Suspected Trojan problem

[Yanko693]

alright. last week i dl'd a file and my norton immediatly said it was a trojan when i opened it. so i ran through the routine having norton remove it and i removed the folder it created on my drive. problem is now whenever i select switch user or log off i get just black screen where the log on screen should be. (i get a windows message every now and then that logon screen has stopped working) and also my norton can not connect to the internet to update when i have a perfectly active internet connection. i have tried system restore at multiple points before the date of this, but when i turns back on it says system restore failed.

any ideas?

 

[Respital]

Post the logs from the sticky and we'll take it from there

http://www.computerforum.com/131398-important-please-read-before-posting.html

 

[Yanko693]

Malwarebytes' Anti-Malware 1.31
Database version: 1471
Windows 6.0.6001 Service Pack 1

12/7/2008 2:25:56 PM
mbam-log-2008-12-07 (14-25-47).txt

Scan type: Quick Scan
Objects scanned: 67356
Time elapsed: 12 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 15
Folders Infected: 3
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Tribute Service (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\homeview (Trojan.DNSChanger) -> No 

action taken.
HKEY_CURRENT_USER\SOFTWARE\homeview (Trojan.DNSChanger) -> No action taken.
HKEY_CLASSES_ROOT\homeview (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2eb.tmp (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{964b8478-3133-46aa-89a7-

de577a31c74f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.112;85.255.112.69 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9b981dd4-5ec9-4775-b78a-

214827a5072e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.112;85.255.112.69 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9b981dd4-5ec9-4775-b78a-

214827a5072e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.112;85.255.112.69 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e541a5a3-ae17-45b5-8229-

2252b2cb32a3}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.112;85.255.112.69 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e541a5a3-ae17-45b5-8229-

2252b2cb32a3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.112;85.255.112.69 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{964b8478-3133-46aa-89a7-

de577a31c74f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.112;85.255.112.69 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9b981dd4-5ec9-4775-b78a-

214827a5072e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.112;85.255.112.69 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9b981dd4-5ec9-4775-b78a-

214827a5072e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.112;85.255.112.69 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e541a5a3-ae17-45b5-8229-

2252b2cb32a3}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.112;85.255.112.69 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e541a5a3-ae17-45b5-8229-

2252b2cb32a3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.112;85.255.112.69 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{964b8478-3133-46aa-89a7-

de577a31c74f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.112;85.255.112.69 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{9b981dd4-5ec9-4775-b78a-

214827a5072e}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.112;85.255.112.69 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{9b981dd4-5ec9-4775-b78a-

214827a5072e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.112;85.255.112.69 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e541a5a3-ae17-45b5-8229-

2252b2cb32a3}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.112;85.255.112.69 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{e541a5a3-ae17-45b5-8229-

2252b2cb32a3}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.112;85.255.112.69 -> No action taken.

Folders Infected:
C:\resycled (Trojan.DNSChanger) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\homeview (Trojan.DNSChanger) -> No action taken.
C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\homeview (Trojan.DNSChanger) -> No action taken.

Files Infected:
C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> No action taken.
C:\resycled\boot.com (Trojan.DNSChanger) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\homeview\Uninstall.lnk (Trojan.DNSChanger) -> No action taken.
C:\Windows\Temp\2EB.tmp (Trojan.Agent) -> No action taken.

 

[Respital]

Please run Malwarebytes' again and;

• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.

 

[Yanko693]

Please run Malwarebytes' again and;

• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.

even the stuff in registry?

 

[Respital]

even the stuff in registry?

Everything that comes up, no matter what it is.

 

[Yanko693]

did that. most of the stuff is gone now but some things say to restart so i do but they are still there now. i tried twice. i will try the hijack this can.

 

[Respital]

did that. most of the stuff is gone now but some things say to restart so i do but they are still there now. i tried twice. i will try the hijack this can.

Please post the new log, it is located under the "logs" tab in Malwarebytes'.