Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

DNS Redirect - unable to get rid of it.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

DNS Redirect - unable to get rid of it.

Unread postby tdsal2 » December 16th, 2008, 1:18 am

First - thank you for this forum - I really need some expert advice. I have been trying to get rid of dnsredirect trojan. I've used adaware, Avast, FmitFraudFix, S&D and a couple of others but I'm yet to get rid of it for good. It keeps reloading the moment i reboot pc. I read that it also resides on one's router - so I did a manufactures reset on that, and made sure I reset the admin password before i reconnected it the phone line (maybe I didnt do it correctly?). Smithfaudfix says it removes it, but after a reboot, it is still there, and my browsers get redirected again. (I can also tell because there is a '>' next to each google search entry. I dont know enough to know if im missing something, or doing something in the wrong order - so Im posting my information here, and I will NOT try anything else until one of your guru's gives me further instructions. Quite happy to admit this one is beyond me.. :oops:

First.. here is the SmitFraudFix log:
SmitFraudFix v2.384

Scan done at 16:08:37.78, Wed 12/17/2008
Run from C:\Users\Slappy\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: NVIDIA nForce 10/100/1000 Mbps Ethernet
DNS Server Search Order: 85.255.113.125;85.255.112.214

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D792DE9F-E00D-46BC-BC7A-5145866D4D9B}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D792DE9F-E00D-46BC-BC7A-5145866D4D9B}: NameServer=85.255.113.125;85.255.112.214
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D792DE9F-E00D-46BC-BC7A-5145866D4D9B}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D792DE9F-E00D-46BC-BC7A-5145866D4D9B}: NameServer=85.255.113.125;85.255.112.214
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.113.125;85.255.112.214
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.113.125;85.255.112.214

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

Description: NVIDIA nForce 10/100/1000 Mbps Ethernet
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D792DE9F-E00D-46BC-BC7A-5145866D4D9B}: DhcpNameServer=192.168.0.1

And now the Hijackthis log.:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:09:21, on 12/17/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Slappy\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Novosoft\Handy Backup\hbagent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?

LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?

LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?

LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program

Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot -

Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft

Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07

\bin\ssv.dll
O2 - BHO: D - {7DA0C4CD-92CE-368F-8578-37FF8904BF1B} - C:\Windows\system32\xwr65570.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common

Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Slappy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Handy Backup 5.4] C:\Program Files\Novosoft\Handy Backup\hbagent.exe -logon
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL

SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK

SERVICE')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0

\Reader\reader_sl.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0

\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1

\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2

\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1

\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12

\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search

& Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-

58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) -

http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -

http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) -

http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

http://www4.snapfish.com.au/SnapfishActivia.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) -

http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/f ... wflash.cab
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 85.255.113.125;85.255.112.214
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft

Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: hblogon - C:\Windows\SYSTEM32\hblogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common

Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program

Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program

Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia

Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32

\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program

Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 9057 bytes
tdsal2
Active Member
 
Posts: 5
Joined: December 15th, 2008, 11:10 pm
Advertisement
Register to Remove

Re: DNS Redirect - unable to get rid of it.

Unread postby Carolyn » December 19th, 2008, 2:04 pm

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you follow these instructions, everything should go smoothly.


Your HijackThis log, is messed up. This is cause by having Word Wrap checked.

1. Click Start > All Programs > Accessories > Notepad
2. On the menu bar in Notepad select Format and click on WordWrap so it appears un-checked.

Please post the HijackThis log again for my review.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: DNS Redirect - unable to get rid of it.

Unread postby tdsal2 » December 19th, 2008, 7:30 pm

Hi Carolyn,
Thank you for looking after me. Below is the corrected hijackthis log with word wrap switched off. Other symptoms - google is redirected from my selected pages. Google wont let me do a second search in the same window - have to close window and reopen. Avast finds a trojan in c:\windows\system32\msqpdxnxtpdpei.dll though I cannot find that file to save my life. As mentioned before, I have tried multiple programs to try and get rid of it, and also attempted to remove it from my router if it was there - but clearly not doing it right. I wont do anything unless instructed. Thanks again! :)
Todd (Ill also attach as txt file incase it mucks up).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:06, on 12/21/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Slappy\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Novosoft\Handy Backup\hbagent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: D - {7DA0C4CD-92CE-368F-8578-37FF8904BF1B} - C:\Windows\system32\xwr65570.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [sealmon.exe] C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Slappy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Handy Backup 5.4] C:\Program Files\Novosoft\Handy Backup\hbagent.exe -logon
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www4.snapfish.com.au/SnapfishActivia.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D792DE9F-E00D-46BC-BC7A-5145866D4D9B}: NameServer = 85.255.113.125;85.255.112.214
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.125;85.255.112.214
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: NameServer = 85.255.113.125;85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.125;85.255.112.214
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: hblogon - C:\Windows\SYSTEM32\hblogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 9618 bytes
tdsal2
Active Member
 
Posts: 5
Joined: December 15th, 2008, 11:10 pm

Re: DNS Redirect - unable to get rid of it.

Unread postby Carolyn » December 21st, 2008, 12:05 pm

Hi,

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: DNS Redirect - unable to get rid of it.

Unread postby tdsal2 » December 21st, 2008, 5:51 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:52:35, on 12/23/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Windows\Explorer.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7DA0C4CD-92CE-368F-8578-37FF8904BF1B} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Slappy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Handy Backup 5.4] C:\Program Files\Novosoft\Handy Backup\hbagent.exe -logon
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www4.snapfish.com.au/SnapfishActivia.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: hblogon - C:\Windows\SYSTEM32\hblogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 8248 bytes



ComboFix 08-12-21.02 - Slappy 2008-12-23 8:39:23.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3326.2280 [GMT 11:00]
Running from: c:\users\Slappy\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Slappy\AppData\Local\Microsoft\Windows\Temporary Internet Files\MUZAoDA.cfg
c:\users\Slappy\AppData\Local\Microsoft\Windows\Temporary Internet Files\MUZAoDA0.che
c:\users\Slappy\AppData\Local\Microsoft\Windows\Temporary Internet Files\MUZAoDA1.che
c:\users\Slappy\AppData\Local\Microsoft\Windows\Temporary Internet Files\MUZAoDA2.che
c:\users\Slappy\AppData\Local\Microsoft\Windows\Temporary Internet Files\MUZAoDA3.che
c:\users\Slappy\AppData\Local\Microsoft\Windows\Temporary Internet Files\MUZAoDA4.che
c:\users\Slappy\AppData\Local\Microsoft\Windows\Temporary Internet Files\MUZAoDA5.che
c:\users\Slappy\AppData\Local\Microsoft\Windows\Temporary Internet Files\MUZAoDA6.che
c:\users\Slappy\AppData\Local\Microsoft\Windows\Temporary Internet Files\MUZAoDA7.che
c:\users\Slappy\AppData\Local\Microsoft\Windows\Temporary Internet Files\MUZAoDA8.che
c:\users\Slappy\AppData\Local\Microsoft\Windows\Temporary Internet Files\MUZAoDA9.che
c:\windows\system32\drivers\msqpdxqrdwlwkb.sys
c:\windows\system32\drivers\msqpdxserv.sys
c:\windows\system32\mfc45.dll
c:\windows\system32\msqpdxnxtpdpei.dll
c:\windows\system32\msqpdxwccsejgv.dll
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSQPDXSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 )))))))))))))))))))))))))))))))
.

2008-12-22 18:07 . 2008-12-22 18:07 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-22 18:07 . 2008-12-22 18:07 <DIR> d-------- c:\program files\HP
2008-12-21 22:44 . 2008-12-21 22:44 <DIR> d-------- c:\program files\Celeb Poker
2008-12-21 22:38 . 2008-12-21 22:39 <DIR> d-------- c:\users\Slappy\AppData\Roaming\PacificPoker
2008-12-21 22:38 . 2008-12-21 22:38 <DIR> d-------- c:\program files\PacificPoker
2008-12-21 21:15 . 2008-12-21 21:15 0 --a------ c:\windows\nsreg.dat
2008-12-21 15:43 . 2008-12-21 15:43 <DIR> d-------- c:\users\All Users\Knowledge Adventure
2008-12-21 15:43 . 2008-12-21 15:43 <DIR> d-------- c:\programdata\Knowledge Adventure
2008-12-21 15:43 . 2008-12-21 15:43 <DIR> d-------- c:\program files\Common Files\Knowledge Adventure
2008-12-21 15:43 . 2008-12-21 15:43 <DIR> d-------- c:\program files\Blaster
2008-12-21 10:34 . 2008-12-21 21:36 <DIR> d-------- c:\program files\PKR
2008-12-20 15:46 . 2008-12-20 15:46 <DIR> d-------- C:\Maddy games
2008-12-20 13:51 . 2008-12-20 13:51 <DIR> d-------- c:\users\Slappy\AppData\Roaming\SealedMedia
2008-12-20 13:50 . 2008-12-20 13:50 <DIR> d-------- c:\program files\Oracle
2008-12-19 11:33 . 2008-12-19 11:33 <DIR> d-------- c:\windows\BBSTORE
2008-12-19 11:33 . 2008-12-19 11:33 <DIR> d-------- c:\program files\The Learning Company
2008-12-19 11:33 . 2008-12-19 11:33 0 --a------ c:\windows\setup32.INI
2008-12-17 14:47 . 2008-11-27 04:17 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2008-12-17 14:30 . 2008-12-17 14:30 680,960 --a------ c:\windows\isRS-000.tmp
2008-12-17 14:19 . 2008-12-17 14:19 <DIR> d-------- c:\program files\VS Revo Group
2008-12-17 14:07 . 2008-12-17 14:07 <DIR> d-------- c:\program files\Trend Micro
2008-12-17 13:03 . 2008-12-17 13:03 273 --a------ c:\windows\SysMech.INI
2008-12-17 12:58 . 2008-12-17 12:58 406 --a------ c:\windows\System32\ioloBootDefrag.cfg
2008-12-17 12:57 . 2008-12-04 16:51 935,776 --a------ c:\windows\System32\Incinerator.dll
2008-12-17 12:57 . 2008-09-24 09:32 28,672 --a------ c:\windows\System32\iolobtdfg.exe
2008-12-17 12:57 . 2008-04-17 10:45 12,800 --a------ c:\windows\System32\elrawdsk.sys
2008-12-17 12:57 . 2008-04-17 10:45 12,800 --a------ c:\windows\System32\drivers\elrawdsk.sys
2008-12-17 12:57 . 2008-04-17 10:45 9,341 --a------ c:\windows\System32\drivers\filedisk.sys
2008-12-17 12:57 . 2008-11-18 11:51 8,192 --a------ c:\windows\System32\smrgdf.exe
2008-12-17 12:25 . 2008-12-17 12:25 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-12-16 18:32 . 2008-12-16 18:32 <DIR> d-------- c:\users\Slappy\AppData\Roaming\Malwarebytes
2008-12-16 18:32 . 2008-12-16 18:32 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-16 18:32 . 2008-12-16 18:32 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-16 18:32 . 2008-12-16 18:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-16 16:51 . 2008-12-22 18:08 <DIR> d-------- c:\program files\SpywareGuard
2008-12-16 09:12 . 2008-12-16 09:12 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-12-16 07:51 . 2008-12-21 20:54 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-12-16 07:51 . 2008-12-21 20:54 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2008-12-16 07:51 . 2008-12-16 08:10 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-15 23:44 . 2008-12-15 23:44 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-12-15 22:05 . 2008-12-15 22:05 <DIR> d-------- c:\program files\iolo
2008-12-15 22:04 . 2008-12-21 18:37 <DIR> d-------- c:\users\Slappy\AppData\Roaming\iolo
2008-12-15 22:04 . 2008-12-15 22:10 <DIR> d-------- c:\users\All Users\iolo
2008-12-15 22:04 . 2008-12-15 22:10 <DIR> d-------- c:\programdata\iolo
2008-12-15 20:35 . 2008-12-15 20:35 <DIR> d-------- c:\program files\2K Games
2008-12-15 20:26 . 2008-12-15 20:28 <DIR> d-------- c:\temp\coloniztiontmp
2008-12-15 16:34 . 2008-12-15 16:34 <DIR> d-------- c:\users\All Users\Lavasoft
2008-12-15 16:34 . 2008-12-15 16:34 <DIR> d-------- c:\programdata\Lavasoft
2008-12-15 16:34 . 2008-12-15 16:34 <DIR> d-------- c:\program files\Lavasoft
2008-12-15 15:30 . 2008-12-15 15:31 <DIR> d-------- C:\Downloads
2008-12-14 21:59 . 2008-12-15 20:45 <DIR> d-------- c:\users\Slappy\AppData\Roaming\Red Alert 3
2008-12-14 09:52 . 2008-12-14 09:52 <DIR> d-------- c:\temp\REDALERT3
2008-12-13 22:18 . 2008-12-13 22:18 2,250,024 --a------ c:\windows\System32\pbsvc.exe
2008-12-13 21:21 . 2008-12-13 21:36 <DIR> d-------- c:\temp\fc2
2008-12-12 09:26 . 2008-12-12 09:26 <DIR> d-------- c:\program files\Alwil Software
2008-12-11 22:32 . 2008-12-17 12:20 <DIR> d-------- c:\program files\homeview
2008-12-11 16:44 . 2008-12-12 08:14 <DIR> d-------- c:\users\All Users\avg8
2008-12-11 16:44 . 2008-12-12 08:14 <DIR> d-------- c:\programdata\avg8
2008-12-11 11:27 . 2008-12-17 12:29 262,876,112 --a------ c:\windows\MEMORY.DMP
2008-12-10 18:16 . 2008-12-10 18:16 29,184 --a------ c:\windows\System32\drivers\Ndisprot.sys
2008-12-08 13:40 . 2008-12-08 13:40 <DIR> d-------- c:\users\Slappy\AppData\Roaming\Ahead
2008-12-08 13:39 . 2008-12-08 13:39 <DIR> d-------- c:\users\All Users\Ahead
2008-12-08 13:39 . 2008-12-08 13:39 <DIR> d-------- c:\programdata\Ahead
2008-12-08 13:39 . 2004-04-19 14:37 1,814,528 --------- c:\windows\UNNeroVision.exe
2008-12-08 13:39 . 2004-04-21 17:10 96,891 --------- c:\windows\UNNeroVision.cfg
2008-12-08 13:39 . 2001-03-08 19:30 24,064 --a------ c:\windows\System32\msxml3a.dll
2008-12-08 13:34 . 2008-12-23 08:35 49 --a------ c:\windows\NeroDigital.ini
2008-12-08 13:26 . 2008-12-08 13:26 <DIR> d-------- c:\program files\Common Files\Ahead
2008-12-08 13:26 . 2008-12-08 13:39 <DIR> d-------- c:\program files\Ahead
2008-12-08 13:26 . 2001-07-06 14:41 569,344 --a------ c:\windows\System32\imagr5.dll
2008-12-08 13:26 . 2001-07-06 12:44 544,768 --a------ c:\windows\System32\imagx5.dll
2008-12-08 13:26 . 2001-07-06 18:24 283,920 --a------ c:\windows\System32\ImagXpr5.dll
2008-12-08 13:26 . 2001-07-09 11:50 155,648 --a------ c:\windows\System32\NeroCheck.exe
2008-12-08 13:26 . 2000-06-26 11:45 106,496 --a------ c:\windows\System32\TwnLib20.dll
2008-12-08 13:26 . 2001-06-26 08:15 38,912 --a------ c:\windows\System32\picn20.dll
2008-12-04 21:12 . 2008-10-17 08:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-04 21:12 . 2008-10-17 07:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-04 21:12 . 2008-10-17 08:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-04 21:12 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-04 21:12 . 2008-10-17 07:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-04 21:12 . 2008-10-17 08:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-04 21:12 . 2008-10-17 08:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-04 21:12 . 2008-10-17 08:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-04 21:12 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-12-02 09:17 . 2008-12-02 09:18 <DIR> d-------- c:\users\Slappy\AppData\Roaming\Snapfish
2008-11-28 02:13 . 2008-10-21 16:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-28 02:13 . 2008-08-28 14:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-28 02:13 . 2008-08-28 14:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-28 02:13 . 2008-08-28 14:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-28 02:13 . 2008-10-22 14:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-28 02:13 . 2008-01-19 18:36 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-11-28 02:13 . 2008-01-19 18:36 94,720 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-24 14:11 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\System32\D3DX9_38.dll
2008-11-24 14:11 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\System32\D3DX9_37.dll
2008-11-24 14:11 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\System32\D3DCompiler_38.dll
2008-11-24 14:11 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\System32\D3DCompiler_37.dll
2008-11-24 14:11 . 2008-03-05 16:03 479,752 --a------ c:\windows\System32\XAudio2_0.dll
2008-11-24 14:11 . 2008-05-30 14:11 467,984 --a------ c:\windows\System32\d3dx10_38.dll
2008-11-24 14:11 . 2008-02-05 23:07 462,864 --a------ c:\windows\System32\d3dx10_37.dll
2008-11-24 14:11 . 2008-03-05 16:03 238,088 --a------ c:\windows\System32\xactengine3_0.dll
2008-11-24 14:11 . 2008-05-30 14:17 25,608 --a------ c:\windows\System32\X3DAudio1_4.dll
2008-11-24 14:11 . 2008-03-05 16:00 25,608 --a------ c:\windows\System32\X3DAudio1_3.dll
2008-11-24 13:48 . 2008-12-14 19:12 <DIR> d--h----- c:\windows\msdownld.tmp
2008-11-24 13:22 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system\d3dx9_38.dll
2008-11-22 18:11 . 2008-11-24 16:43 <DIR> d-------- C:\Fallout 3
2008-11-22 18:07 . 2008-11-25 12:00 <DIR> d-------- c:\temp\Fallout 3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 04:46 --------- d-----w c:\users\Slappy\AppData\Roaming\vlc
2008-12-22 04:46 --------- d-----w c:\users\Slappy\AppData\Roaming\uTorrent
2008-12-22 04:46 --------- d-----w c:\programdata\FLEXnet
2008-12-22 04:46 --------- d-----w c:\program files\IncrediFlash XTreme 1.2
2008-12-20 01:46 --------- d---a-w c:\programdata\TEMP
2008-12-20 00:34 --------- d--h--w c:\users\Slappy\AppData\Roaming\IFLTemp
2008-12-17 03:46 --------- d-----w c:\users\Slappy\AppData\Roaming\GetRight
2008-12-17 01:27 --------- d-----w c:\programdata\Microsoft Help
2008-12-17 01:24 --------- d-----w c:\programdata\NVIDIA
2008-12-17 01:20 --------- d--h--w c:\programdata\~0
2008-12-17 01:20 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-15 12:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-15 12:36 --------- d-----w c:\programdata\Media Center Programs
2008-12-15 12:31 --------- d-----w c:\programdata\Symantec
2008-12-15 12:31 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-15 12:22 --------- d-----w c:\program files\GetRight
2008-12-13 11:21 --------- d-----w c:\program files\Microsoft Games
2008-12-13 11:21 --------- d-----w c:\program files\Electronic Arts
2008-12-13 11:20 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-12-13 11:18 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-12-13 11:18 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-13 11:18 22,328 ----a-w c:\users\Slappy\AppData\Roaming\PnkBstrK.sys
2008-12-13 11:18 107,832 ----a-w c:\windows\System32\PnkBstrB.exe
2008-12-13 11:09 --------- d-----w c:\program files\Ubisoft
2008-12-11 16:17 174 --sha-w c:\program files\desktop.ini
2008-12-11 16:11 --------- d-----w c:\program files\Windows Sidebar
2008-12-11 16:11 --------- d-----w c:\program files\Windows Photo Gallery
2008-12-11 16:11 --------- d-----w c:\program files\Windows Mail
2008-12-11 16:11 --------- d-----w c:\program files\Windows Journal
2008-12-11 16:11 --------- d-----w c:\program files\Windows Calendar
2008-12-11 16:10 --------- d-----w c:\program files\Windows Defender
2008-12-11 12:10 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-12-11 12:10 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-12-11 06:24 --------- d-----w c:\program files\Flash Menu Labs Pro v2
2008-12-04 21:11 --------- d-----w c:\programdata\THQ
2008-12-04 21:11 --------- d-----w c:\program files\THQ
2008-12-04 21:10 --------- d-----w c:\program files\Common Files\Adobe
2008-12-01 05:51 --------- d-----w c:\users\Slappy\AppData\Roaming\Likno
2008-11-15 00:58 --------- d-----w c:\program files\FPDFC
2008-11-15 00:09 --------- d-----w c:\users\Slappy\AppData\Roaming\Novosoft
2008-11-15 00:09 --------- d-----w c:\program files\Novosoft
2008-11-14 10:51 --------- d-----w c:\users\Slappy\AppData\Roaming\AdobeUM
2008-11-13 05:06 --------- d-----w c:\program files\Flash Menu Factory
2008-11-13 05:04 --------- d--h--r c:\users\Slappy\AppData\Roaming\SecuROM
2008-11-12 08:56 --------- d-----w c:\program files\Activision
2008-11-05 23:29 --------- d-----w c:\program files\AllWebMenus5
2008-11-05 23:28 --------- d-----w c:\programdata\Tarma Installer
2008-11-04 03:38 --------- d-----w c:\program files\FileZilla
2008-11-03 11:40 --------- d-----w c:\program files\FlashyEffects
2008-11-03 11:38 --------- d-----w c:\users\Slappy\AppData\Roaming\com.adobe.ExMan
2008-11-03 11:22 --------- d-----w c:\users\Slappy\AppData\Roaming\Notepad++
2008-11-03 07:19 --------- d-----w c:\program files\Notepad++
2008-11-03 00:55 --------- d-----w c:\program files\Adobe Media Player
2008-11-03 00:52 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-10-31 00:12 --------- d-----w c:\program files\Diablo II
2008-10-30 22:53 --------- d-----w c:\program files\DIFX
2008-10-28 01:23 21,840 ----a-w c:\windows\System32\SIntfNT.dll
2008-10-28 01:23 17,212 ----a-w c:\windows\System32\SIntf32.dll
2008-10-28 01:23 12,067 ----a-w c:\windows\System32\SIntf16.dll
2008-10-28 01:15 94,208 ----a-w c:\windows\DIIUnin.exe
2008-10-28 01:15 2,829 ----a-w c:\windows\DIIUnin.pif
2008-10-27 11:08 --------- d-----w c:\programdata\Office Genuine Advantage
2008-10-26 23:04 70,992 ----a-w c:\windows\System32\XAPOFX1_2.dll
2008-10-26 23:04 514,384 ----a-w c:\windows\System32\XAudio2_3.dll
2008-10-26 23:04 235,856 ----a-w c:\windows\System32\xactengine3_3.dll
2008-10-26 23:04 23,376 ----a-w c:\windows\System32\X3DAudio1_5.dll
2008-10-25 07:41 --------- d-----w c:\users\Slappy\AppData\Roaming\DataCast
2008-10-25 05:21 --------- d-----w c:\program files\MSXML 4.0
2008-10-25 04:09 --------- d-----w c:\program files\Samsung
2008-10-25 04:09 --------- d-----w c:\program files\MarkAny
2008-10-23 12:18 --------- d-----w c:\users\Slappy\AppData\Roaming\Command & Conquer 3 Kane's Wrath
2008-10-19 05:01 14,921,284 ----a-w c:\windows\System32\xa27081773.exe
2008-10-19 05:01 14,921,284 ----a-w c:\windows\System32\xa27081336.exe
2008-10-18 01:29 14,921,284 ----a-w c:\windows\System32\xa119982022.exe
2008-10-18 01:29 14,921,284 ----a-w c:\windows\System32\xa119981570.exe
2008-10-09 17:52 452,440 ----a-w c:\windows\System32\d3dx10_40.dll
2008-10-09 17:52 4,379,984 ----a-w c:\windows\System32\D3DX9_40.dll
2008-10-09 17:52 2,036,576 ----a-w c:\windows\System32\D3DCompiler_40.dll
2008-10-07 16:05 269,312 ----a-w c:\windows\System32\es.dll
2008-10-06 11:03 215,144 ----a-w c:\windows\patchw32.dll
2008-10-05 10:26 61,440 ----a-w c:\windows\System32\winipsec.dll
2008-10-05 10:26 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2008-10-05 10:26 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2008-10-05 10:26 272,896 ----a-w c:\windows\System32\polstore.dll
2008-10-05 10:25 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-10-05 10:25 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-10-05 10:25 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-05 10:25 28,160 ----a-w c:\windows\System32\Apphlpdm.dll
2008-10-05 10:25 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-10-05 10:25 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-10-05 10:25 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-10-05 10:25 1,695,744 ----a-w c:\windows\System32\gameux.dll
2008-10-05 10:18 2,048 ----a-w c:\windows\System32\tzres.dll
2008-10-05 10:17 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2008-10-05 10:10 9,892,864 ----a-w c:\windows\System32\NlsLexicons000a.dll
2008-10-05 10:07 988,216 ----a-w c:\windows\System32\winload.exe
2008-10-05 10:07 927,288 ----a-w c:\windows\System32\winresume.exe
2008-10-05 10:07 615,992 ----a-w c:\windows\System32\ci.dll
2008-10-05 10:07 6,656 ----a-w c:\windows\System32\kbd106n.dll
2008-10-05 10:07 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-19 5724184]
"Google Update"="c:\users\Slappy\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-10-08 133104]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Handy Backup 5.4"="c:\program files\Novosoft\Handy Backup\hbagent.exe" [2006-09-15 1929216]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13580832]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-02 289576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-14 132624]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-27 81000]
"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2008-12-04 314224]

c:\users\Slappy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
GetRight.lnk - c:\program files\GetRight\GetRight.exe [2008-10-17 4628752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hblogon]
2006-09-15 15:39 53248 c:\windows\System32\hblogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-278403507-201437323-3870388880-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BCD76BD4-D40F-410A-930E-D10D0184853A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{71D96F08-1498-43C8-86AD-6EA3FC3EC8B7}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{ABB6F715-BFEA-451B-9EA8-CC807474EE98}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B31797C4-612F-40AF-B120-07100F3A2336}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{6D504673-8AC9-4C1B-8559-CF6EF9099E3E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{1E775352-8432-4F3E-B34D-10379CC85613}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A5274826-5D5B-4160-962E-2648FC92A979}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{22CE1E30-D7D3-4526-AB30-02FCCD55CECF}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{96786F8F-C43E-4998-835D-CC7878AC512D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D0C24FB0-4D62-4473-8E37-401D24999A7A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A9BDD9B8-0368-40D7-A1A9-EF41A49782BC}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{3025AC89-07FF-48A4-8EC7-72B970495C07}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{2863D6CA-F87D-4A37-A1C5-CAE7568DB02E}"= UDP:c:\program files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{D5EF230C-AE2A-4DC2-9556-FBFDE34B6D23}"= TCP:c:\program files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{B597F59C-C255-45EE-B566-789183176AD9}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{1CB18202-0FC7-4BD6-B4E5-F213AE5F13E4}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{46F0C3D3-BDC6-4E2B-BC68-18C046639722}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{C6BF60F8-B212-4EBF-A077-53E5DA050D87}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{10D20723-0666-4FC0-BA9B-F14A75A87ECE}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{F7F3C347-A83E-4685-B053-C6050685D5A9}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{70A48508-203A-4DFE-A3BB-52738CA8DD32}"= UDP:28204:utorrent
"{15B53871-6933-4192-9909-1D11527CB07B}"= UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{00E109A2-B220-49DA-8A1F-C6D087A6A363}"= TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{01083464-35F3-4EF6-8DBF-9C6403E0C415}"= UDP:5353:Adobe CSI CS4
"{ABE4FCBF-0F09-417A-9DFD-AFF821FA7189}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{DD0087B3-9A6A-44AA-A6E9-0A07A0C0852F}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{F2B4FF11-E0AE-4D33-9C47-747BAD5A4562}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{74015001-FDEC-4BFD-B2A1-9B57E7C590D4}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{FFFAF78A-5209-4B51-A1B9-45250F6E46EF}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{E91B1C66-FCD4-4F27-8271-D4884ECAC846}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{FF0F8FF2-FDF8-4B2D-8F74-82BA23053555}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{01A3067E-F9D8-45F3-8C73-9202359110EA}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{46BE96FA-9E5C-48E0-BD6B-AE285A9CF51D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{56B97825-F6EB-4A75-80FD-691145A10403}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{398D42AD-DF92-472D-B9FD-0EDD4FD9DFF6}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{98D6F8EE-DDD0-4D72-BBFB-D2DEAFB10391}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{AB813612-E0D6-4BB5-A6F9-38C05526C638}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{B8790AE5-6771-48C6-8807-99D7561ACB33}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{28F15663-32A6-40C1-9C4A-CF6B140A6686}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{E160084A-EE00-4C0F-B427-7A525228AB64}"= UDP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe:Sid Meier's Civilization IV Colonization
"{87C8F97B-6236-48D2-A7FF-AD9EAF67781B}"= TCP:c:\program files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe:Sid Meier's Civilization IV Colonization

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-17 111184]
R1 ElRawDisk;ElRawDisk;\??\c:\windows\system32\drivers\elrawdsk.sys [2008-12-17 12800]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-17 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-12-17 51792]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-12-17 596336]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-12-17 596336]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-12-16 809296]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09cb9db7-9cbf-11dd-9918-001e8c086659}]
\shell\AutoRun\command - F:\SETUP.EXE /AUTORUN
\shell\configure\command - F:\SETUP.EXE
\shell\install\command - F:\SETUP.EXE
.
Contents of the 'Scheduled Tasks' folder

2008-12-22 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\users\Slappy\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-08 00:10]

2008-12-22 c:\windows\Tasks\User_Feed_Synchronization-{576C7960-43F1-4EEF-BD60-944908F3CAA5}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 18:33]
.
- - - - ORPHANS REMOVED - - - -

BHO-{7DA0C4CD-92CE-368F-8578-37FF8904BF1B} - c:\windows\system32\xwr65570.dll
HKCU-Run-AdobeBridge - (no file)


.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 08:44:38
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-23 8:48:32
ComboFix-quarantined-files.txt 2008-12-22 21:48:30

Pre-Run: 130,834,657,280 bytes free
Post-Run: 130,883,100,672 bytes free

370 --- E O F --- 2008-12-11 12:12:03
tdsal2
Active Member
 
Posts: 5
Joined: December 15th, 2008, 11:10 pm

Re: DNS Redirect - unable to get rid of it.

Unread postby Carolyn » December 22nd, 2008, 3:13 pm

Hi,

Remove Poker programs
From your log I can see you've installed poker programs. A lot of poker programs are infected/can infect you with malware.
I would advise you to go to start > control panel > programs and features and uninstall your poker programs.

Here are links to some poker sites regarded as safe for your reference.
1. http://www.pokerstars.net/ - This is a free to use/play site with play money.
2. http://www.pokerstars.com/ - This is a free to use/play site with play money and real money.

----------------------------------------------------------

With reference to Malware Removal P2P Programs Policy, please uninstall the following programs before we continue:

  1. Click on Start > Control Panel and double click on Programs and Features.
  2. Locate µTorrent and click on the Uninstall button to uninstall it.
  3. Repeat for any other P2P programs that you have installed on your computer.
  4. Close Control Panel when done.

Please make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Right click on HijackThis and click Run as administrator
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.

----------------------------------------------------------

Please post the Uninstall List along with a fresh HijackThis log.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: DNS Redirect - unable to get rid of it.

Unread postby tdsal2 » December 22nd, 2008, 5:26 pm

Hi
Have uninstalled utorrent and two of the three poker programs. Have kept PKR as I've been an affiliate for over a year and the software is direct from their site. I had to use Revo Uninstalled to get rid of utorrent.

The last step you made me do has stopped the redirects - so good sign :) Thankyou!! Here are the logs you reqeusted.


2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Acrobat.com
Active@ UNDELETE 7
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 7.0.8
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AllWebMenus PRO 5.1.744
Apple Mobile Device Support
Apple Software Update
ASUSUpdate
avast! Antivirus
Bonjour
Call of Duty(R) 4 - Modern Warfare(TM)
Command & Conquer 3
Command & Conquer™ 3: Kane's Wrath
Connect
Far Cry 2
FileZilla (remove only)
FlashyEffects 1.3
Free PDF Converter
Gears of War
GetRight
Handy Backup 5.4.6
Heroes of Might and Magic V
HijackThis 2.0.2
homeview
HP Smart Web Printing
iolo technologies' System Mechanic Professional
iTunes
Java(TM) 6 Update 7
kuler
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia Flash MX 2004
Madeline Rainy Day Activities
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 1.1 SP1 with KB886903 Hotfix
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 1 (SP1)
Microsoft Office Project 2007 Service Pack 1 (SP1)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Nero 8
neroxml
Notepad++
NVIDIA Drivers
NVIDIA PhysX v8.09.04
Oracle IRM Desktop 5.5.9 10gR3 PR4
PDF Settings CS4
Photoshop Camera Raw
PKR
PunkBuster Services
QuickTime
Reader Rabbit's(R) Math Ages 6 - 9
Revo Uninstaller 1.75
Samsung Media Studio 5
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB955936)
Security Update for Microsoft Office Excel 2007 (KB955470)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Word 2007 (KB950113)
Sid Meier's Civilization IV Colonization
Spybot - Search & Destroy
SpywareGuard v2.2
Suite Shared Configuration CS4
System Requirements Lab
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Project 2007 Help (KB957248)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb957829)
VLC media player 0.9.2
Windows Driver Package - NETGEAR Inc. (RTL8187) Net (02/07/2007 6.1283.0207.2007)
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
WinRAR archiver




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:28:40, on 12/24/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Slappy\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Novosoft\Handy Backup\hbagent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\sdclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7DA0C4CD-92CE-368F-8578-37FF8904BF1B} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [sealmon.exe] C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Slappy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Handy Backup 5.4] C:\Program Files\Novosoft\Handy Backup\hbagent.exe -logon
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www4.snapfish.com.au/SnapfishActivia.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDow ... rtScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: hblogon - C:\Windows\SYSTEM32\hblogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 9181 bytes
tdsal2
Active Member
 
Posts: 5
Joined: December 15th, 2008, 11:10 pm

Re: DNS Redirect - unable to get rid of it.

Unread postby Carolyn » December 24th, 2008, 3:48 pm

Hi,

Please download ATF cleaner
Make sure that all browser windows are closed.
    Right-click ATF-Cleaner.exe and select Run as administrator to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it.

Go to Kaspersky website and perform an online antivirus scan. Please use Internet Explorer as it uses ActiveX.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.


Please post the Kaspersky log, a fresh HijackThis log and a description of how your computer is behaving.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: DNS Redirect - unable to get rid of it.

Unread postby NonSuch » December 30th, 2008, 2:26 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27304
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 19 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware