Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Proxy redirector


  • Please log in to reply
9 replies to this topic

#1 Nicksdad

Nicksdad

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 07 May 2014 - 03:57 PM

Something keeps setting my proxy server to http://127.0.0.1:14242

 

http://gnj.tooldiv.net/sd/dw32.html?u=http%3A%2F%2Fgnj.tooldiv.net.....

 

I have run MB and Norton scans as well as TDSS Killer with no luck.   It redirects each time I open IE.   I am running Windows 7 x64.

 

Thank You


Edited by Nicksdad, 07 May 2014 - 04:43 PM.


BC AdBot (Login to Remove)

 


#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,081 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 PM

Posted 07 May 2014 - 04:15 PM

    • 127.0.0.1 is the computer you are sitting in front of......however......follow the steps below turn proxy OFF
    • 1

      Open Internet Explorer.

    • 2

      Click the “Tools” tab, and then select “Internet Options” from the menu that drops down.

    • 3

      Click the “Connections” tab, and click the “LAN Settings” button.

    • 4

      Uncheck the box labeled “Use a proxy server for your LAN.”

    • 5

      Click "OK."

 


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#3 Nicksdad

Nicksdad
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 07 May 2014 - 04:25 PM

Sorry, I forgot to copy the rest.  I currently have Proxy off.



#4 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,081 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 PM

Posted 07 May 2014 - 06:51 PM

Please run the following for me...

 

In The Order Listed...

 

Please download MiniToolBox   to desktop and run it.
Checkmark the following boxes:

* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

 

Gnj.tooldiv.net......   search for this 'program' in add/remove

or...Install http://www.bleepingcomputer.com/download/revo-uninstaller/  and see if it is shown there

If it does show...remove it.

If it does not show in either location...move to the next step.

 

 

  1. Open Internet Explorer, click on the “gear iconicongear.jpg in the upper right part of your browser, then click again on Internet Options.
    Internet-Options-Internet-Explorer.jpg
  2. In the “Internet Options” dialog box, click on the “Advanced” tab, then click on the “Reset” button.
    Reset-Internet-Explorer.jpg
  3. In the “Reset Internet Explorer settings” section, select the “Delete personal settings” check box, then click on “Reset” button.
    reset-button-Internet-Explorer.jpg
  4. When Internet Explorer has completed its task, click on the “Close” button in the confirmation dialogue box. You will now  need to close your browser, and then you can open Internet Explorer again.
    Close-button-Reset.jpg

 

 

 

Then....

 

 

Please download RKill by Grinler from the link below and save it to your desktop.

    RKill
    Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
    Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
    If nothing happens or if the tool does not run, please let me know in your next reply.
    A log pops up at the end of the run. This log file is located at C:\rkill.log.
    Please post the log in your next reply.

 

DO NOT REBOOT HERE....run the next tool

 

 

Download AdwCleaner  by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Vista / Windows 7 / 8 users right-click and select Run As Administrator
• Click on the Scan button. (only once[/I])
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• When it's done you'll see: Pending: Uncheck any elements you don't want removed.
• Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
• Look over the log especially under Files/Folders for any program you want to save.
• If there's a program you want to save, just uncheck it from AdwCleaner.
• If you're not sure, post the log for review.
• If you're ready to clean it all up.....click the Clean button.(only once)

Note you will be asked to click OK and confirm with OK to reboot.
• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
• Copy and paste the contents of that logfile in your next reply.

• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
• Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
• To restore an item that has been deleted (if necessary):
• Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


Edited by Condobloke, 07 May 2014 - 06:56 PM.

Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#5 Nicksdad

Nicksdad
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 07 May 2014 - 08:26 PM

MiniToolBox by Farbar  Version: 23-01-2014
Ran by AITTCalandra (administrator) on 07-05-2014 at 21:24:20
Running from "C:\Users\AITTCalandra\Desktop"
Microsoft Windows 7 Enterprise  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:14177

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

 

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/07/2014 09:12:22 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16438 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1754

Start Time: 01cf6a59b3a39d7d

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (05/07/2014 09:05:10 PM) (Source: AutoEnrollment) (User: )
Description: NASA\AITTCalandra0x8007003aThe specified server cannot perform the requested operation.

Error: (05/07/2014 08:59:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2014 08:54:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2014 08:47:33 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ae74

Start Time: 01cf6a56fb815bf9

Termination Time: 16

Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

Report Id: 52c9748d-d64a-11e3-a6b6-20689d62923c

Error: (05/07/2014 05:39:15 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16438 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 884

Start Time: 01cf6a3365148cf1

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (05/07/2014 04:28:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2014 04:28:34 PM) (Source: AutoEnrollment) (User: )
Description: NASA\AITTCalandra0x8007003aThe specified server cannot perform the requested operation.

Error: (05/07/2014 00:30:22 PM) (Source: AutoEnrollment) (User: )
Description: NASA\AITTCalandra0x8007003aThe specified server cannot perform the requested operation.

Error: (05/07/2014 11:22:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (05/07/2014 09:12:58 PM) (Source: Service Control Manager) (User: )
Description: The Symantec Settings Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (05/07/2014 09:12:58 PM) (Source: Service Control Manager) (User: )
Description: The Symantec Event Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 200 milliseconds: Restart the service.

Error: (05/07/2014 09:05:24 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (05/07/2014 09:05:24 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (05/07/2014 09:05:09 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NASA)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (05/07/2014 08:59:44 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (05/07/2014 08:58:59 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (05/07/2014 08:58:55 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (05/07/2014 08:58:54 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (05/07/2014 08:58:52 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain NASA due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Microsoft Office Sessions:
=========================
Error: (05/07/2014 09:12:22 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.16438175401cf6a59b3a39d7d0C:\Program Files\Internet Explorer\iexplore.exe

Error: (05/07/2014 09:05:10 PM) (Source: AutoEnrollment)(User: )
Description: NASA\AITTCalandra0x8007003aThe specified server cannot perform the requested operation.

Error: (05/07/2014 08:59:26 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2014 08:54:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2014 08:47:33 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.11ae7401cf6a56fb815bf916C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe52c9748d-d64a-11e3-a6b6-20689d62923c

Error: (05/07/2014 05:39:15 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.1643888401cf6a3365148cf10C:\Program Files\Internet Explorer\iexplore.exe

Error: (05/07/2014 04:28:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2014 04:28:34 PM) (Source: AutoEnrollment)(User: )
Description: NASA\AITTCalandra0x8007003aThe specified server cannot perform the requested operation.

Error: (05/07/2014 00:30:22 PM) (Source: AutoEnrollment)(User: )
Description: NASA\AITTCalandra0x8007003aThe specified server cannot perform the requested operation.

Error: (05/07/2014 11:22:58 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
ABBYY FineReader for ScanSnap ™ 4.1 (Version: 8.02.650.72520)
AccelerometerP11 (Version: 2.00.10.33)
Adobe Flash Player 10 ActiveX (Version: 10.2.153.1)
Adobe Flash Player 11 Plugin (Version: 11.7.700.169)
Adobe Flash Player 13 ActiveX (Version: 13.0.0.206)
Adobe Reader X (10.1.6) (Version: 10.1.6)
Adobe Shockwave Player 11.5 (Version: 11.5.10.620)
Adobe SVG Viewer 6.0 (Version:  6.0)
Altiris Application Metering Agent (Version: 7.1.7875.0)
Altiris Deployment Agent (Version: 1.0.0)
Altiris Inventory Agent (Version: 7.1.7875.0)
Apple Application Support (Version: 2.3.6)
Apple Software Update (Version: 2.1.3.127)
Atlas Copco Standard Attachments (Version: 1.5.6)
Atlas Copco Tools AB - Licensing (Version: 1.27.00.14)
BDE_PRO (Version: 5.1.1)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41)
BlackBerry Device Software Updater (Version: 7.1.0.34)
BlackBerry Device Software v7.1.0 for the BlackBerry 9900 smartphone (Version: 7.1.0.694 (Platform 5.1.0.507))
CardMinder (Version: V4.1L40)
CardMinder V4.1 (Version: 4.1.40.1)
CCleaner (Version: 4.13)
Check Point VPN (Version: 75.10.0000)
Cisco WebEx Meeting Center for Internet Explorer (Version: 28.10.0.16277)
Cisco WebEx Meetings
Definition update for Microsoft Office 2010 (KB982726)
Dell Feature Enhancement Pack (Version: 2.2.1)
Dell Touchpad (Version: 7.1208.101.125)
Deployment Solution Agent (Version: 7.1.7861.0)
DWG TrueView 2012 (Version: 18.2.51.0)
ESET Online Scanner v3
GoToMeeting 6.0.0.1259 (Version: 6.0.0.1259)
HP Photosmart Plus B210 series Basic Device Software (Version: 28.0.1315.0)
HPDiagnosticCoreDll (Version: 1.0.16.0)
IBM System i Access for Windows V6R1M0 (Version: 06.01.0800)
IDT Audio (Version: 1.0.6388.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 8.1.0.1281)
Intel® Processor Graphics (Version: 9.17.10.2867)
Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.6.245)
Intel® Trusted Connect Service Client (Version: 1.24.738.1)
Internet Explorer (Enable DEP)
Internet Explorer (Version: 9)
Java 7 Update 55 (Version: 7.0.550)
Java Auto Updater (Version: 2.1.9.8)
K-Lite Codec Pack (Version: 4.6)
K-Lite Codec Pack 7.1.0 (Version: 7.1.0)
LiveReg (Symantec Corporation) (Version: 2.4.2.2295)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.96)
Lotus Notes 8.5 (Version: 8.50.8345)
Lotus Notes 8.5.1 (Version: 8.51.9271)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MTCom 1.0.7.2 (Version: 1.0.7.2)
MULTIPROG 5.35 Build 218 (Version: 5.35.0.218)
MWSnap 3 (Version: 3.0.0.74)
NTI Backup Now EZ (Version: 2.5.2.36)
NVIDIA Control Panel 296.70 (Version: 296.70)
NVIDIA Graphics Driver 296.70 (Version: 296.70)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA nView 136.27 (Version: 136.27)
NVIDIA nView Desktop Manager (Version: 6.14.10.13585)
O2Micro Flash Memory Card Windows Driver (Version: 3.0.07.37)
Patch Management Agent (Version: 7.1.7875.0)
Power Scheme Plug-in Setup (Version: 7.1.1301.0)
QuickTime 7 (Version: 7.75.80.95)
Reservationless-Plus VoIP (Version: 5.12.4.496)
ScanSnap (Version: 5.1.30.19)
ScanSnap Manager (Version: V5.1L30)
ScanSnap Organizer (Version: 4.1.30.16)
ScanSnap Organizer (Version: V4.1L30)
Software Management Solution Plugin (Version: 7.1.7858.0)
SolidWorks viewer (Version: 19.30.7)
Sophos Virus Removal Tool (Version: 2.4)
Spybot - Search & Destroy (Version: 2.1.21)
ST Microelectronics 3 Axis Digital Accelerometer Solution (Version: 4.10.0016)
STDriver64 (Version: 2.00.0000)
SUPERAntiSpyware (Version: 5.6.1014)
Symantec Endpoint Protection (Version: 11.0.6100.645)
Symantec pcAnywhere (Version: 12.5.0)
Symantec Workspace Virtualization Agent (Version: 6.4.1266)
System Requirements Lab for Intel (Version: 4.5.13.0)
TaxACT 2011 - 1040 Edition
TaxACT 2012 - 1040 Edition
TaxACT 2013 - 1040 Edition
Tools Talk BLM (Version: 2.0.0)
Tools Talk Power Focus
ToolsTalk DS/DL
ToolsTalk MT 4.42.02 (remove only)
ToolsTalk MT 6.0.0.4 (Version: 6.0.0.4)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
ViewPassword
Webex Trusted Zone Add-In (Version: 1.0.0)
WIDCOMM Bluetooth Software (Version: 6.5.1.2300)
Windows Driver Package - ATLAS Copco (usbser) Ports  (07/20/2011 1.1.0.0) (Version: 07/20/2011 1.1.0.0)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (Version: 10/22/2009 2.06.00)
X7Magic Setup (Version: 7.1.5)

========================= Memory info: ===================================

Percentage of memory in use: 56%
Total physical RAM: 3969.45 MB
Available physical RAM: 1711.87 MB
Total Pagefile: 7937.08 MB
Available Pagefile: 5865.43 MB
Total Virtual: 4095.88 MB
Available Virtual: 3975.08 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.58 GB) (Free:170.09 GB) NTFS

========================= Users: ========================================

User accounts for \\AITLUS0625

Asap Help                Custodian                Guest                   

**** End of log ****



#6 Nicksdad

Nicksdad
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 07 May 2014 - 08:58 PM

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/07/2014 09:56:20 PM in x64 mode.
Windows Version: Windows 7 Enterprise Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * ALERT: ZEROACCESS rootkit symptoms found!

     * C:\$Recycle.Bin\S-1-5-18\$b81e386b92ffe1e1235e942f7d78f505\ [ZA Dir]
     * C:\$Recycle.Bin\S-1-5-18\$b81e386b92ffe1e1235e942f7d78f505\L\ [ZA Dir]
     * C:\$Recycle.Bin\S-1-5-18\$b81e386b92ffe1e1235e942f7d78f505\U\ [ZA Dir]
     * C:\$Recycle.Bin\S-1-5-21-278118735-2729461451-4031961895-15118\$b81e386b92ffe1e1235e942f7d78f505\ [ZA Dir]
     * C:\$Recycle.Bin\S-1-5-21-278118735-2729461451-4031961895-15118\$b81e386b92ffe1e1235e942f7d78f505\L\ [ZA Dir]
     * C:\$Recycle.Bin\S-1-5-21-278118735-2729461451-4031961895-15118\$b81e386b92ffe1e1235e942f7d78f505\U\ [ZA Dir]

Checking Windows Service Integrity:

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * BFE [Missing Service]
 * iphlpsvc [Missing Service]
 * MpsSvc [Missing Service]
 * wscsvc [Missing Service]

 * SharedAccess [Missing ImagePath]
 * WinDefend [Missing ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 05/07/2014 09:56:59 PM
Execution time: 0 hours(s), 0 minute(s), and 39 seconds(s)



#7 Nicksdad

Nicksdad
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 07 May 2014 - 09:15 PM

# AdwCleaner v3.207 - Report created 07/05/2014 at 22:08:52
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
# Username : AITTCalandra - AITLUS0625
# Running from : C:\Users\AITTCalandra\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : ViewPassword

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files (x86)\ViewPassword-soft
File Deleted : C:\Users\AITTCalandra\AppData\Roaming\Mozilla\Firefox\Profiles\gfltf139.default\user.js
File Deleted : C:\windows\Tasks\ViewPassword Update.job
File Deleted : C:\windows\System32\Tasks\ViewPassword Update
File Deleted : C:\windows\Tasks\ViewPassword_wd.job
File Deleted : C:\windows\System32\Tasks\ViewPassword_wd

***** [ Shortcuts ] *****

***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{10e9e863-3913-40d0-903d-d46deb18c982}
[#] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0f9af7e3-3853-473f-a49b-e470a3a41501}
[#] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10e9e863-3913-40d0-903d-d46deb18c982}
[#] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8EBACD89-5466-4E68-B81A-42A3117B1A41}
[#] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{dadf82fd-0783-4ca9-98aa-615f657a2a9e}
[#] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DC452618-6778-4736-90A9-7925BCA540D6}
[#] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0f9af7e3-3853-473f-a49b-e470a3a41501}
[#] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{dadf82fd-0783-4ca9-98aa-615f657a2a9e}
Key Deleted : HKCU\Software\AppDataLow\Software\ViewPassword

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16438

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\AITTCalandra\AppData\Roaming\Mozilla\Firefox\Profiles\gfltf139.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\AITTCalandra\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2677 octets] - [07/05/2014 22:00:55]
AdwCleaner[S0].txt - [2054 octets] - [07/05/2014 22:08:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2114 octets] ##########



#8 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,081 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 PM

Posted 07 May 2014 - 09:24 PM

It would appear you either are, or have been infected with Zero Access Rootkit.

 

I think it a wise move to move the topic to the Experts Area for closer scrutiny.

 

Please Fully read and follow the instructions in the Preparation Guide For Requesting Help starting at Step #6.

    Note :If you are unable to complete any step, still post the topic and leave a full description of your problems.

    

    When you have done that, start a new topic and post the required logs to
  Virus, Trojan, Spyware, and Malware Removal Logs forum forum, NOT Here, for assistance by the Malware Response Team Experts.

    

    Please Use Copy / Paste for your responses, and Do Not Attach them unless your helper requests this.

 

 


    

    If HelpBot responds to your topic, please follow his Step #1 so the team will be notified.

    

    After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

And....

 

 

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond

 

 

 

 

 


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#9 Nicksdad

Nicksdad
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 11 May 2014 - 12:52 PM

Thank you for your help. 

 

http://www.bleepingcomputer.com/forums/t/533921/proxy-redirect-possible-zero-access/



#10 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,081 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 PM

Posted 11 May 2014 - 04:09 PM

My pleasure....now just sit tight and wait.

 

Regards,


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users