac
    "T1"=dword:48fc6f6c
    "T2"=dword:48fcedfc
    "LeaseTerminatesTime"=dword:48fd182c
    "IPAutoconfigurationAddress"="0.0.0.0"
    "IPAutoconfigurationMask"="255.255.0.0"
    "IPAutoconfigurationSeed"=dword:00000000
    "AddressType"=dword:00000000
    "IsServerNapAware"=dword:00000000
    "DhcpIPAddress"="192.168.1.103"
    "DhcpSubnetMask"="255.255.255.0"
    "DhcpRetryTime"=dword:0000a8bd
    "DhcpRetryStatus"=dword:00000000
    "DhcpNameServer"="85.255.115.21 85.255.112.151 1.2.3.4"
    "DhcpDefaultGateway"=hex(7):31,00,39,00,32,00,2e,00,31,00,36,00,38,00,2e,00,31,\
    00,2e,00,31,00,00,00,00,00
    "DhcpSubnetMaskOpt"=hex(7):32,00,35,00,35,00,2e,00,32,00,35,00,35,00,2e,00,32,\
    00,35,00,35,00,2e,00,30,00,00,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DEE7AD16-3435-4314-B98D-3E92CD8BCB77}]
    "UseZeroBroadcast"=dword:00000000
    "EnableDHCP"=dword:00000001
    "IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
    "SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
    "DefaultGateway"=hex(7):00,00
    "DefaultGatewayMetric"=hex(7):00,00
    "NameServer"=""
    "Domain"=""
    "RegistrationEnabled"=dword:00000001
    "RegisterAdapterName"=dword:00000000
    "TCPAllowedPorts"=hex(7):30,00,00,00,00,00
    "UDPAllowedPorts"=hex(7):30,00,00,00,00,00
    "RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EECCA5C2-3F49-4A78-BDC8-4CBCD259D566}]
    "UseZeroBroadcast"=dword:00000000
    "EnableDeadGWDetect"=dword:00000001
    "EnableDHCP"=dword:00000001
    "IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
    "SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
    "DefaultGateway"=hex(7):00,00
    "DefaultGatewayMetric"=hex(7):00,00
    "NameServer"=""
    "Domain"=""
    "RegistrationEnabled"=dword:00000001
    "RegisterAdapterName"=dword:00000000
    "TCPAllowedPorts"=hex(7):30,00,00,00,00,00
    "UDPAllowedPorts"=hex(7):30,00,00,00,00,00
    "RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
    "NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
    33,00,00,00,00,00
    "DhcpClassIdBin"=hex:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F6B91EF2-2894-4E32-82D6-0F15772048D5}]
    "UseZeroBroadcast"=dword:00000000
    "EnableDeadGWDetect"=dword:00000001
    "EnableDHCP"=dword:00000001
    "IPAddress"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
    "SubnetMask"=hex(7):30,00,2e,00,30,00,2e,00,30,00,2e,00,30,00,00,00,00,00
    "DefaultGateway"=hex(7):00,00
    "DefaultGatewayMetric"=hex(7):00,00
    "NameServer"=""
    "Domain"=""
    "RegistrationEnabled"=dword:00000001
    "RegisterAdapterName"=dword:00000000
    "TCPAllowedPorts"=hex(7):30,00,00,00,00,00
    "UDPAllowedPorts"=hex(7):30,00,00,00,00,00
    "RawIPAllowedProtocols"=hex(7):30,00,00,00,00,00
    "NTEContextList"=hex(7):30,00,78,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,\
    32,00,00,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock]
    "UseDelayedAcceptance"=dword:00000000
    "HelperDllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
    6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
    00,77,00,73,00,68,00,74,00,63,00,70,00,69,00,70,00,2e,00,64,00,6c,00,6c,00,\
    00,00
    "MaxSockAddrLength"=dword:00000010
    "MinSockAddrLength"=dword:00000010
    "Mapping"=hex:0b,00,00,00,03,00,00,00,02,00,00,00,01,00,00,00,06,00,00,00,02,\
    00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00,00,00,06,00,00,00,00,00,\
    00,00,00,00,00,00,06,00,00,00,00,00,00,00,01,00,00,00,06,00,00,00,02,00,00,\
    00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00,00,00,00,00,02,00,00,00,\
    00,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,11,00,00,00,00,00,00,00,02,\
    00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,00,00,00,00

  8. #58
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi yawsa

    Update MBAM (Malwarebytes Anti-Malware) and scan again, post that log and a new HJT log
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  9. #59
    Member
    Join Date
    Sep 2008
    Posts
    41

    Default

    hi pekku,

    sorry for the delay, i forgot to post it back because of the long scan session yesterday.

    Malwarebytes' Anti-Malware 1.29
    Database version: 1298
    Windows 5.1.2600 Service Pack 3

    10/20/2008 8:42:32 PM
    mbam-log-2008-10-20 (20-42-18).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 174082
    Time elapsed: 3 hour(s), 3 minute(s), 17 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 9
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.21 85.255.112.151 1.2.3.4 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5008440a-fcfb-433a-b42d-ce56fb09adac}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.21 85.255.112.151 1.2.3.4 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d5c3c44d-4c60-4a17-8954-a3a67e195a48}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.21 85.255.112.151 1.2.3.4 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.21 85.255.112.151 1.2.3.4 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5008440a-fcfb-433a-b42d-ce56fb09adac}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.21 85.255.112.151 1.2.3.4 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d5c3c44d-4c60-4a17-8954-a3a67e195a48}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.21 85.255.112.151 1.2.3.4 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.21 85.255.112.151 1.2.3.4 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5008440a-fcfb-433a-b42d-ce56fb09adac}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.21 85.255.112.151 1.2.3.4 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{d5c3c44d-4c60-4a17-8954-a3a67e195a48}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.21 85.255.112.151 1.2.3.4 -> No action taken.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  10. #60
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi yawsa

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this file

    C:\look.txt

    next.....

    Locate Export.bat on your Desktop and double-click on it It will create a file called look.txt in C:\
    Copy the entire text and past it to your reply here in this topic.
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •