At a loss

View previous topic View next topic Go down

Solved At a loss

Post by ronekind on Sat Jan 17, 2009 10:58 pm

I don't know whats going on I dont' know if its that Troj/Rustok-N or if I am am just screwed up form the floor up. I also cant download the Windows updates either. Thanks ahead of time fro your help.

Here is the log file


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:14 PM, on 1/17/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\Sunbelt Software\CounterSpy\sbamui.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-178497695-4110053744-1182905742-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Siri')
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.37,85.255.112.38
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.37,85.255.112.38
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5638 bytes

ronekind
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-01-17
OS OS : Windows Vista 32 bit
Points Points : 28800
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: At a loss

Post by Belahzur on Sat Jan 17, 2009 11:05 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.37,85.255.112.38
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.37,85.255.112.38


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: At a loss

Post by ronekind on Sat Jan 17, 2009 11:40 pm

Here is the log you requested I post



Malwarebytes' Anti-Malware 1.33
Database version: 1663
Windows 6.0.6001 Service Pack 1

1/17/2009 4:28:47 PM
mbam-log-2009-01-17 (16-28-47).txt

Scan type: Quick Scan
Objects scanned: 47871
Time elapsed: 7 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.37,85.255.112.38 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.37,85.255.112.38 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.37,85.255.112.38 -> Quarantined and deleted successfully.


Folders Infected:
C:\Program Files\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\totalvid\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\totalvid\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\msqpdxgqeydvvd.sys (Trojan.Agent) -> Quarantined and deleted successfully.

ronekind
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-01-17
OS OS : Windows Vista 32 bit
Points Points : 28800
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: At a loss

Post by Belahzur on Sat Jan 17, 2009 11:41 pm

Okay, lets see what's left.


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Right click DDS.scr > Run as administrator to run it.
  • When complete, DDS.txt will open.
  • Click No for Optional Scan.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: At a loss

Post by ronekind on Sat Jan 17, 2009 11:56 pm

again here is the text you requested




DDS (Ver_09-01-07.01) - NTFSx86
Run by Josh at 16:53:30.21 on Sat 01/17/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2047.1181 [GMT -7:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Josh\Downloads\dds.pif

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SBAMTray] c:\program files\sunbelt software\counterspy\SBAMTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\josh\appdata\roaming\mozilla\firefox\profiles\1ms09rkm.default\

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-14 111184]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-14 20560]
R4 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-1-14 51792]
R4 SBAMSvc;CounterSpy Antispyware;c:\program files\sunbelt software\counterspy\SBAMSvc.exe [2008-10-28 886056]
R4 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2008-9-12 69168]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2008-10-23 92464]

=============== Created Last 30 ================

2009-01-17 16:19 --d----- c:\users\josh\appdata\roaming\Malwarebytes
2009-01-17 16:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-17 16:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-17 16:19 --d----- c:\programdata\Malwarebytes
2009-01-17 16:19 --d----- c:\progra~2\Malwarebytes
2009-01-17 16:19 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-17 15:27 0 a------- c:\windows\system32\SBRC.dat
2009-01-17 15:21 --d----- c:\users\josh\appdata\roaming\Sunbelt
2009-01-17 15:21 --d----- c:\programdata\Sunbelt
2009-01-17 15:21 --d----- c:\progra~2\Sunbelt
2009-01-17 15:20 --d----- c:\program files\Sunbelt Software
2009-01-17 15:19 --d----- c:\program files\Trend Micro
2009-01-17 14:31 a-d----- c:\programdata\TEMP
2009-01-17 02:05 182,147,907 a------- c:\windows\MEMORY.DMP
2009-01-14 16:07 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-01-14 16:07 499,712 a------- c:\windows\system32\MSVCP71.dll
2009-01-14 16:07 348,160 a------- c:\windows\system32\MSVCR71.dll
2009-01-14 16:07 51,792 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-01-05 22:03 --d----- c:\programdata\Adobe
2009-01-05 21:49 --d----- c:\programdata\NOS
2008-12-31 16:00 30,512 a------- c:\windows\system32\mdimon.dll
2008-12-31 15:59 32,592 a------- c:\windows\system32\msonpmon.dll
2008-12-31 15:55 --d----- c:\windows\PCHEALTH
2008-12-31 15:50 --d----- c:\programdata\Microsoft Help
2008-12-30 23:59 --d----- c:\program files\common files\Steam
2008-12-30 23:59 --d----- c:\program files\Steam
2008-12-29 08:15 --d----- c:\programdata\Symantec
2008-12-29 08:15 --d----- c:\progra~2\Symantec
2008-12-28 18:30 --d----- c:\programdata\Norton
2008-12-28 18:30 --d----- c:\progra~2\Norton
2008-12-28 18:30 --d----- c:\programdata\NortonInstaller
2008-12-28 18:30 --d----- c:\progra~2\NortonInstaller
2008-12-21 18:51 --d----- c:\programdata\Yahoo!
2008-12-21 18:51 --d----- c:\program files\Yahoo!
2008-12-21 18:46 --d----- c:\program files\Bonjour
2008-12-21 03:41 --d----- c:\users\Josh

==================== Find3M ====================

2009-01-14 18:32 86,016 a------- c:\windows\inf\infstrng.dat
2009-01-14 18:32 86,016 a------- c:\windows\inf\infstor.dat
2009-01-14 18:32 51,200 a------- c:\windows\inf\infpub.dat
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-11-22 10:21 174 a--sh--- c:\program files\desktop.ini
2008-11-22 10:14 665,600 a------- c:\windows\inf\drvindex.dat
2008-11-22 03:39 101,888 a------- c:\windows\system32\ifxcardm.dll
2008-11-22 03:39 82,432 a------- c:\windows\system32\axaltocm.dll
2008-11-16 13:14 269,312 a------- c:\windows\system32\es.dll
2008-11-16 13:13 6,656 a------- c:\windows\system32\kbd106n.dll
2008-11-16 13:13 988,216 a------- c:\windows\system32\winload.exe
2008-11-16 13:13 927,288 a------- c:\windows\system32\winresume.exe
2008-11-16 13:13 378,368 a------- c:\windows\system32\srcore.dll
2008-11-16 13:13 318,464 a------- c:\windows\system32\rstrui.exe
2008-11-16 13:13 46,592 a------- c:\windows\system32\setbcdlocale.dll
2008-11-16 13:13 40,960 a------- c:\windows\system32\srclient.dll
2008-11-16 13:13 19,000 a------- c:\windows\system32\kd1394.dll
2008-11-16 13:13 14,848 a------- c:\windows\system32\srdelayed.exe
2008-11-16 13:13 615,992 a------- c:\windows\system32\ci.dll
2008-11-15 03:33 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2008-11-15 03:33 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2008-11-15 03:33 272,896 a------- c:\windows\system32\polstore.dll
2008-11-15 03:33 61,440 a------- c:\windows\system32\winipsec.dll
2008-11-15 03:32 2,560 a------- c:\windows\apppatch\AcRes.dll
2008-11-15 03:32 1,695,744 a------- c:\windows\system32\gameux.dll
2008-11-15 03:23 303,616 a------- c:\windows\system32\wmpeffects.dll
2008-11-15 03:22 2,032,640 a------- c:\windows\system32\win32k.sys
2008-11-15 03:21 1,191,936 a------- c:\windows\system32\msxml3.dll
2008-11-15 03:21 2,048 a------- c:\windows\system32\msxml3r.dll
2008-11-15 03:13 443,392 a------- c:\windows\system32\win32spl.dll
2008-11-15 03:13 37,888 a------- c:\windows\system32\printcom.dll
2008-11-15 03:12 14,848 a------- c:\windows\system32\wshrm.dll
2008-11-15 03:10 738,304 a------- c:\windows\system32\inetcomm.dll
2008-11-15 03:10 84,480 a------- c:\windows\system32\INETRES.dll
2008-11-15 03:09 1,314,816 a------- c:\windows\system32\quartz.dll
2008-11-15 03:05 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2008-11-15 03:05 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2008-11-15 03:05 1,334,272 a------- c:\windows\system32\msxml6.dll
2008-11-15 03:05 2,048 a------- c:\windows\system32\msxml6r.dll
2008-10-31 20:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-10-31 20:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-10-31 20:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-10-31 20:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-10-31 20:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-10-31 20:44 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-10-31 18:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-10-28 23:29 2,927,104 a------- c:\windows\explorer.exe
2008-10-28 16:28 65,320 a------- c:\windows\system32\sbbd.exe
2008-10-21 20:57 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-10-21 18:22 2,048 a------- c:\windows\system32\tzres.dll
2008-10-20 22:25 296,960 a------- c:\windows\system32\gdi32.dll
2008-10-20 22:25 1,645,568 a------- c:\windows\system32\connect.dll
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 16:54:18.29 ===============

ronekind
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-01-17
OS OS : Windows Vista 32 bit
Points Points : 28800
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: At a loss

Post by Belahzur on Sun Jan 18, 2009 12:01 am

Looks okay, what problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: At a loss

Post by ronekind on Sun Jan 18, 2009 12:11 am

Just checked and I was able to download all my windows updates. What did I have? Why was it not allowing me to download the updates? I will complete the feedback form and thanks so much for your help. JMR

ronekind
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-01-17
OS OS : Windows Vista 32 bit
Points Points : 28800
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: At a loss

Post by Belahzur on Sun Jan 18, 2009 12:16 am

It was a DNS hijacker, if you see them items you fixed in HJT, the IP: 85.255.*.*

That IP will trace back to Ukraine where the guys who do this are, and I know what your thinking, go there and find them.
Not so easy, Ukraine isn't part of the united nations, so the law doesn't effect them, they get away with it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: At a loss

Post by ronekind on Sun Jan 18, 2009 12:18 am

Damn commies....err former commies? Thanks again for all your help. JMR

ronekind
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-01-17
OS OS : Windows Vista 32 bit
Points Points : 28800
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: At a loss

Post by ronekind on Sun Jan 18, 2009 12:19 am

I cant seem to mark it as solved.

ronekind
Novice
Novice

Posts Posts : 6
Joined Joined : 2009-01-17
OS OS : Windows Vista 32 bit
Points Points : 28800
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: At a loss

Post by Belahzur on Sun Jan 18, 2009 12:21 am

Haha, sorry. You need mod powers to mark it as solved.
I'll do it now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: At a loss

Post by Doctor Inferno on Sat Apr 18, 2009 10:59 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104600
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum