Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

proxy server keeps being reset


  • This topic is locked This topic is locked
2 replies to this topic

#1 gingergotsoul

gingergotsoul

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 12 January 2015 - 03:21 PM

When I try to change the proxy server address and port it keeps resetting

 

HTTP  127.0.0.1 port 20091

 

Excluded addresses listed are  ;*origin.com;*ea.com;*akamaihd.net

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496
Run by Admin at 14:08:43 on 2015-01-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5942.3272 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Users\Admin\AppData\Local\indexitvdataProvider\indexitvdataProvider.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Users\Admin\AppData\Local\indexitvdataProvider\logwdcDrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\apidebuggerMonitor\apidebuggerMonitor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Users\Admin\AppData\Local\18AC68C4-5723-FF41-8E23-F326C007E40B\Runner.exe
C:\Users\Admin\AppData\Local\18AC68~1\CHROME~1\chrome.exe
C:\Users\Admin\AppData\Local\18AC68~1\CHROME~1\chrome.exe
C:\Users\Admin\AppData\Local\18AC68~1\CHROME~1\chrome.exe
C:\Users\Admin\AppData\Local\18AC68~1\CHROME~1\chrome.exe
C:\Users\Admin\AppData\Local\18AC68~1\CHROME~1\chrome.exe
C:\Users\Admin\AppData\Local\18AC68~1\CHROME~1\chrome.exe
C:\Users\Admin\AppData\Local\18AC68~1\CHROME~1\chrome.exe
C:\Users\Admin\AppData\Local\18AC68~1\CHROME~1\chrome.exe
C:\Users\Admin\AppData\Local\18AC68~1\CHROME~1\chrome.exe
C:\Users\Admin\AppData\Local\18AC68~1\CHROME~1\chrome.exe
C:\Users\Admin\AppData\Local\18AC68~1\CHROME~1\chrome.exe
C:\Users\Admin\AppData\Local\18AC68~1\CHROME~1\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
uDefault_Page_URL = hxxp://www.dell.com
uProxyServer = hxxp=127.0.0.1:20091
uProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
mWinlogon: Userinit = userinit.exe,
uRun: [Google Update] "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GoogleChromeAutoLaunch_A5B343D047FD8BD2F268B0EA0F8DBD7C] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{08808F39-1286-4D36-B213-786E27A14042} : DHCPNameServer = 10.8.64.161 10.8.64.162 10.8.64.187 10.8.66.144
TCP: Interfaces\{B6EA548D-DBDE-4980-8399-6C1710EDBF5C} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{B6EA548D-DBDE-4980-8399-6C1710EDBF5C}\7594E4F566238316 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{B6EA548D-DBDE-4980-8399-6C1710EDBF5C}\84F6C6964616970294E6E6024435D40214962707F6274702134353 : DHCPNameServer = 198.153.192.100 198.153.192.150
TCP: Interfaces\{B6EA548D-DBDE-4980-8399-6C1710EDBF5C}\84F6C69646169794E6E6F54435D414962707F62747 : DHCPNameServer = 198.153.192.100 198.153.192.150
TCP: Interfaces\{B6EA548D-DBDE-4980-8399-6C1710EDBF5C}\94D6D6967627164796F6E6023556276796365637 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{B6EA548D-DBDE-4980-8399-6C1710EDBF5C}\C696E6B6379737 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{B6EA548D-DBDE-4980-8399-6C1710EDBF5C}\E45445745414255393 : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-9 203264]
R2 apidebuggerMonitor;apidebuggerMonitor;C:\Windows\SysWOW64\apidebuggerMonitor\apidebuggerMonitor.exe [2015-1-10 68608]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-1-20 115472]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-1-20 385808]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 indexitvdataProvider.exe;indexitvdataProvider.exe;C:\Users\Admin\AppData\Local\indexitvdataProvider\indexitvdataProvider.exe [2015-1-10 202240]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-1-12 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-1-12 969016]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-7-28 10610400]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-1-12 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-1-12 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-1-12 63704]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-1-20 402192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-25 114688]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 125584]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]
S3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2014-7-25 15360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-2 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-1-2 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-1-2 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-2 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2015-01-12 19:59:26 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ECA775A7-9828-4098-9FB6-DADED0474E02}\offreg.dll
2015-01-12 19:34:18 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-01-12 19:34:18 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-01-12 19:34:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-12 19:30:37 544240 ----a-w- C:\Windows\System32\npdeployJava1.dll
2015-01-12 19:30:37 525808 ----a-w- C:\Windows\System32\deployJava1.dll
2015-01-12 18:38:09 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-12 18:38:05 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-12 18:37:21 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-01-12 17:43:06 -------- d-----w- C:\FRST
2015-01-12 06:21:37 2231296 ----a-w- C:\Windows\System32\ac3filter64.acm
2015-01-12 06:21:36 1679360 ----a-w- C:\Windows\SysWow64\ac3filter.acm
2015-01-12 06:21:33 -------- d-----w- C:\Program Files (x86)\AC3Filter
2015-01-12 05:26:59 755200 ----a-w- C:\Windows\SysWow64\Ir5066b0.rra
2015-01-12 05:26:59 41984 ----a-w- C:\Windows\SysWow64\Ir506874.rra
2015-01-12 05:26:59 41472 ----a-w- C:\Windows\SysWow64\ir4168d2.rra
2015-01-12 05:26:59 40448 ----a-w- C:\Windows\SysWow64\Ir506817.rra
2015-01-12 05:26:59 33280 ----a-w- C:\Windows\SysWow64\ir4168f1.rra
2015-01-12 05:26:54 110592 ----a-w- C:\Windows\SysWow64\iccv52b3.rra
2015-01-12 02:25:00 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ECA775A7-9828-4098-9FB6-DADED0474E02}\mpengine.dll
2015-01-12 01:16:58 -------- d-----w- C:\ProgramData\Malwarebytes
2015-01-10 23:03:38 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DB21C5DD-C769-498A-B1F5-9B0AE2943237}\gapaengine.dll
2015-01-10 23:02:12 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-10 22:36:52 -------- d-----w- C:\Program Files\DivX
2015-01-10 22:36:09 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2015-01-10 22:32:21 -------- d-----w- C:\Program Files (x86)\DivX
2015-01-10 22:27:26 -------- d-----w- C:\ProgramData\DivX
2015-01-10 21:12:06 -------- d-----w- C:\Users\Admin\AppData\Local\18AC68C4-5723-FF41-8E23-F326C007E40B
2015-01-10 21:12:02 -------- d-----w- C:\Windows\SysWow64\apidebuggerMonitor
2015-01-10 21:11:44 -------- d-----w- C:\Users\Admin\AppData\Local\indexitvdataProvider
2015-01-10 21:10:03 -------- d-----w- C:\Users\Admin\AppData\Local\Maxiget
2015-01-10 21:09:34 -------- d-----w- C:\ProgramData\Package Cache
2015-01-04 20:31:49 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-01-04 20:31:49 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-12-29 19:53:39 -------- d-----w- C:\Windows\System32\appraiser
2014-12-28 09:03:27 55808 ----a-w- C:\Windows\System32\rrinstaller.exe
2014-12-28 09:03:27 24576 ----a-w- C:\Windows\System32\mfpmp.exe
2014-12-28 09:03:27 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2014-12-28 09:03:27 2048 ----a-w- C:\Windows\System32\mferror.dll
2014-12-28 09:03:26 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2014-12-28 09:03:26 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2014-12-28 09:03:26 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2014-12-28 09:03:26 206848 ----a-w- C:\Windows\System32\mfps.dll
2014-12-28 09:03:26 103424 ----a-w- C:\Windows\SysWow64\mfps.dll
2014-12-28 09:03:24 4121600 ----a-w- C:\Windows\System32\mf.dll
2014-12-26 04:01:58 -------- d-sh--w- C:\Users\Admin\AppData\Local\EmieBrowserModeList
2014-12-26 03:38:19 -------- d-----w- C:\Users\Admin\AppData\Local\globalUpdate
2014-12-26 03:38:19 -------- d-----w- C:\Program Files (x86)\globalUpdate
2014-12-25 19:48:50 830976 ----a-w- C:\Windows\System32\appraiser.dll
2014-12-25 19:48:50 192000 ----a-w- C:\Windows\System32\aepic.dll
2014-12-25 19:48:50 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
2014-12-25 19:48:50 1083392 ----a-w- C:\Windows\System32\aeinv.dll
2014-12-25 19:48:49 741376 ----a-w- C:\Windows\System32\invagent.dll
2014-12-25 19:48:49 413184 ----a-w- C:\Windows\System32\generaltel.dll
2014-12-25 19:48:49 396800 ----a-w- C:\Windows\System32\devinv.dll
2014-12-25 19:48:48 227328 ----a-w- C:\Windows\System32\aepdu.dll
2014-12-25 19:37:21 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-12-25 19:37:20 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-12-25 19:36:57 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
.
==================== Find3M  ====================
.
2014-12-31 11:14:31 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-12-25 19:22:58 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-25 19:22:58 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-11-18 20:56:48 1202848 ----a-w- C:\Windows\SysWow64\FM20.DLL
2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-11-06 05:42:16 341848 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2014-10-30 02:03:43 165888 ----a-w- C:\Windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
.
============= FINISH: 14:10:26.64 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:40 PM

Posted 13 January 2015 - 10:46 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:40 PM

Posted 21 January 2015 - 06:55 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users