Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Infected?

Unread postby nunped » December 29th, 2015, 11:15 am

Hi Rick,

As I asked in a previous reply:
I'll ask you to, please, paste the logs, instead of attaching them in the future. It's easier to search them when they are pasted.


Step 1
Please, post the link you got from VirusTotal.

Step 2 - Refresh Firefox


Tell me if anything changed with your computer's behavior.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal
Advertisement
Register to Remove

Re: Infected?

Unread postby Risky Rick » December 29th, 2015, 11:41 am

Hi nunped,

Sorry about the file. It was getting late and I was in a hurry and simply forgot about the file being posted as you requested.


Virus Total:

https://www.virustotal.com/en/file/4d8b ... 451339430/

Firefox has been updated.

The only thing I have noticed is the send is not working on incredimail ... but I also notice the hardrive is not running as it was continually. So it looks like you took care of that issue perhaps? I am still getting a few "server not found" still. That is not usual back a couple months. i was not having that issue. Others using the computer are also seeing that a lot. My internet service provider may be to blame however. I don't know.
Risky Rick
Regular Member
 
Posts: 16
Joined: December 17th, 2015, 5:50 pm

Re: Infected?

Unread postby nunped » December 30th, 2015, 2:24 pm

Hi Rick!

Sorry about the file. It was getting late and I was in a hurry and simply forgot about the file being posted as you requested.

No worries. :)

I'd like to remove the file you uploaded to VirusTotal and try to check your Internet connection.

Do you have a wired or wireless connection?

Step 1 - Fix with FRST
  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    C:\Users\Rick\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.01\agent\stub_data\askrt_en.cab
    EmptyTemp:
    CreateRestorePoint:
    
  • Save it to your Desktop as filename fixlist.txt.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Step 2 - Farbar Service Scanner (FSS) Image
SCAN Option
Please download Farbar Service Scanner ... by Farbar and save it to your Desktop.
  1. Double click FSS.exe to run it on the computer with the issue.
    Please right click on FSS.exe and select "Run As Administrator". If UAC prompts, allow it.
  2. Make sure the following options are checked:

    • Internet Services (checked by default)
    • Other Services
  3. Press the "Scan" button.
    When finished, a text file named FSS.txt will be created on your desktop. (Same folder the tool is run).
  4. Please copy and paste the contents of the FSS.txt log to your reply.
    Note: If you receive an AutoIt error indicating: Error: Variable must be of type "Object", please UNCHECK the "Report Windows Version Fully" option and run the scan again.

Step 3 - MiniToolBox
Please download MiniToolBox.exe ... by Farbar and save it to your Desktop.
  1. Double click MiniToolBox to run it.
    Right click on MiniToolBox.exe and select "Run As Administrator", to run the tool.
  2. Check the following in the list:

    • List IP configuration
  3. Press the Go button.
    A file name Result.txt will be created in the same location where you downloaded MiniToolBox.exe
  4. Close the MiniToolBox window.
  5. Please post the contents of the Result.txt in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Infected?

Unread postby Risky Rick » December 30th, 2015, 4:02 pm

#1 FIXLOG

Fix result of Farbar Recovery Scan Tool (x64) Version:23-12-2015
Ran by Rick (2015-12-30 14:00:57) Run:4
Running from C:\Users\Rick\Desktop
Loaded Profiles: Rick (Available Profiles: Rick)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Users\Rick\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.01\agent\stub_data\askrt_en.cab
EmptyTemp:
CreateRestorePoint:

*****************

C:\Users\Rick\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.01\agent\stub_data\askrt_en.cab => moved successfully
Restore point was successfully created.
EmptyTemp: => 375.3 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 14:01:16 ====

#2 FSS Log

Farbar Service Scanner Version: 10-06-2014
Ran by Rick (administrator) on 30-12-2015 at 14:53:49
Running from "C:\Users\Rick\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

#3 MTB LOG

MiniToolBox by Farbar Version: 02-11-2015
Ran by Rick (administrator) on 30-12-2015 at 14:57:18
Running from "C:\Users\Rick\Desktop"
Microsoft Windows 10 Home (X64)
Model: DX4831 Manufacturer: Gateway
Boot Mode: Normal
***************************************************************************
========================= IP Configuration: ================================

Intel(R) 82578DC Gigabit Network Connection = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
set interface interface="Local Area Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Rick-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : HiTech

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : HiTech
Description . . . . . . . . . . . : Intel(R) 82578DC Gigabit Network Connection
Physical Address. . . . . . . . . : 90-FB-A6-2B-B1-C9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c9a3:d666:4f2a:db82%3(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, December 30, 2015 2:02:51 PM
Lease Expires . . . . . . . . . . : Saturday, February 05, 2152 9:25:35 PM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 194050982
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-AE-CA-A5-90-FB-A6-2B-B1-C9
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:1422:baf:cd58:ef98(Preferred)
Link-local IPv6 Address . . . . . : fe80::1422:baf:cd58:ef98%2(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 117440512
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-AE-CA-A5-90-FB-A6-2B-B1-C9
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.HiTech:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : HiTech
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 2607:f8b0:4002:c06::66
64.233.176.102
64.233.176.100
64.233.176.139
64.233.176.113
64.233.176.101
64.233.176.138


Pinging google.com [74.125.138.100] with 32 bytes of data:
Reply from 74.125.138.100: bytes=32 time=33ms TTL=41
Reply from 74.125.138.100: bytes=32 time=32ms TTL=41

Ping statistics for 74.125.138.100:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 32ms, Maximum = 33ms, Average = 32ms
Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 2001:4998:44:204::a7
2001:4998:58:c02::a9
2001:4998:c:a06::2:4008
206.190.36.45
98.139.183.24
98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=51ms TTL=46
Reply from 98.139.183.24: bytes=32 time=43ms TTL=46

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 43ms, Maximum = 51ms, Average = 47ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
3...90 fb a6 2b b1 c9 ......Intel(R) 82578DC Gigabit Network Connection
1...........................Software Loopback Interface 1
2...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
5...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.2 276
192.168.2.2 255.255.255.255 On-link 192.168.2.2 276
192.168.2.255 255.255.255.255 On-link 192.168.2.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
2 306 ::/0 On-link
1 306 ::1/128 On-link
2 306 2001::/32 On-link
2 306 2001:0:5ef5:79fb:1422:baf:cd58:ef98/128
On-link
3 276 fe80::/64 On-link
2 306 fe80::/64 On-link
2 306 fe80::1422:baf:cd58:ef98/128
On-link
3 276 fe80::c9a3:d666:4f2a:db82/128
On-link
1 306 ff00::/8 On-link
3 276 ff00::/8 On-link
2 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

**** End of log ****


COMPUTER .... My Incredimail will not start up now. Claims there is a problem. It went from not being able to send to not being able to start the program. Will reload it when we are done.
Risky Rick
Regular Member
 
Posts: 16
Joined: December 17th, 2015, 5:50 pm

Re: Infected?

Unread postby nunped » January 1st, 2016, 7:31 am

Hi Rick,

I don't see anything of concern in your logs.
There's the possibility that your Internet connection is dropping and that could be the cause of the "Server Not Found" message.
Anyway, it doesn't seem like a malware problem right now.

I will give you my all-clean speech. I can refer you to another forum, that deals with other computer issues:
https://techguy.org/
Feel free to link to this thread if you want.

Now, some clean-up steps:

Delfix - Delete Fix Processes Image
  1. Please download delfix by Xplode and save it to your desktop.
  2. Right-click on delfix.exe and select " Run as administrator " to run it.
    An application window opens with check box options... The "Remove disinfection tools" option is checked by default.
  3. =================Check ALL the boxes... then press Run.
  4. Check the following boxes... then press Run:
    • Activate UAC
    • Remove disinfection tools --> keep this checked
    • Create registry backup
    • Purge system restore
    • Reset system settings
    When finished, Notepad will open DelFix.txt. The log will be located at the root of the system drive, C:\DelFix.txt.
  5. Please copy and paste the contents of the DelFix.txt file in your next reply.

Don't forget to re-enable your security programs!

Stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly

Please reply to this post so I know you have read it. If you don't have any further questions this thread will be closed.


Safe surfing and a great 2016 for you! ;)
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Infected?

Unread postby Risky Rick » January 1st, 2016, 12:16 pm

Thanks for all your help nunped. You have a great 2016 as well!

# DelFix v1.011 - Logfile created 01/01/2016 at 11:13:40
# Updated 18/08/2015 by Xplode
# Username : Rick - RICK-PC
# Operating System : Windows 10 Home (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\Rick\Downloads\FRST-OlderVersion
Deleted : C:\Users\Rick\Desktop\Addition.txt
Deleted : C:\Users\Rick\Desktop\AdwCleaner.exe
Deleted : C:\Users\Rick\Desktop\AdwCleaner[S1].txt
Deleted : C:\Users\Rick\Desktop\CKScanner.exe
Deleted : C:\Users\Rick\Desktop\Fixlog.txt
Deleted : C:\Users\Rick\Desktop\FRST.txt
Deleted : C:\Users\Rick\Desktop\FSS.exe
Deleted : C:\Users\Rick\Desktop\FSS.txt
Deleted : C:\Users\Rick\Desktop\MiniToolBox.exe
Deleted : C:\Users\Rick\Desktop\Search.txt
Deleted : C:\Users\Rick\Downloads\esetsmartinstaller_enu.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #3 [Windows Update | 12/09/2015 18:08:04]
Deleted : RP #4 [Windows Update | 12/18/2015 21:25:31]
Deleted : RP #5 [Installed SketchUp 2016 | 12/21/2015 19:17:09]
Deleted : RP #7 [Restore Point Created by FRST | 12/25/2015 15:53:38]
Deleted : RP #8 [Windows Update | 12/30/2015 13:21:20]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
Risky Rick
Regular Member
 
Posts: 16
Joined: December 17th, 2015, 5:50 pm

Re: Infected?

Unread postby Cypher » January 2nd, 2016, 7:33 am

As your problems do not appear to be malware related, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14963
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 55 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware