Jump to content

Change Mode

I've been hit!


caintry_boy
 Share

Recommended Posts

Was attempting to watch some TV via streaming internet using IE11 tonight and started having trouble with re-directs and such. Closed all programs and ran Malwarebytes and AdwCleaner. Logs follow (***note that after I ran Malwarebytes the first time it recommended I reboot and re-scan so there are 2 logs):

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/20/2016
Scan Time: 6:33 PM
Logfile: Malwarebytes 1.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.20.04
Rootkit Database: v2016.02.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: caintry_boy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328996
Time Elapsed: 36 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 2
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{7DAE4FD7-602E-4213-A458-099D8F0901A2}|NameServer, 82.163.143.171 82.163.142.173, Quarantined, [84701949d1c8a0968daed686699b6e92]
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{EC891F1B-1CB8-42E5-BE4A-C3117C19B5F8}|NameServer, 82.163.143.171 82.163.142.173, Quarantined, [0fe54b177e1b261063d871eb42c224dc]

Registry Data: 1
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, 82.163.143.171 82.163.142.173, Good: (8.8.8.8), Bad: (82.163.143.171 82.163.142.173),Replaced,[be361e441683f3437869846d8b7939c7]

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Users\caintry_boy\AppData\Local\Temp\19714560.t.exe, Quarantined, [856fd092fa9fc47269311c19946d728e],
PUP.Optional.WinYahoo, C:\Program Files\Mozilla Firefox\browser\components\mrt.js, Quarantined, [25cf0c56ecad93a3b1a1cf95d133d62a],
PUP.Optional.Amonetize.Gen, C:\ProgramData\ea7ef069-0857-0\BIT9151.tmp, Quarantined, [29cb7ce6fe9b241248fe313423e19d63],
PUP.Optional.Amonetize.Gen, C:\ProgramData\ea7ef069-2ea3-0\BIT1E1A.tmp, Quarantined, [13e1c69ce2b72a0cd373fd68ec18bb45],

Physical Sectors: 0
(No malicious items detected)


(end)

 

______________________________

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/20/2016
Scan Time: 7:31 PM
Logfile: Malwarebytes 1.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.20.04
Rootkit Database: v2016.02.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: caintry_boy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328557
Time Elapsed: 20 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{EC891F1B-1CB8-42E5-BE4A-C3117C19B5F8}|NameServer, 82.163.143.171 82.163.142.173, Quarantined, [0fe54c16b3e61f1771cabd9f12f22fd1]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Bundler, C:\Users\caintry_boy\Downloads\adobe_flash_setup.exe, Delete-on-Reboot, [fafa8bd7c7d286b0793e37627d844db3],

Physical Sectors: 0
(No malicious items detected)


(end)

 

________________________

 

# AdwCleaner v5.026 - Logfile created 22/12/2015 at 10:48:26
# Updated 21/12/2015 by Xplode
# Database : 2015-12-21.2 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : caintry_boy - MSI
# Running from : C:\Users\caintry_boy\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\DriverToolkit
[-] Folder Deleted : C:\Users\caintry_boy\AppData\Local\DriverToolkit

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\DriverToolkit
[-] Key Deleted : HKCU\Software\undefined
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [975 bytes] ##########
# AdwCleaner v5.035 - Logfile created 20/02/2016 at 20:04:47
# Updated 18/02/2016 by Xplode
# Database : 2016-02-20.3 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : caintry_boy - MSI
# Running from : C:\Users\caintry_boy\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\{01c77261-412c-0}
[-] Folder Deleted : C:\ProgramData\{05372107-512c-1}

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1844 bytes] ##########

 

 

Please advise...

 

edit: I should also add that my homepage in IE was changed and when I went to Tools that Internet Options was grayed out...

 

 

 

 

:geezer:

Link to comment
Share on other sites

Let's flush the DNS cache first:

Copy and paste these lines in Note pad.

 

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

 

Save as flush.bat to your desktop.
Right click on the flush.bat file to run it as Administrator. Your computer will reboot.

 

Reset IE to it's 'default' settings...

 

Next, run TFC (I know you have it, but instructions follow)

 

Download TFC by Old Timer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.htmland save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser! This will also hide all desktop shortcuts, so just be aware! They will come back after rebooting.

Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! Manually reboot the machine to ensure a complete clean.

 

Let me know if you're still in trouble!! If no trouble, reset your Homepage.

Link to comment
Share on other sites

 Share

×
×
  • Create New...