Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS_PROBE_FINISHED_NXDOMAIN issue


  • This topic is locked This topic is locked
12 replies to this topic

#1 ixy

ixy

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 30 December 2015 - 07:42 PM

Hello.

 

I somehow managed to get the DNS Unlocker Adware on my computer. I'm not sure when or how, but today I decided to get rid of it.

So I cleaned the computer with MalwareBytes, CCleaner, MSE, I removed all programs and files I used recently that I deemed suspicious and all that... but now I get the NXDOMAIN issue in all browsers.

 

I tried using AdwCleaner, Hitman Pro, Junkware Removal Tool, Tweaking.com's Windows Repair, Complete Internet Repair 2 and Farbar's MiniToolBox, but nothing helped.

sfc /scannow in Elevated Command did not find any integrity violations.

I have run through a couple of existing threads on the same issue, but nothing helped. I haven't tried actually fixing stuff with FRST because I don't really know how to make my own fixlist.txt file.

 

Since it seems I'm out of my depth here, I decided to open a new thread, hoping someone here will be able to help me.

Any help is appreciated. The FRST log is below, and the Addition log is attached to the post. Farbar's Service Scanner log is attached to the post as well. Thanks in advance.

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-12-2015

Ran by Ivan (administrator) on IVAN-PC (31-12-2015 01:29:29)
Running from J:\p
Loaded Profiles: Ivan (Available Profiles: Ivan & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apache Software Foundation) G:\xampp\apache\bin\httpd.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files\MPICH2\bin\smpd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\System32\tlntsvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apache Software Foundation) G:\xampp\apache\bin\httpd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2463552 2014-10-04] (NVIDIA Corporation)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1441792 2014-08-06] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1802380458-132828128-3351205960-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1802380458-132828128-3351205960-1000\...\MountPoints2: {39e4bbf3-1c2f-11e5-b1e4-0015834f971a} - J:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1802380458-132828128-3351205960-1000\...\MountPoints2: {f68026c0-8367-11e2-87a0-806e6f6e6963} - K:\setup.exe
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156840 2014-10-30] (NVIDIA Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [NameServer]  
Tcpip\..\Interfaces\{2E35359F-D32B-4766-B5BE-B5C834838EA5}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{4C351ABB-A636-4A51-B812-FD8A1F77C2CD}: [NameServer]  
Tcpip\..\Interfaces\{4CA21D34-E64C-4407-A83C-D37766594407}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5D14FFBB-DD50-436F-9D0A-27E1C6C04090}: [NameServer]  
Tcpip\..\Interfaces\{61BE3C46-E335-4373-B26A-64945D3AD4CE}: [NameServer]  
Tcpip\..\Interfaces\{9CF7CC2B-829B-4EF1-96BF-4AFD9BA11F8C}: [NameServer]  
Tcpip\..\Interfaces\{9CF7CC2B-829B-4EF1-96BF-4AFD9BA11F8C}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B97CC93A-80FD-4808-A675-95EE708BCA0E}: [NameServer]  
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1802380458-132828128-3351205960-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> G:\Program Files\Java\jre7\bin\ssv.dll [2014-05-20] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> G:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-05-20] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-11-01] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> G:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-11-01] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\vwi8g2y5.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_110.dll [2013-09-30] ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> G:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> G:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-05-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_110.dll [2013-09-30] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-11-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-11-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> G:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> G:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1802380458-132828128-3351205960-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1802380458-132828128-3351205960-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-1802380458-132828128-3351205960-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ivan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF Extension: Greasemonkey - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\vwi8g2y5.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-12-30]
FF Extension: Firebug - C:\Users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\vwi8g2y5.default\Extensions\firebug@software.joehewitt.com.xpi [2015-11-16]
StartMenuInternet: FIREFOX.EXE - G:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR NewTab: Default -> "chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
CHR Plugin: (Native Client) - C:\Users\Ivan\AppData\Local\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ivan\AppData\Local\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ivan\AppData\Local\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => No File
CHR Plugin: (Google Update) - C:\Users\Ivan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (AdBlock) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-04]
CHR Extension: (eHistory) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiiknjobjfknoghbeelhfilaaikffopb [2014-04-12]
CHR Extension: (Speed Dial 2) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2015-11-10]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-12-30]
CHR Extension: (Save to Pocket) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-10-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Google Drive) - C:\Users\Ivan\AppData\Roaming\extensions\extension_chrome [2015-02-18]
CHR Profile: C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google disk) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-07]
CHR Extension: (Google disk) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-03]
CHR Extension: (Google disk) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-03]
CHR Extension: (Google disk) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-03]
StartMenuInternet: Google Chrome - C:\Users\Ivan\AppData\Local\Google\Chrome\Application\chrome.exe
 
Opera: 
=======
StartMenuInternet: (HKLM) OperaStable - G:\Program Files (x86)\Opera\Launcher.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apache2.4; G:\xampp\apache\bin\httpd.exe [22016 2013-02-23] (Apache Software Foundation) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S4 Ds3Service; C:\ScpServer\bin\ScpService.exe [381952 2014-03-13] (Scarlet.Crush Productions) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-10-04] (NVIDIA Corporation)
S4 hasplms; C:\Windows\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
R2 mpich2_smpd; C:\Program Files\MPICH2\bin\smpd.exe [1219072 2011-02-17] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S4 mysql; G:\xampp\mysql\bin\mysqld.exe [8151040 2013-05-16] () [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-10-04] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-10-04] (NVIDIA Corporation)
S4 Origin Client Service; G:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-16] (Electronic Arts)
S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-09] ()
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-18] ()
S4 RalinkRegistryWriter; C:\Program Files (x86)\Ovislink\Common\RaRegistry.exe [185632 2009-12-15] (Ralink Technology, Corp.)
S4 RalinkRegistryWriter64; C:\Program Files (x86)\Ovislink\Common\RaRegistry64.exe [212256 2009-12-15] (Ralink Technology, Corp.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5447952 2015-03-25] (TeamViewer GmbH)
R2 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
S4 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 ASPI32; no ImagePath
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [23304 2009-09-24] (IVT Corporation.)
S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [27776 2009-09-24] ()
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S1 cdrblock; C:\Windows\System32\DRIVERS\cdrblock.sys [34360 2008-05-30] (Canopus Co,. Ltd.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2015-04-12] (Echobit, LLC)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [30344 2009-08-26] (IVT Corporation.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [427008 2009-06-10] (Realtek Semiconductor Corporation                           )
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2013-11-11] (Duplex Secure Ltd.)
U3 acclcqrz; C:\Windows\System32\Drivers\acclcqrz.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MBfilt; system32\drivers\MBfilt64.sys [X]
S3 RTL85n64; system32\DRIVERS\RTL85n64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-31 01:19 - 2015-12-31 01:19 - 00000000 ____D C:\Program Files\HitmanPro
2015-12-31 01:11 - 2015-12-31 01:11 - 00000000 ____D C:\ProgramData\HitmanPro
2015-12-31 00:57 - 2015-12-31 01:29 - 00000000 ____D C:\FRST
2015-12-31 00:47 - 2015-12-31 01:26 - 00000563 _____ C:\Users\Ivan\Desktop\JRT.txt
2015-12-31 00:41 - 2015-12-31 00:43 - 00000000 ____D C:\AdwCleaner
2015-12-31 00:07 - 2015-12-31 00:07 - 00003650 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2015-12-31 00:07 - 2015-12-31 00:07 - 00001000 _____ C:\Users\Ivan\Desktop\Tweaking.com - Windows Repair.lnk
2015-12-31 00:07 - 2015-12-31 00:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-12-30 22:45 - 2015-12-30 22:45 - 00000000 ____D C:\Users\Ivan\Documents\Hard Reset Extended
2015-12-30 22:41 - 2015-12-30 22:41 - 00000000 ____D C:\ProgramData\Battle.net
2015-12-30 22:40 - 2015-12-30 22:41 - 02950200 _____ (Blizzard Entertainment) C:\Users\Ivan\Downloads\Battle.net-Setup.exe
2015-12-30 20:40 - 2015-12-30 20:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-30 20:38 - 2015-12-30 20:39 - 22908888 _____ (Malwarebytes ) C:\Users\Ivan\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-30 11:07 - 2015-12-30 11:07 - 00012475 _____ C:\Users\Ivan\Downloads\[rutracker.org].t5124547.torrent
2015-12-28 19:17 - 2015-12-28 19:17 - 00000221 _____ C:\Users\Ivan\Desktop\Hard Reset.url
2015-12-28 19:16 - 2015-12-28 19:16 - 00019326 _____ C:\Windows\System32\Tasks\{25E2D11D-28C3-32B8-CD1B-E0828D41CAF1}
2015-12-28 19:16 - 2015-12-28 19:16 - 00000000 ____D C:\ProgramData\{1079b0da-1064-1}
2015-12-28 19:16 - 2015-12-28 19:16 - 00000000 ____D C:\ProgramData\{0a8b0662-5064-0}
2015-12-20 17:43 - 2015-12-20 17:43 - 00000651 _____ C:\Users\Ivan\Desktop\hogwarts.lnk
2015-12-20 15:30 - 2015-12-20 15:31 - 00000000 ____D C:\Users\Ivan\Desktop\s
2015-12-20 11:34 - 2015-12-20 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NiGHTS Into Dreams
2015-12-13 23:05 - 2015-12-13 23:05 - 00000949 _____ C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-12-13 21:09 - 2015-12-13 21:09 - 00000862 _____ C:\Windows\system32\termcap
2015-12-06 19:26 - 2015-12-06 19:26 - 00459902 _____ C:\Users\Ivan\Downloads\Christmas.Movie.Pack.1.torrent
2015-12-04 19:24 - 2015-12-31 01:13 - 00000000 ____D C:\Users\Ivan\AppData\Local\CrashDumps
2015-12-04 17:56 - 2015-12-04 17:56 - 00020472 _____ C:\Users\Ivan\Downloads\[rutracker.org].t5124266.torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-31 01:25 - 2009-07-14 05:45 - 00022000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-31 01:25 - 2009-07-14 05:45 - 00022000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-31 01:21 - 2014-01-08 17:10 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-31 01:21 - 2009-07-14 06:13 - 00776356 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-31 01:21 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-31 01:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-31 01:18 - 2014-09-21 13:39 - 00003754 _____ C:\Windows\System32\Tasks\AutoKMS
2015-12-31 01:17 - 2015-08-24 17:38 - 00000000 ____D C:\Users\Ivan\AppData\Local\TSVNCache
2015-12-31 01:17 - 2014-01-08 17:10 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-31 01:17 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-31 01:17 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-31 01:13 - 2012-06-28 10:45 - 00000000 ____D C:\Windows\Minidump
2015-12-31 01:13 - 2012-05-15 18:43 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\DAEMON Tools Lite
2015-12-31 01:13 - 2012-05-15 18:40 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Winamp
2015-12-31 01:13 - 2012-05-15 16:40 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\uTorrent
2015-12-31 01:08 - 2014-02-26 12:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-31 01:07 - 2015-05-16 09:47 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Everything
2015-12-31 01:05 - 2015-11-12 20:59 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2015-12-31 01:04 - 2013-08-22 01:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-12-31 01:04 - 2012-06-20 20:57 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-31 01:04 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-31 01:02 - 2012-05-15 16:11 - 00000954 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1802380458-132828128-3351205960-1000UA.job
2015-12-31 00:30 - 2012-05-15 16:11 - 00184304 _____ C:\Users\Ivan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-31 00:30 - 2011-04-12 09:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-12-31 00:30 - 2009-07-14 05:45 - 06560568 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-31 00:29 - 2011-04-12 09:28 - 00000000 ____D C:\Windows\CSC
2015-12-31 00:26 - 2009-07-14 03:34 - 00000855 _____ C:\Windows\system32\Drivers\etc\hosts.bak
2015-12-31 00:26 - 2009-07-14 03:34 - 00000514 _____ C:\Windows\win.ini
2015-12-30 23:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Vss
2015-12-30 10:27 - 2012-05-15 16:08 - 00000000 ____D C:\Users\Ivan\AppData\Local\ElevatedDiagnostics
2015-12-30 02:42 - 2012-10-21 19:00 - 00000000 ____D C:\Users\Ivan\AppData\Local\Paint.NET
2015-12-28 19:08 - 2014-02-26 12:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-28 19:08 - 2012-06-09 13:05 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-28 19:08 - 2012-06-09 13:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-21 00:22 - 2013-11-28 17:10 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\foobar2000
2015-12-20 18:01 - 2012-05-15 16:11 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1802380458-132828128-3351205960-1000Core.job
2015-12-20 15:30 - 2013-09-06 17:25 - 00000000 ___RD C:\Users\Ivan\Desktop\Igrice
2015-12-11 20:01 - 2009-07-14 06:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-10 17:37 - 2014-09-09 21:02 - 00003844 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1399336782
2015-12-09 04:39 - 2010-11-21 04:27 - 00301728 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-06 21:04 - 2012-09-11 17:46 - 00000000 ____D C:\Users\Ivan\AppData\Roaming\Skype
2015-12-06 19:37 - 2015-11-12 20:59 - 00000000 ____D C:\Users\Ivan\Downloads\PopcornTime
2015-12-04 18:15 - 2014-01-08 17:10 - 00003944 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 18:15 - 2014-01-08 17:10 - 00003692 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-04 17:56 - 2012-05-15 16:11 - 00003926 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1802380458-132828128-3351205960-1000UA
2015-12-04 17:56 - 2012-05-15 16:11 - 00003530 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1802380458-132828128-3351205960-1000Core
 
==================== Files in the root of some directories =======
 
2013-01-14 19:21 - 2013-03-04 16:54 - 0000132 _____ () C:\Users\Ivan\AppData\Roaming\Adobe GIF Format CS5 Prefs
2012-06-11 19:54 - 2015-11-08 20:16 - 0000132 _____ () C:\Users\Ivan\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-07-03 18:26 - 2014-07-03 18:13 - 0012005 _____ () C:\Users\Ivan\AppData\Roaming\alsoft.ini
2014-05-05 15:06 - 2014-05-05 15:06 - 0000000 _____ () C:\Users\Ivan\AppData\Roaming\sdsce.dll
2012-05-17 23:06 - 2014-07-25 17:54 - 0000600 _____ () C:\Users\Ivan\AppData\Roaming\winscp.rnd
2015-11-07 12:41 - 2015-11-07 12:41 - 225111747 _____ () C:\Users\Ivan\AppData\Local\ACCCx3_3_0_151.zip.aamdownload
2015-11-07 12:41 - 2015-11-07 12:41 - 0002615 _____ () C:\Users\Ivan\AppData\Local\ACCCx3_3_0_151.zip.aamdownload.aamd
2013-01-14 21:39 - 2015-06-27 13:58 - 0001456 _____ () C:\Users\Ivan\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-09-15 23:20 - 2013-12-18 23:18 - 1065984 _____ () C:\Users\Ivan\AppData\Local\file__0.localstorage
2012-10-30 15:49 - 2015-10-04 16:50 - 0000600 _____ () C:\Users\Ivan\AppData\Local\PUTTY.RND
2014-12-08 02:30 - 2014-12-08 02:30 - 0000218 _____ () C:\Users\Ivan\AppData\Local\recently-used.xbel
2013-03-17 16:38 - 2013-03-20 20:46 - 0001534 _____ () C:\ProgramData\ss.ini
 
Some files in TEMP:
====================
C:\Users\Ivan\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-30 22:00
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 PM

Posted 31 December 2015 - 10:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-1802380458-132828128-3351205960-1000\...\Run: [AdobeBridge] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1802380458-132828128-3351205960-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Plugin: (Native Client) - C:\Users\Ivan\AppData\Local\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ivan\AppData\Local\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ivan\AppData\Local\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => No File
CHR Plugin: (Google Update) - C:\Users\Ivan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
S4 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S1 ASPI32; no ImagePath
U3 acclcqrz; C:\Windows\System32\Drivers\acclcqrz.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MBfilt; system32\drivers\MBfilt64.sys [X]
S3 RTL85n64; system32\DRIVERS\RTL85n64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
CustomCLSID: HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ivan\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {DCA84B9E-C047-4AF6-968A-799BF4A8664B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-09-21] ()
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\TEMP:88050731
C:\Windows\AutoKMS
C:\Windows\System32\Drivers\acclcqrz.sys
C:\Program Files (x86)\Popcorn Time

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

If the problem persists check this out.

Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
Select Setting
Advanced Settings
Change Proxy settings
Select the Connection tab.
Select LAN settings
Remove any .pac file in tne Address box.
Select "Automatically detect settings.

Click the OK button.

Restart chome.

===

Let me know is the problem persists.


Unless you need these old versions of Java remove them via the Control Panel > Programs and Features applet.
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java SE Development Kit 7 Update 55 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

#3 ixy

ixy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 31 December 2015 - 11:33 AM

Hi. Thanks for replying.

I have done all the steps you outlined, but the problem still persists.

The Fixlog from FRST is pasted to the bottom of the post.

 

I have tried resetting Chrome, as well as clearing the cache and cookies. It didn't help.

Also, I have removed the old Java versions. I don't really need them, I have just been too lazy to do maintenance.

 

There weren't any proxies in the LAN settings. However, when I run Chrome, the first thing it does (before even showing me the start screen) is the following:

1. Resolving proxy...

2. Downloading proxy script...

3. Resolving host...

 

This seems suspicious. However, as I've said, there aren't any proxies listed in the settings. And I am unable to find any obviously suspicious processes or services running.

 

FRST Fixlog:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:30-12-2015
Ran by Ivan (2015-12-31 17:14:26) Run:1
Running from J:\p
Loaded Profiles: Ivan (Available Profiles: Ivan & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-1802380458-132828128-3351205960-1000\...\Run: [AdobeBridge] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1802380458-132828128-3351205960-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Plugin: (Native Client) - C:\Users\Ivan\AppData\Local\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ivan\AppData\Local\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ivan\AppData\Local\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => No File
CHR Plugin: (Google Update) - C:\Users\Ivan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
S4 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S1 ASPI32; no ImagePath
U3 acclcqrz; C:\Windows\System32\Drivers\acclcqrz.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MBfilt; system32\drivers\MBfilt64.sys [X]
S3 RTL85n64; system32\DRIVERS\RTL85n64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
CustomCLSID: HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ivan\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ivan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {DCA84B9E-C047-4AF6-968A-799BF4A8664B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-09-21] ()
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\TEMP:88050731
C:\Windows\AutoKMS
C:\Windows\System32\Drivers\acclcqrz.sys
C:\Program Files (x86)\Popcorn Time

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1802380458-132828128-3351205960-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1802380458-132828128-3351205960-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
C:\Users\Ivan\AppData\Local\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => not found.
C:\Users\Ivan\AppData\Local\Google\Chrome\Application\47.0.2526.106\pdf.dll => not found.
C:\Users\Ivan\AppData\Local\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => not found.
C:\Users\Ivan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
Update service => service removed successfully
ASPI32 => service removed successfully
acclcqrz => service not found.
BT => service removed successfully
Btcsrusb => service removed successfully
IntcAzAudAddService => service removed successfully
MBAMSwissArmy => service removed successfully
MBfilt => service removed successfully
RTL85n64 => service removed successfully
VBoxNetFlt => service removed successfully
VComm => service removed successfully
VcommMgr => service removed successfully
vmci => service removed successfully
VMnetAdapter => service removed successfully
"HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => key removed successfully
"HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKU\S-1-5-21-1802380458-132828128-3351205960-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCA84B9E-C047-4AF6-968A-799BF4A8664B} => key not found.
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
"C:\Windows\SysWOW64\zlib.dll" => ":DocumentSummaryInformation" ADS not found.
"C:\Windows\SysWOW64\zlib.dll" => ":SummaryInformation" ADS not found.
C:\Windows\SysWOW64\zlib.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\ProgramData\TEMP => ":88050731" ADS removed successfully.
C:\Windows\AutoKMS => moved successfully
"C:\Windows\System32\Drivers\acclcqrz.sys" => not found.
C:\Program Files (x86)\Popcorn Time => moved successfully
EmptyTemp: => 421.5 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 17:14:37 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 PM

Posted 06 January 2016 - 09:06 AM

Sorry for this long delay.

Are you still with me?

#5 ixy

ixy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 06 January 2016 - 02:44 PM

Yes, of course. No need to apologize for the delay. It's holiday season and you are doing this for free, after all. I'm grateful you're helping me at all!

 

I still haven't managed to fix the issue, and I'm not eager to reinstall Windows because of this issue if it's not necessary.

Browsing through Tor works. Which is not surprising, but additional info never hurts.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 PM

Posted 07 January 2016 - 08:13 AM

Lets check further.

You will need to temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Click the Options in bold the following options are available to you.
Select only the check boxes for the options in bold.

Running Processes
Installed Programs
Startup Information
FireFox look
Chrome Look
Auto Clean


Do a Quick Scan
HijackThis log
Uninstall list
Shortcut Fix
Do a Deep Scan
Installer List
IE Default
Silent Runner
System Restore Info
Symlink Check
Reset Chrome
System Specs
Recently created
Empty Temp
Auto Clean



Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.
Do
Please attach the zoek-results.log in your reply. It's probably too long to post.

How to:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.

Make sure you Enable your AV Program.

Let me know what issues are persisting.

#7 ixy

ixy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 07 January 2016 - 05:00 PM

The same issue still persists, even after running Zoek tool. The Zoek log is attached to this post.

 

If it's of any relevance, the wireless network icon in the tray has the yellow alert icon over it after booting (the No Internet access one).

In other words, it does connect to my wireless network, but it doesn't have any internet access.

 

Only after I launch a web browser for the first time (presumably that's the moment it sets up its proxy or whatever it does) does it change to a "working" icon.

But then I get the NXDOMAIN issue.

 

It's the same regardless of the browser I launch (except for Tor). Even launching Steam triggers it. Understandable, since Steam shows its homepage on launch.

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 PM

Posted 08 January 2016 - 09:16 AM

But then I get the NXDOMAIN issue


This is probably caused by a DNS issue.

Read about it.

https://support.opendns.com/entries/33254034-Domain-resolving-with-NXDOMAIN-or-incorrect-IP-address

This is not malware and not my forte.

I suggest you start a new topic in the Networking forum if you need additional help.

Forum link.
http://www.bleepingcomputer.com/forums/f/21/networking/

Before you start a new topic download and run this tool.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List content of Hosts
  • List IP Configuration
  • List Winsock Entries
  • List Installed Programs
  • List Users, Partitions and Memory size
  • List Devices (problems only)
  • List Minidump Files
  • List Restore Points
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
================

If the problem persists then post the log in the Network forum.

#9 ixy

ixy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 08 January 2016 - 09:21 PM

Yeah, I suspect it's a DNS issue, but I as far as I can see, nothing has changed since my first post.

But you are right, I'm not sure if the issue is caused by malware or by bad network configuration. I just assumed it was the former since it happened at the same time, I can't see any changes in my network settings and Chrome is downloading some proxy settings and stuff before noting the issue.

 

In any case, thanks a lot for all the help.

 

 

As you have instructed, I ran MiniToolBox and posted the log in a new thread.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 PM

Posted 09 January 2016 - 08:27 AM

I will keep this topic open for 6 days. If you need to return please do.

#11 ixy

ixy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 11 January 2016 - 04:25 AM

Hi again. Thanks for keeping the thread open.

 

A recent post by Jo* in the other thread implies there are some leftovers of the dnsunlocker adware.

This looks promising, but I'm not really sure what or where these entries exactly are. Or what to do with them, honestly.

 

I would be really grateful if you could just take a quick look and share some thoughts on it. Thanks!



#12 ixy

ixy
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:30 AM

Posted 11 January 2016 - 03:23 PM

nasdaq posted in the other thread with a solution which worked in the end.

 

As I noted there, thanks to everyone who helped out with this, I probably would have spent much more time on this without you guys.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:30 PM

Posted 17 January 2016 - 09:57 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users