caintry_boy Posted February 21, 2016 Share Posted February 21, 2016 Was attempting to watch some TV via streaming internet using IE11 tonight and started having trouble with re-directs and such. Closed all programs and ran Malwarebytes and AdwCleaner. Logs follow (***note that after I ran Malwarebytes the first time it recommended I reboot and re-scan so there are 2 logs): Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 2/20/2016Scan Time: 6:33 PMLogfile: Malwarebytes 1.txtAdministrator: YesVersion: 2.2.0.1024Malware Database: v2016.02.20.04Rootkit Database: v2016.02.17.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: caintry_boyScan Type: Threat ScanResult: CompletedObjects Scanned: 328996Time Elapsed: 36 min, 47 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 2Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{7DAE4FD7-602E-4213-A458-099D8F0901A2}|NameServer, 82.163.143.171 82.163.142.173, Quarantined, [84701949d1c8a0968daed686699b6e92]Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{EC891F1B-1CB8-42E5-BE4A-C3117C19B5F8}|NameServer, 82.163.143.171 82.163.142.173, Quarantined, [0fe54b177e1b261063d871eb42c224dc]Registry Data: 1Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, 82.163.143.171 82.163.142.173, Good: (8.8.8.8), Bad: (82.163.143.171 82.163.142.173),Replaced,[be361e441683f3437869846d8b7939c7]Folders: 0(No malicious items detected)Files: 4PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Users\caintry_boy\AppData\Local\Temp\19714560.t.exe, Quarantined, [856fd092fa9fc47269311c19946d728e],PUP.Optional.WinYahoo, C:\Program Files\Mozilla Firefox\browser\components\mrt.js, Quarantined, [25cf0c56ecad93a3b1a1cf95d133d62a],PUP.Optional.Amonetize.Gen, C:\ProgramData\ea7ef069-0857-0\BIT9151.tmp, Quarantined, [29cb7ce6fe9b241248fe313423e19d63],PUP.Optional.Amonetize.Gen, C:\ProgramData\ea7ef069-2ea3-0\BIT1E1A.tmp, Quarantined, [13e1c69ce2b72a0cd373fd68ec18bb45],Physical Sectors: 0(No malicious items detected)(end) ______________________________ Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 2/20/2016Scan Time: 7:31 PMLogfile: Malwarebytes 1.txtAdministrator: YesVersion: 2.2.0.1024Malware Database: v2016.02.20.04Rootkit Database: v2016.02.17.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: caintry_boyScan Type: Threat ScanResult: CompletedObjects Scanned: 328557Time Elapsed: 20 min, 16 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 1Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{EC891F1B-1CB8-42E5-BE4A-C3117C19B5F8}|NameServer, 82.163.143.171 82.163.142.173, Quarantined, [0fe54c16b3e61f1771cabd9f12f22fd1]Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 1PUP.Optional.Bundler, C:\Users\caintry_boy\Downloads\adobe_flash_setup.exe, Delete-on-Reboot, [fafa8bd7c7d286b0793e37627d844db3],Physical Sectors: 0(No malicious items detected)(end) ________________________ # AdwCleaner v5.026 - Logfile created 22/12/2015 at 10:48:26# Updated 21/12/2015 by Xplode# Database : 2015-12-21.2 [Local]# Operating system : Windows 7 Home Premium Service Pack 1 (x86)# Username : caintry_boy - MSI# Running from : C:\Users\caintry_boy\Desktop\AdwCleaner.exe# Option : Cleaning# Support : http://toolslib.net/forum***** [ Services ] ********** [ Folders ] *****[-] Folder Deleted : C:\Program Files\DriverToolkit[-] Folder Deleted : C:\Users\caintry_boy\AppData\Local\DriverToolkit***** [ Files ] ********** [ DLLs ] ********** [ Shortcuts ] ********** [ Scheduled tasks ] ********** [ Registry ] *****[-] Key Deleted : HKCU\Software\DriverToolkit[-] Key Deleted : HKCU\Software\undefined[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]***** [ Web browsers ] ******************************:: "Tracing" keys removed:: Winsock settings cleared########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [975 bytes] ########### AdwCleaner v5.035 - Logfile created 20/02/2016 at 20:04:47# Updated 18/02/2016 by Xplode# Database : 2016-02-20.3 [server]# Operating system : Windows 7 Home Premium Service Pack 1 (x86)# Username : caintry_boy - MSI# Running from : C:\Users\caintry_boy\Desktop\AdwCleaner.exe# Option : Cleaning# Support : http://toolslib.net/forum***** [ Services ] ********** [ Folders ] *****[-] Folder Deleted : C:\ProgramData\{01c77261-412c-0}[-] Folder Deleted : C:\ProgramData\{05372107-512c-1}***** [ Files ] ********** [ DLLs ] ********** [ Shortcuts ] ********** [ Scheduled tasks ] ********** [ Registry ] ********** [ Web browsers ] ******************************:: "Tracing" keys removed:: Winsock settings cleared########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1844 bytes] ########## Please advise... edit: I should also add that my homepage in IE was changed and when I went to Tools that Internet Options was grayed out... Link to comment Share on other sites More sharing options...
Jacee Posted February 21, 2016 Share Posted February 21, 2016 Let's flush the DNS cache first: Copy and paste these lines in Note pad. @Echo onpushd\windows\system32\drivers\etcattrib -h -s -r hostsecho 127.0.0.1 localhost>HOSTSattrib +r +h +s hostspopdipconfig /releaseipconfig /renewipconfig /flushdnsnetsh winsock reset allnetsh int ip reset allshutdown -r -t 1del %0 Save as flush.bat to your desktop.Right click on the flush.bat file to run it as Administrator. Your computer will reboot. Reset IE to it's 'default' settings... Next, run TFC (I know you have it, but instructions follow) Download TFC by Old Timer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.htmland save it to your desktop. Save any unsaved work. TFC will close ALL open programs including your browser! This will also hide all desktop shortcuts, so just be aware! They will come back after rebooting. Windows 7 right-click on the file and choose Run As Administrator.Click the Start button to begin the cleaning process and let it run uninterrupted to completion.Important! Manually reboot the machine to ensure a complete clean. Let me know if you're still in trouble!! If no trouble, reset your Homepage. Link to comment Share on other sites More sharing options...
caintry_boy Posted February 21, 2016 Author Share Posted February 21, 2016 All seems good. I ran the flush.bat and TFC as Admin. and after the last reboot I went to IE Tools and my Internet Options is NOT grayed out anymore. IE has been reset. Anything else? Link to comment Share on other sites More sharing options...
Jacee Posted February 21, 2016 Share Posted February 21, 2016 Just let me know how it runs today. Link to comment Share on other sites More sharing options...
caintry_boy Posted February 22, 2016 Author Share Posted February 22, 2016 I'll just add that it's running like a dream with no problems at all to my knowledge. :clap: Link to comment Share on other sites More sharing options...
Recommended Posts