alright im runnin the mbam right now. it wouldnt let me update it. kept sayin some sort of error occured. and then when i tried to manually do it it just kept takin me to google.com with the site on the search bar. i will post the dds and mbam log here once its done scanning. 3 infections so far.
Yes that is normal and is because of infection you have.
Post back logs when ready.
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
alright itl be a minute. something installed itself on my comp as a hard drive bios or sumthin and it kept blue screenin me and restartin nonstop. i had to go back in safe mode and delete it from the device manager. finally got the update to work on that program. so far no infections. once its done ill put up logs. thanks for all the help youve been givin me so far by the way. i highly appreciate it.
Thanks for update
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3
7/29/2009 1:46:52 PM
mbam-log-2009-07-29 (13-46-52).txt
Scan type: Full Scan (C:\|H:\|)
Objects scanned: 165507
Time elapsed: 34 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\video.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{681147c4-d615-461a-960f-655871e315c3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.215,85.255.112.94 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1a1d83b7-da13-4822-9c5a-9191f0c5d759}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.215,85.255.112.94 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.215,85.255.112.94 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1a1d83b7-da13-4822-9c5a-9191f0c5d759}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.215,85.255.112.94 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.215,85.255.112.94 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1a1d83b7-da13-4822-9c5a-9191f0c5d759}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.215,85.255.112.94 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\mstwain32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cmsetac.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
there also appears to be files in the quarantine section here. should i delete them?
um when it restarts it just freezes up and i can move my mouse but thats all i can do
So you can't restart computer in normal mode?
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
yeah i can. i just got it goin but my internets still hijacked. im not about to do the run again cus when it restarts it itl freeze up.
Please then post next fresh DDS logs.
Microsoft MVP Consumer Security 2008-2011
Member of ASAP and UNITE since 2006
