Throwaway333

OK, thanks mate.

Done it, no issues whatsoever that I see. I disabled SR mainly cause of the limited space I have and need. I see there is a make registry backup in Delfix, should I make one?

Hey again, I'm glad to hear that, I ran MB once again to see if it will detect it, but it showed nothing. I have disabled system restore manually because of the SSD and cause I never really use it. I hope thats it then. I renabled all my security and will change some main passwords. Thanks a lot for your help.

Thanks for the fast reply. 1. I ran FRST again, files are attached. 2. Ran ADWCleaner, log is attached. 3. Ran Junkware removal tool, the log is short so I copy/pasted it, also attached it. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 8.0.1 (11.24.2015)Operating System: Windows 7 Ultimate x64 Ran by Anej (Administrator) on sri 06.01.2016. at 14:43:56,15~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on sri 06.01.2016. at 14:45:18,99End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 4. Ran MS MSRT - ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.31, December 2015 (build 5.31.12100.0)Started On Wed Jan 06 14:49:48 2016 Engine: 1.1.12300.0Signatures: 1.211.637.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 06 14:51:52 2016 Return code: 0 (0x0) Regarding any concers... I don't know, should I be concerned? Is it good now? And should I change any passwords, anything similar? Thanks.AdwCleanerC1.txt Fixlog.txt JRT.txt

Hello Kevin, sorry for the delay, 1. Reset my router 2. I did everything in DNSjumper as instructed. 3. Ran another MB scan, it got 0 detections this time, here is the log: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 6.1.2016.Scan Time: 13:08Logfile: Administrator: Yes Version: 2.2.0.1024Malware Database: v2016.01.06.03Rootkit Database: v2016.01.05.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Anej Scan Type: Threat ScanResult: CompletedObjects Scanned: 332060Time Elapsed: 6 min, 25 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) 4. Ran FRST once more time, I attached the 2 .txt files. Thanks. Addition.txt FRST.txt

Thanks for the reply, I did as following: 1. Got you the Fixlog.txt - it's attached. 2. Ran a Malwarebytes scan with your settings - here is the export: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 5.1.2016. Scan Time: 18:42 Logfile: Administrator: Yes Version: 2.2.0.1024 Malware Database: v2016.01.05.04 Rootkit Database: v2015.12.26.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Anej Scan Type: Threat Scan Result: Completed Objects Scanned: 330054 Time Elapsed: 5 min, 46 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 2 Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, 77.77.192.20 94.140.66.194, Good: (), Bad: (94.140.66.194),Replaced,[e820e155fd9c072fa021d4d0fe06a65a] Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{8D45C7E1-D95A-4108-AC8B-156FEC9D46E1}|DhcpNameServer, 77.77.192.20 94.140.66.194, Good: (), Bad: (94.140.66.194),Replaced,[1aeec670cccd2b0b952c9c089b69ae52] Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) 3. Ran the Stinger scan with all drives selected and your settings, I have it attached as a .txt file. I have noticed it says ''Rootkit scan result : Not Scanned'' although I have selected rootkits in the options. 4. Ran FRST once more, the 2 logs are attached. Thanks. Addition.txt FRST.txt Fixlog.txt McAfee Stinger scan results.txt

Hello, In the last scan Malwarebytes Free edition has detected 2 instances of Trojan.DNSChanger. I have tried removing it and restarting my PC several times but it always comes back. No other scanner (like Avira, HitmanPro) detect this. I also have no issues on my PC, was just running my weekly scans. HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{8D45C7E1-D95A-4108-AC8B-156FEC9D46E1}|DhcpNameServer I have also provided the log and a picture as an attachment, along the FRST and Addition log from FRST64. While looking for my problem I have also stumbled across several threads (including ones from MB forums like this one - https://forums.malwarebytes.org/index.php?/topic/169206-trojandnschanger/)but are not really of any help to me since I don't really know what to look for in logs and such. Thanks. Addition.txt FRST.txt MBlog.txt