Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by several PUP Malware. Scanned and fixed but still have a problem


  • Please log in to reply
36 replies to this topic

#1 mistysunrise

mistysunrise

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:35 AM

Posted 19 September 2014 - 10:14 PM

Hello

 

2 days ago I noticed about every 10 minutes a blank browser window would pop open, so I did a scan. I ran everything under the sun, Malwarebytes, hitman pro, rkill, and JRT did the clean, etc and nothing is being detected now, and the blank window keeps popping up. I know you arent supposed to, but I even thought of doing system restore, but I have it turned off. I can usually clean this by myself, but I cant figure this one out. It has to be buried, and in the registry somewhere. I am about ready to do a clean install of windows 7 and say heck with it. Thanks in advance for the help.

 

I dont have the any logs after cleaning.. Here is what I was infected with ( A blank window popped up again, as I was writing this)

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/19/2014
Scan Time: 2:07:14 AM
Logfile: malwarebytes infection detection.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.19.02
Rootkit Database: v2014.09.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Deborah Lane

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314444
Time Elapsed: 10 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}, Quarantined, [ec303fb02259ca6c0a476f568b7729d7],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, Quarantined, [ec303fb02259ca6c0a476f568b7729d7],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [ec303fb02259ca6c0a476f568b7729d7],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [ec303fb02259ca6c0a476f568b7729d7],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, Quarantined, [ec303fb02259ca6c0a476f568b7729d7],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 5
PUP.Optional.Goobzo, C:\ProgramData\SearchModule, Quarantined, [8b914ea197e443f31d2e3acec2415da3],
PUP.Optional.SoftwareUpdater.A, C:\Users\Deborah Lane\AppData\Local\SwvUpdater, Quarantined, [b8646887b8c316207c9c20f05ba830d0],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.Goobzo, C:\Program Files\Common Files\Goobzo, Quarantined, [e23a18d75328cd69fd785f9b1ae8c838],

Files: 32
PUP.Optional.Goobzo, C:\Windows\System32\Tasks\SMW_UpdateTask_Time_323431383335333038302d3437415a556c2a3223346c41, Quarantined, [120a925d80fba78f15358b7df310718f],
PUP.Optional.Goobzo, C:\ProgramData\SearchModule\smhe.js, Quarantined, [8b914ea197e443f31d2e3acec2415da3],
PUP.Optional.SoftwareUpdater.A, C:\Users\Deborah Lane\AppData\Local\SwvUpdater\Updater.xml, Quarantined, [b8646887b8c316207c9c20f05ba830d0],
PUP.Optional.SoftwareUpdater.A, C:\Users\Deborah Lane\AppData\Local\SwvUpdater\status.cfg, Quarantined, [b8646887b8c316207c9c20f05ba830d0],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\1.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\a.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\b.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\c.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\d.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\e.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\f.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\g.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\h.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\i.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\j.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\k.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\l.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\m.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\n.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\o.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\p.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\q.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\r.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\s.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\t.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\u.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\v.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\w.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\wlu.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\x.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\y.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],
PUP.Optional.PriceGong.A, C:\Users\Deborah Lane\AppData\LocalLow\PriceGong\Data\z.txt, Quarantined, [b16be50aff7c1b1b0ab0a038a45e21df],

Physical Sectors: 0
(No malicious items detected)


(end)



BC AdBot (Login to Remove)

 


#2 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 PM

Posted 19 September 2014 - 10:32 PM

Hello, 
 
Please run the following programme. 

6gkmKHQ.png Autoruns
  • Please download Autoruns and save the file to your Desktop.
  • Right-Click Autoruns.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Agree to End User Licence Agreement (EULA).
  • Allow the programme to scan. Once completed, click File, then Save, name the file Autoruns Log.arn and save to your Desktop
  • Close Autoruns.
  • Upload the log (Autoruns Log.arn) to my channel, here.

Edited by LiquidTension, 19 September 2014 - 10:33 PM.

Posted Image

#3 mistysunrise

mistysunrise
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:35 AM

Posted 19 September 2014 - 10:46 PM

Thank you thank you thank you! I found the little boogers responsible here, but I will wait to delete things, before I confirm with you. You are a life saver. :) I sent the file to you.

Hello, 
 
Please run the following programme. 

6gkmKHQ.png Autoruns

  • Please download Autoruns and save the file to your Desktop.
  • Right-Click Autoruns.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Agree to End User Licence Agreement (EULA).
  • Allow the programme to scan. Once completed, click File, then Save, name the file Autoruns Log.arn and save to your Desktop
  • Close Autoruns.
  • Upload the log (Autoruns Log.arn) to my channel, here.

 



#4 mistysunrise

mistysunrise
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:35 AM

Posted 19 September 2014 - 10:47 PM

oops I didnt see that you wanted me to rename it Autoruns Log.arn before I sent it to you. It is just called autoruns

 

 

Hello, 
 
Please run the following programme. 

6gkmKHQ.png Autoruns

  • Please download Autoruns and save the file to your Desktop.
  • Right-Click Autoruns.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Agree to End User Licence Agreement (EULA).
  • Allow the programme to scan. Once completed, click File, then Save, name the file Autoruns Log.arn and save to your Desktop
  • Close Autoruns.
  • Upload the log (Autoruns Log.arn) to my channel, here.

 



#5 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 PM

Posted 19 September 2014 - 11:01 PM

Hello, 

 

Don't worry about the file name. 

 

Which entries do you believe are responsible?


Posted Image

#6 mistysunrise

mistysunrise
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:35 AM

Posted 19 September 2014 - 11:11 PM

 HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run                9/19/2014 9:31 PM

 

HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance                12/12/2013 3:09 PM

 

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls                6/30/2014 1:40 AM

 

EKIJ5000StatusMonitor            c:\windows\syswow64\spool\drivers\x64\3\ekij5000mui.exe   <~~ not too sure if I should delete that.. I am not sure if it is connected to it.

                            

 

I had some malware with the wow6432node and I wanted to make sure it wasnt copying a real thing that I needed, before I deleted things. :)


Edited by mistysunrise, 19 September 2014 - 11:16 PM.


#7 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 PM

Posted 19 September 2014 - 11:22 PM

Hello, 
 

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run                9/19/2014 9:31 PM
HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance                12/12/2013 3:09 PM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls                6/30/2014 1:40 AM

These are legitimate keys. Do not delete. 
 

EKIJ5000StatusMonitor            c:\windows\syswow64\spool\drivers\x64\3\ekij5000mui.exe

This appears to be related to a Kodak printer. Have you at some point connected a Kodak printer to your machine? 
 
 
I can't actually see anything in the log that would be responsible for a browser window appearing. 
 
What browser window opens? Is it every ~10 minutes between the time you boot and the time you shut down? 
By "blank browser window", what exactly do you mean? Does the window open on a new tab page?


Posted Image

#8 mistysunrise

mistysunrise
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:35 AM

Posted 19 September 2014 - 11:33 PM

Thats what I was afraid of ... I figured it was mimicing something..

 

I am on chrome right now, and it is doing it on this one, and It was doing it on waterfox also. When it pops open a window, it is just a regular browser window, and it doesnt have any webpage typed in the address bar. I will get a screenshot when it does it again. So look for another post lol.
 

Hello, 
 

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run                9/19/2014 9:31 PM
HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance                12/12/2013 3:09 PM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls                6/30/2014 1:40 AM

These are legitimate keys. Do not delete. 
 

EKIJ5000StatusMonitor            c:\windows\syswow64\spool\drivers\x64\3\ekij5000mui.exe

This appears to be related to a Kodak printer. Have you at some point connected a Kodak printer to your machine? 
 
 
I can't actually see anything in the log that would be responsible for a browser window appearing. 
 
What browser window opens? Is it every ~10 minutes between the time you boot and the time you shut down? 
By "blank browser window", what exactly do you mean? Does the window open on a new tab page?



#9 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 PM

Posted 19 September 2014 - 11:40 PM

OK, a screenshot may help. 

 

In the meantime, lets try the following. 

 

STEP 1
BY4dvz9.png.pagespeed.ce.cpqHQmQDB6.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

 

STEP 2
xMgeHyNE.png.pagespeed.ic.49_rDPUa_4.png Internet Flush

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.​
    @echo off
    echo Flushing Internet. Please wait... >"%userprofile%\desktop\flushresults.txt"
    ipconfig /release >>"%userprofile%\desktop\flushresults.txt" 2>&1
    ipconfig /renew >>"%userprofile%\desktop\flushresults.txt" 2>&1
    ipconfig /flushdns >>"%userprofile%\desktop\flushresults.txt" 2>&1
    netsh winsock reset all >>"%userprofile%\desktop\flushresults.txt" 2>&1
    netsh int ipv4 reset >>"%userprofile%\desktop\flushresults.txt" 2>&1
    netsh int ipv6 reset >>"%userprofile%\desktop\flushresults.txt" 2>&1
    echo.
    echo Deleting temp files/folders...
    del %TEMP%\*.* /F /S /Q
    rd /S /Q %TEMP%
    echo.
    echo Finished. Your computer will reboot. >>"%userprofile%\desktop\flushresults.txt" 2>&1
    shutdown -r -t 1
    del %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file flush.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate flush.bat xlmRDSkT.png.pagespeed.ic.UByFR5z3ld.jpg (W8/7/Vista) on your DesktopRight-click the icon and click xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator.
  • Your computer will reboot. If not, please manually reboot. 
  • After the reboot, a log (flushresults.txt) will be on your DesktopCopy the contents of the log and paste in your next reply. 
     

======================================================

STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • AdwCleaner[S0].txt
  • flushresults.txt

Posted Image

#10 mistysunrise

mistysunrise
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:35 AM

Posted 19 September 2014 - 11:55 PM

Well what it looks like it is doing is opening a new window with a browser in it. It is happening about every 10 minutes from the time I boot up till I shut down. It isnt opening in a new tab, but a whole new window. It now appers to be going to my homepage which is yahoo and is no longer blank.. If you want me to still post a screen shot, I will.. I saw something on the background of the browser this time, it was right below the address bar and it said downloading autoruns... I didnt see that before, as I closed it quickly.. I was keeping it open so I could get a screenshot and it showed that, and disappeared.

 

Actually I am using waterfox at the moment and it looks to be popping up a chrome webpage.. so it is something in chrome. http://prntscr.com/4ohucl I couldnt figure out how to upload an attachment so there is the screen that pops up. Just a chrome browser... I will try the ADWcleaner. I previously downloaded it., I will follow your directions on here and let you know. :) Thank you



#11 mistysunrise

mistysunrise
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:35 AM

Posted 20 September 2014 - 12:07 AM

here is the ADW cleaner log. I will do the next one here and post the log.

 

# AdwCleaner v3.310 - Report created 19/09/2014 at 23:59:35
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Deborah Lane - FATSO
# Running from : C:\Users\Deborah Lane\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Deborah Lane\AppData\Roaming\Mozilla\Firefox\Profiles\6lwj8vtx.default\prefs.js ]


-\\ Google Chrome v37.0.2062.120

[ File : C:\Users\Deborah Lane\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

*************************

AdwCleaner[R0].txt - [4728 octets] - [19/09/2014 02:37:48]
AdwCleaner[R1].txt - [1078 octets] - [19/09/2014 02:44:22]
AdwCleaner[R2].txt - [1199 octets] - [19/09/2014 03:05:07]
AdwCleaner[R3].txt - [1260 octets] - [19/09/2014 03:06:23]
AdwCleaner[R4].txt - [1380 octets] - [19/09/2014 19:32:03]
AdwCleaner[R5].txt - [1500 octets] - [19/09/2014 23:56:44]
AdwCleaner[S0].txt - [4969 octets] - [19/09/2014 02:39:42]
AdwCleaner[S1].txt - [1141 octets] - [19/09/2014 02:46:12]
AdwCleaner[S2].txt - [1321 octets] - [19/09/2014 03:07:10]
AdwCleaner[S3].txt - [1441 octets] - [19/09/2014 19:33:05]
AdwCleaner[S4].txt - [1499 octets] - [19/09/2014 23:59:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1559 octets] ##########
 



#12 mistysunrise

mistysunrise
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:35 AM

Posted 20 September 2014 - 12:16 AM

here is the flushresults

 

Flushing Internet. Please wait...

Windows IP Configuration

No operation can be performed on Wireless Network Connection 3 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection 2:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::7cfa:22b0:a749:2fd1%15
   Default Gateway . . . . . . . . . :

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : ARRRPK2.local

Tunnel adapter isatap.hitronhub.home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{4BFC8BED-4182-4DEB-B2ED-E01205E9B10E}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:3c43:2da:52ec:407
   Link-local IPv6 Address . . . . . : fe80::3c43:2da:52ec:407%17
   Default Gateway . . . . . . . . . : ::

Tunnel adapter isatap.ARRRPK2.local:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{88080736-015C-4D49-ACB5-41A70B7B5679}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Windows IP Configuration

No operation can be performed on Wireless Network Connection 3 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection 2:

   Connection-specific DNS Suffix  . : hitronhub.home
   Link-local IPv6 Address . . . . . : fe80::7cfa:22b0:a749:2fd1%15
   IPv4 Address. . . . . . . . . . . : 192.168.0.15
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : ARRRPK2.local

Tunnel adapter isatap.hitronhub.home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hitronhub.home

Tunnel adapter isatap.{4BFC8BED-4182-4DEB-B2ED-E01205E9B10E}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:8ba:2977:3f57:fff0
   Link-local IPv6 Address . . . . . : fe80::8ba:2977:3f57:fff0%17
   Default Gateway . . . . . . . . . : ::

Tunnel adapter isatap.ARRRPK2.local:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{88080736-015C-4D49-ACB5-41A70B7B5679}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.

Reseting Interface, OK!
Restart the computer to complete this action.

Finished. Your computer will reboot.
 



#13 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 PM

Posted 20 September 2014 - 12:20 AM

OK, good job.

I'll be heading off now, but will return with instructions tomorrow. We'll start by ruling out malware, and if the issue persists, move on to non-malware troubleshooting.

Please let me know if anything changes; for example, new issues arise.
Posted Image

#14 mistysunrise

mistysunrise
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:35 AM

Posted 20 September 2014 - 12:30 AM

Thank you. I havent had the window pop back up so far yet. I will let you know tomorrow when you reply if it is still happening. I thank you so much for your time. :)



#15 mistysunrise

mistysunrise
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:35 AM

Posted 20 September 2014 - 12:34 AM

Window did pop up again *SIGH* I will talk to you tomorrow. :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users