Here are my HJT and DNSCheck logs. The DNSCheck log looks pretty rough.
And yes, I am using a router now and problem seemed to start as soon as I switched to using this router.
Logfile of HijackThis v1.99.1
Scan saved at 00:52:53, on 12/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\1188025937\ee\aolsoftware.exe
C:\Documents and Settings\Owner\My Documents\Ballin.exe <---- just to be clear this is HJT, just renamed
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2559D161-CD70-4D64-AE5B-1772A8733870}: NameServer = 85.255.113.149;85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{834A2B7D-55DC-49DC-AD50-399B68207408}: NameServer = 85.255.113.149;85.255.112.218
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.149;85.255.112.218
O17 - HKLM\System\CS1\Services\Tcpip\..\{2559D161-CD70-4D64-AE5B-1772A8733870}: NameServer = 85.255.113.149;85.255.112.218
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.149;85.255.112.218
O17 - HKLM\System\CS2\Services\Tcpip\..\{2559D161-CD70-4D64-AE5B-1772A8733870}: NameServer = 85.255.113.149;85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.149;85.255.112.218
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
________________________________________________________________________
DNSCheck v.0.8.15
Checking No-Exist Redirector
Fake name: ouwkokffwahsddixryul.com
127.0.0.1: NSLOOKUP.EXE reverse resolution failed. Failing over to local DNS.
Resolves to: localhost -- HIJACKED!
Checking site: google.com
DNSAPI and NSLOOKUP are not in agreement. -- HIJACKED!
NSLOOKUP returns:
127.0.0.1: NSLOOKUP.EXE reverse resolution failed. Failing over to local DNS.
Resolves to: localhost -- HIJACKED!
DNSAPI returns:
209.85.171.100: resolves to cg-in-f100.google.com -- OK!
72.14.205.100: resolves to qb-in-f100.google.com -- OK!
74.125.45.100: resolves to yx-in-f100.google.com -- OK!
Checking site: yahoo.com
DNSAPI and NSLOOKUP are not in agreement. -- HIJACKED!
NSLOOKUP returns:
127.0.0.1: NSLOOKUP.EXE reverse resolution failed. Failing over to local DNS.
Resolves to: localhost -- HIJACKED!
DNSAPI returns:
206.190.60.37: resolves to w2.rc.vip.re4.yahoo.com -- OK!
68.180.206.184: resolves to w2.rc.vip.sp1.yahoo.com -- OK!
Checking site: bleepingcomputer.com
DNSAPI and NSLOOKUP are not in agreement. -- HIJACKED!
NSLOOKUP returns:
127.0.0.1: NSLOOKUP.EXE reverse resolution failed. Failing over to local DNS.
Resolves to: localhost -- HIJACKED!
DNSAPI returns:
208.43.87.2: resolves to http://www.bleepingcomputer.com -- OK!
Checking site: geekstogo.com
DNSAPI and NSLOOKUP are not in agreement. -- HIJACKED!
NSLOOKUP returns:
127.0.0.1: NSLOOKUP.EXE reverse resolution failed. Failing over to local DNS.
Resolves to: localhost -- HIJACKED!
DNSAPI returns:
208.43.44.138: resolves to geek15.geekstogo.com -- OK!
Checking site: malwarebytes.org
DNSAPI and NSLOOKUP are not in agreement. -- HIJACKED!
NSLOOKUP returns:
127.0.0.1: NSLOOKUP.EXE reverse resolution failed. Failing over to local DNS.
Resolves to: localhost -- HIJACKED!
DNSAPI returns:
69.162.79.74: resolves to alpha.malwarebytes.org -- OK!
Any help would be awesome, it'd be nice to have my computer back to normal
Thank you,
----Patrick