Suspected DNS Poisoning (Help Please)
Dear Microsoft, I need your help. I had recently downloaded ErrorFix unknowingly that it was a Rogue Program because it had a high rating in McAfee's SiteAdvisor and had used Malwarebytes' AntiMalware to remove it after realising that it was a rogue program. After I removed it, I went to check my DNS Resolver Cache. It came up websites which seem to be malicious. I managed to copy some of the addresses using a Screen Recording Software. These are the information that appeared on the DNS Cache list. Also, there were several porn sites in there. I flushed my DNS Resolver Cache Frequently but it still came back. Here is the list of websites suspected to be malicious www.rrepubblica.it www.rootago.com www.powereuroprime.net porno-codec.com www.porndatez.info panda-hq.com www.online-new--daily.org flirttipps.de www.ocslab.com mydailyaap28.com moviedownloadworld.com mountfab.ru megapornix.com malvorlagen.de luxbonuscasinos.net www.klitepro.com keratomir.biz jede-frau-abschleppen.de hugeporn4u.net www.xxokoriq.com www.webslots2009.com virgiio.it virdgilio.it www.sitestickets.net theoffice.downloads-free.us www.theveganprince.com truth-is-out-there.org tuttoavolonta.com www.upgrade-soft-ware-now.com vazanvl.cn vidaaccess.net viewimageonline.com www.websoft.codedriver.com winlivechat.com www-free-tunes.com xpasswordmanager.com yim-stop.com www.yohovff.cn zxlinks.com 4repubblica.it www.5iscali.it www.tuttograatis.it www.theworldaccordingtoash.com smart-antivirus2008buy.com sexmultis.info www.searchfromyourbrowser.net www.paraisotam.com www.paginegialler.it p2p-paradies.com liberok.it www.lehrstellen-infos.de internet-optimizer.com www.pruefung.beginnen.net www.plibero.it mydailyaap01.com www.mediaactivex.com www.malware-scanner.com directpharmbase.com digitword.com www.corrieref.it casinokingdice.net bluestateing.com blackcodec.com adsonwww.com adsextend.net tattoo-motive2008.de tabnoland.ru suopereva.it www.smutgates.com www.searchdom.net katawerb.it kaquvytpe.com jhzjyj.bigwww.com frrari.it www.flwview.com flwsolution.com dice-game.net www.coqayen.cn coldbut.ru www.ace-webmaster.com 88vcd.com www.1-domains.registrations.com worldvegasplay.net winddefender-2009.com thosebread.ru spywarestrike.com spycut.com referate-finden.com httpwwwads.com www.harddrevvagt.com www.errari.it www.e--online--daily.com topneighbor.com casinobonny.net antivirus-2008-pro.com www.antispywarexp.com antispyware2008.name buhartes.info win-vip-club.net wimapat.cn ujporn7.info ujnsex.info topsitez.us spyaxesupport.com sgrunt.biz sexy18.cc qaz-codec.net codec.net www.onj2me.info www.oemsoftwareshop.net newlife-labjolla.com meshalynn.com www.meine-wunderbare-katze.com www.mega-adult.com libdero.it lib4ro.it kayaweb.it formatmpeg.com vwdqwnmwk.cn www.findsparkling.org clubcasinobonus.net www.bigcodecadult2008.com baptogbyog.com antispywork.com www.accessvid.net 7939.com edgestorm.net 500sex.info 3xclipsonline.com www.sexy-models.net www.yohovff.cn wim-stop.com xpasswordmanager.com sitestickets.net slifporn.info Also, my cousin had recently used my computer to surf porn sites while I was out. Please help me to get rid of the DNS Cache Poisoning. Also, I would like to know if by doing a system restore get rid of the DNS Cache Poisoning. Thanks.
April 29th, 2011 1:02pm

Hello, perform a restore operation using a restore point that dates before the install of the malware program and check if all is okay or not. This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Free Windows Admin Tool Kit Click here and download it now
April 29th, 2011 1:30pm

Hi, Thanks for posting in Microsoft TechNet forums. If there is any antivirus installed, I suggest we perform the following steps to protect the system: Step 1: Update the definition file for the antivirus program. If you do not have an antivirus program installed, I would suggest install Microsoft Security Essentials to protect the system from being infected with virus. Step 2: Disable and Enable System Restore to clear the virus permanently. Many viruses infect restore points. In order to clear the infected files permanently, we should clear the restore points. Please use the steps below to do so: 1. Click "Start, input "SYSDM.CPL" (without quotation marks) and press "Enter". 2. On the "System Protection" tab, click to turn off System Restore on all drives, and click "OK". 3. Please repeat the above steps to enable System Restore again. Step 3:Boot your computer into Safe Mode and then run your antivirus software on your computer to scan for and remove any possible Virus and Malware infections. 1. Restart the computer. 2. Keep pressing the F8 key until the Windows Startup menu appears. 3. Choose "Safe Mode", and press "Enter". 4. Run the computer in Safe Mode. 5. Start your antivirus program and scan the system in Safe Mode. Step 4: Scan for virus in Safe Mode with Networking Note: If you are using a cable modem or home LAN connection, please start from item 1 below. If not, please skip items 1~3 and go to item 4 directly. 1. Restart the computer. 2. After "POST" (the Power On Self Test usually has a text mode screen at the beginning when a system boots up), keep pressing the F8 key until the Windows Startup menu appears. 3. Choose "Safe Mode with Networking" and press Enter. 4. Please open Internet Explorer and visit http://safety.live.com 5. Please click the "Full Service Scan" button and follow the instructions on screen to scan for viruses on the computer. Please check if you can remove the Trojan now. Best Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
May 4th, 2011 1:09pm

Hi, randomperson_456 was also created by me, and I created this account because I forgot the password on this account but has since retrieve it back. Please reply to this post in future. I ran a Full Scan using Malwarebytes' Anti-Malware and they found no threats. Here's the log - Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6517 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 9.0.8112.16421 6/5/2011 4:50:18 PM mbam-log-2011-05-06 (16-50-18).txt Scan type: Full scan (C:\|D:\|E:\|) Objects scanned: 309354 Time elapsed: 46 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) As for the Microsoft Safety Scanner, I can't connect to the Internet in Safe Mode in Networking. I am using a Dial-up modem to connect to the internet, called Mobile Broadband Modem from Huawei Technologies. It says "Connection Terminated" so I went back to Normal Mode to download the Scanner and ran it in Safe Mode. And the following result says - The scan completed successfully and no viruses, spyware, and other potentially unwanted software were detected. But my DNS Resolver Cache is still poisoned. What should I do?
Free Windows Admin Tool Kit Click here and download it now
May 6th, 2011 3:03pm

Hi, We can use hijackthis to help us troubleshoot the issue. 1. Please download the Internet Explorer analyzer HijackThis from the following link: http://www.techspot.com/download317.html Please Note: The third-party product discussed here is manufactured by a company that is independent of Microsoft. We make no warranty, implied or otherwise, regarding this product's performance or reliability. 2. Save the zip file to your Desktop. 3. Right-click the zip file, choose "Extract All", select the path to save the file (you may leave it as the default value), and then you will receive the extracted file. 4. Double click the extracted file to run HiJackThis. (Note: If there is a notification message, please click OK.) 5. In the HijackThis window, click "Do a system scan and save a log file". (Note: If there is a notification message, please click OK.) 6. HijackThis will scan the system and generate a log file in Notepad. 7. On the log file menu, please click File and choose Save As. Please save the file to the Desktop. 8. Please copy and post the file content. Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
May 9th, 2011 5:35am

Hi, There isn't a button to attach files, so I used copy and paste. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:02:46 PM, on 9/5/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\System32\igfxpers.exe C:\Program Files\IObit\IObit Security 360\is360tray.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\Acc\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Mobile Broadband Modem\Mobile Broadband Modem.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Users\Acc\AppData\Local\Google\Update\1.3.21.53\GoogleCrashHandler.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\IObit\IObit Security 360\is360.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\Acc\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\Acc\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Acc\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Acc\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Acc\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Users\Acc\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Iobit\Advanced SystemCare 4\Suc12_Uninstaller.exe C:\Users\Acc\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Acc\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Acc\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe C:\Users\Acc\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\rundll32.exe C:\Users\Acc\AppData\Local\Google\Chrome\Application\chrome.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=81&bd=Presario&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=81&bd=Presario&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://sg.search.yahoo.com/search?fr=mcafee&p=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O1 - Hosts: ::1 localhost O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [rstrui.exe] C:\WINDOWS\System32\rstrui.exe O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe" /m O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-4037726902-3923505747-165423213-1005\..\Run: [Google Update] "C:\Users\Acc\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User 'Acc') O4 - S-1-5-21-4037726902-3923505747-165423213-1005 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Acc') O4 - S-1-5-21-4037726902-3923505747-165423213-1005 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Acc') O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://www.eset.com.sg/softdown/files/OnlineScanner.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2FCC230D-E8E3-4E20-9B55-B9BB8244B15A}: NameServer = 203.116.1.94 203.116.254.150 O17 - HKLM\System\CS1\Services\Tcpip\..\{2FCC230D-E8E3-4E20-9B55-B9BB8244B15A}: NameServer = 203.116.1.94 203.116.254.150 O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file) O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files\Stardock\ObjectDockFree\ODMenu.dll (file missing) O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.199\McCHSvc.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\System32\ZoneLabs\vsmon.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10646 bytes *========================================================EDIT========================================================* Hi, can you read this - http://news.cnet.com/8301-1009_3-9998625-83.html Is this a DNS Cache Poisoning Test? And is it reliable? There are 2 website to test whether your DNS system is vulnerable. I have run the test in DNS Operations, Analysis, and Research Center and they found nothing but my problem is not solved, However, I can't find the test in Dan Kaminsky Website. Dan Kaminsky was the person who discovered DNS Cache Poisoning. And this - http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx They said it was included in Windows Update, but I did not receive it. I found this on the internet - http://www.ehow.com/how_6301824_fix-dns-cache-windows-vista.html The steps are 1. Open "Start" and type "cmd" in the "Search" box. 2. Press "Enter" to display a DOS prompt. 3. Type "ipconfig /release" and press "Enter," flushing your DNS cache information. 4. Type "ipconfig /renew" and press "Enter," reconfiguring the cache. But I get the following Errors (3 of them) (1st) No operation can be performed on Local Area Connection* 15 while it has its media disconnected. (2nd) No operation can be performed on Wireless Network Connection while it has its media disconnected. (3rd) No operation can be performed on Local Area Connection while it has its media disconnected.
Free Windows Admin Tool Kit Click here and download it now
May 9th, 2011 12:15pm

Hi, We can use hijackthis to help us troubleshoot the issue. 1. Please download the Internet Explorer analyzer HijackThis from the following link: http://www.techspot.com/download317.html Please Note: The third-party product discussed here is manufactured by a company that is independent of Microsoft. We make no warranty, implied or otherwise, regarding this product's performance or reliability. 2. Save the zip file to your Desktop. 3. Right-click the zip file, choose "Extract All", select the path to save the file (you may leave it as the default value), and then you will receive the extracted file. 4. Double click the extracted file to run HiJackThis. (Note: If there is a notification message, please click OK.) 5. In the HijackThis window, click "Do a system scan and save a log file". (Note: If there is a notification message, please click OK.) 6. HijackThis will scan the system and generate a log file in Notepad. 7. On the log file menu, please click File and choose Save As. Please save the file to the Desktop. 8. Please copy and post the file content. It has been 13days (Almost 2 weeks) since i replied to your post earlier. Are you people looking into it or simply forgot about my post? I had 5 replies from Malwarebytes Forum and 3 replies in TechNet Forum. Here's an Animated GIF Image of what's inside my DNS Resolver Cache - http://forums.malwarebytes.org/uploads/monthly_05_2011/post-78746-0-61161900-1306063950.gif
May 22nd, 2011 2:53pm

Hi, Thank you very much for providing the HiJackThis log file. After analyzing the HiJackThis log file you provided, I recommend we remove the following suspicious items in HiJackThis program to see if our issue can be resolved. R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://sg.search.yahoo.com/search?fr=mcafee&p=%s O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O4 - HKCU\..\Run: [rstrui.exe] C:\WINDOWS\System32\rstrui.exe O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://www.eset.com.sg/softdown/files/OnlineScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2FCC230D-E8E3-4E20-9B55-B9BB8244B15A}: NameServer = 203.116.1.94 203.116.254.150 O17 - HKLM\System\CS1\Services\Tcpip\..\{2FCC230D-E8E3-4E20-9B55-B9BB8244B15A}: NameServer = 203.116.1.94 203.116.254.150 O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file) O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.199\McCHSvc.exe To do this, please refer to the following steps: 1. Run HiJackThis. (Note: If there is a notification message, please click OK.) 2. In the HiJackThis Window, click "Do a system scan only". (Note: If there is a notification message, please click OK.) 3. Check the checkboxes beside the malicious entries listed above and click the "Fix Checked" button. 4. Click Yes to begin fixing the infected files. Please check if the issue persists. Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
May 23rd, 2011 8:28am

O4 - HKCU\..\Run: [rstrui.exe] C:\WINDOWS\System32\rstrui.exe O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://www.eset.com.sg/softdown/files/OnlineScanner.cab O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.199\McCHSvc.exe Hi, the problem still persists. These 3 files were not found during the HiJackThis Scan. I think it is because of the recent system restore Startup Repair did after my computer failed to start. I tried to undo the system restore but did not see the undo button. The rest of them were removed by HiJackThis. The problem is when i flush the dns resolver cache and type ipconfig /displaydns the list returns to the state before it was flushed or newly accessed again. I also tried ipconfig /release but that dosen't help. I also reset the Winsock Catalog as told by Malwarebytes Forum and that didn't help.
May 23rd, 2011 12:54pm

Hi, The issue has been solved by Malwarebytes. I won't be replying back so please close this thread as well for this thread - http://social.technet.microsoft.com/Forums/en-US/itprovistasecurity/thread/600c3cb2-d492-4fa4-92f2-739e8ca67d1c Thank you for the help that was offered. - randomperson456
Free Windows Admin Tool Kit Click here and download it now
May 29th, 2011 3:48pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics