[Radical1]

Have had this problem on my laptop for quite a while. I've searched all over the internet trying to find a solution.

It redirects from all search engines in all browsers.

It won't let me run or install malwarebytes

Won't let me run Hijackthis.

Won't let me system restore

Won't System update windows.

HELP!

[Rorschach112]

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them
  
  Click me
  
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

[Radical1]

When I double click the combofix icon nothing seems to happen. or I get a "combofix.exe" has stopped working error

[Rorschach112]

rename it to svchost.com and run it in safe mode

[Radical1]

Now it won't let me open any browsers. It says "Illegal operation attempted on a registry key that has been marked for deletion"

ComboFix 10-04-18.04 - Jay 04/19/2010 15:10:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3002.1920 [GMT -4:00]
Running from: c:\users\Jay\Desktop\svchost.com.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2819002435-850761837-2018973860-500
c:\$recycle.bin\S-1-5-21-483253244-3111040671-1562491984-500
C:\autorun.inf
c:\programdata\Microsoft\Windows\Start Menu\Programs\UNICCodec
c:\programdata\Microsoft\Windows\Start Menu\Programs\UNICCodec\Uninstall.lnk
c:\users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UNICCodec
c:\windows\system32\bszip.dll
c:\windows\system32\drivers\gxvxcmoxprucsnxxrvdqwipvvisccblmofnwe.sys
c:\windows\system32\drivers\gxvxcqqfrbntvqkpeicreqppsetxoypkpwdwi.sys
c:\windows\system32\gxvxccount
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcesmhhptopjcexwdmbvpkneqwbipfailp.dll
c:\windows\system32\gxvxcifjmuakmtiyiirtmyupledrbgppldjpq.dll
c:\windows\system32\gxvxcvesidcbrivvyrvrkqwppwvtsydmhxeii.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_gxvxcserv.sys
-------\Service_gxvxcserv.sys


((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))
.

2010-04-19 19:21 . 2010-04-19 19:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-19 18:58 . 2010-04-19 19:03 -------- d-----w- C:\svchost.com
2010-04-19 18:16 . 2010-04-19 18:16 -------- d-----w- c:\program files\TrendMicro
2010-04-19 15:05 . 2010-04-19 15:05 -------- d-----w- c:\users\Jay\AppData\Local\MigWiz
2010-04-19 00:50 . 2010-04-19 00:50 -------- dc-h--w- c:\programdata\{62ACEB02-750C-4D39-AF22-57045DAA99A9}
2010-04-19 00:50 . 2010-04-19 00:50 -------- d-----w- c:\program files\DynamicMedia
2010-04-19 00:50 . 2010-04-19 00:50 -------- d-----w- c:\users\Jay\AppData\Local\PackageAware
2010-04-15 00:22 . 2010-04-15 00:22 -------- d-----w- c:\users\Jay\AppData\Roaming\Intuit
2010-04-15 00:22 . 2010-04-15 00:22 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2010-04-15 00:19 . 2010-04-15 00:19 -------- d-----w- c:\users\Jay\AppData\Local\IsolatedStorage
2010-04-15 00:18 . 2010-04-15 02:10 -------- d-----w- c:\program files\TurboTax
2010-03-31 01:21 . 2010-04-17 18:27 -------- d-----w- c:\users\Public\Photos for Work
2010-03-29 21:28 . 2010-03-31 03:31 -------- d-----w- c:\users\Public\SpeedZone

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 18:51 . 2009-03-27 03:31 -------- d-----w- c:\programdata\Lavasoft
2010-04-19 18:22 . 2009-03-27 04:33 6648 ----a-w- c:\users\Jay\AppData\Local\d3d9caps.dat
2010-04-18 21:36 . 2009-03-03 02:19 5642 --sha-w- c:\programdata\KGyGaAvL.sys
2010-04-18 21:36 . 2009-12-29 00:20 88 --sh--r- c:\programdata\45A5CD2D26.sys
2010-04-17 18:59 . 2009-03-02 23:17 -------- d-----w- c:\users\Jay\AppData\Roaming\uTorrent
2010-04-15 00:24 . 2009-03-03 04:34 620728 ----a-w- c:\users\Jay\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-15 00:20 . 2009-05-06 17:22 -------- d-----w- c:\programdata\Intuit
2010-04-15 00:19 . 2009-05-06 17:22 -------- d-----w- c:\program files\Common Files\Intuit
2010-02-21 20:12 . 2010-02-21 19:57 -------- d-----w- c:\programdata\SQL Anywhere 11
2010-02-21 20:06 . 2010-02-21 20:06 -------- d-----w- c:\programdata\ScanSoft
2010-02-21 20:01 . 2009-05-06 17:22 -------- d-----w- c:\program files\Intuit
2010-02-21 19:57 . 2010-02-21 19:57 -------- d-----w- c:\programdata\Nuance
2010-02-21 19:57 . 2010-02-21 19:57 -------- d-----w- c:\programdata\COMMON FILES
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-10-23 10:05 . 2008-10-23 09:55 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2009-12-19 1824040]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-10 145944]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"PP8 SE Reminder"="c:\program files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" [2002-10-28 57344]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-25 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-29 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-11-26 1087752]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Brother SmartUI PopUp.lnk - c:\program files\Scansoft\PaperPort\PopUp\SmartUI.exe [2009-9-25 368640]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-12-8 1153824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-04-11 c:\windows\Tasks\HPCeeScheduleForJay.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]

2010-04-19 c:\windows\Tasks\User_Feed_Synchronization-{C6F72FB3-586A-4B45-8651-8709224D2BC5}.job
- c:\windows\system32\msfeedssync.exe [2009-09-15 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: intuit.com\ttlc
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\p9c98q2d.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Jay\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Jay\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\Jay\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\p9c98q2d.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Aim6 - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 15:25
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2010-04-19 15:36:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-19 19:36

Pre-Run: 76,095,062,016 bytes free
Post-Run: 81,003,397,120 bytes free

- - End Of File - - 3C383C64672BFCFED292555BFFBED778

[Rorschach112]

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click GMER.exe.
  
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
    
  • Drives/Partition other than Systemdrive (typically C:\)
    
  • Show All (don't miss this one)
    
    Click the image to enlarge it
  
  
• Then click the Scan button & wait for it to finish.
  
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  
• Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

[Radical1]

Now, I can't run any software. It says "Illegal operation attempted on a registry key marked for deletion"

[Rorschach112]

reboot the machine and then try gmer

[Radical1]

tried gmer countless times made sure all other programs were closed and that nothing would interupt it. each time it ended up locking up. And even blue screened once.

[Radical1]

Got it to work.

Attached File(s)

•  ark.txt (452.64K)
  Number of downloads: 110

[Rorschach112]

Download TFC to your desktop

• Open the file and close any other windows.
  
• It will close all programs itself when run, make sure to let it run uninterrupted.
  
• Click the Start button to begin the process. The program should not take long to finish its job
  
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
  
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  
• When the downloads have finished, click on Settings.
  
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
  
  
• Click on My Computer under Scan.
  
• Once the scan is complete, it will display the results. Click on View Scan Report.
  
• You will see a list of infected items there. Click on Save Report As....
  
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

[Radical1]

** I couldn't get the kaspersky website to download the proper databases **

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4023

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

4/22/2010 8:38:28 PM
mbam-log-2010-04-22 (20-38-28).txt

Scan type: Quick scan
Objects scanned: 113038
Time elapsed: 5 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.166.105 93.188.161.105 1.2.3.4 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9083bae6-93c1-43de-a5d0-fe3d0fc23e0b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.166.105 93.188.161.105 1.2.3.4 -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Rorschach112]

* Go here to run an online scannner from ESET.

• Note: You will need to use Internet explorer for this scan
  
• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the activex control to install
  
• Click Start
  
• Check next options: Remove found threats and Scan unwanted applications.
  
• Click Scan
  
• Wait for the scan to finish
  
• Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  
• Copy and paste that log as a reply to this topic

[Rorschach112]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.