Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

just to check out the system/tune-up

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

just to check out the system/tune-up

Unread postby brynn » March 21st, 2013, 11:28 pm

Hi Friends,
I'm referred by mikey. At first he thought I was having a browser hijack, but we don't think so anymore. I'm referring to CenturyLink Webhelper service, which provides a search page, instead of a page not found error. I have a new domain and forum, and often when I browse to it for the first time on any given day, I get redirected to that stupid CL search thing. After a few refreshes, I finally get my site. Other times, my site opens right away, as expected. mikey did some investigating, and it turns out this CL search thing is just a stupid corporate stunt. (CL technically provides my internet access, via DSL connection.) But I do seem to have some sluggish domain resolving, so hopefully you can help me fix that while I'm here? I already have DNS Benchmark, and have looked at it some. I've done a lot of reading about changing DNS servers, but tend to get bogged down in technical language. But I keep trying!

But first I will provide the logs that you asked for, and let you guide me from there. I don't have any symptoms of malware issues, but I guess things can sneak in there sometimes. I do run HijackThis once in a while, so I have a pretty good idea what's supposed to be there. Anyway, there haven't been any error messages....well, other than the CL search page, which is substituted for Page Not Found. I can list out all my security programs and practices, if it would be helpful.

Thank you very much :flower:

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.15.2
Run by Jill Davis at 21:22:56 on 2013-03-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4029.1984 [GMT -6:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\GlidePoint\glidesvc.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files\GlidePoint\glidesvc.exe
C:\Program Files (x86)\Games\iWin Games Manager\iWinTrusted.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
C:\Program Files (x86)\Spybot S&D\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Efficient Calendar\Efficient Calendar Free\EfficientCalendarFree.exe
C:\Program Files (x86)\WinPatrol\WinPatrol.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Absolute Software\LoJack for Laptops notifier\LoJackNotifier.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\ProgramData\Rpcnet\Bin\rpcld.exe
C:\Program Files (x86)\Inkscape\inkscape.exe
C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.inkscapeforum.com/index.php
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com/intl/en/options/
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot S&D\Spybot - Search & Destroy\SDHelper.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [WinPatrol] C:\Program Files (x86)\WinPatrol\winpatrol.exe -expressboot
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [EfficientCalendarFree] <no file>
StartupFolder: C:\Users\JILLDA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EFFICI~1.LNK - C:\Program Files (x86)\Efficient Calendar\Efficient Calendar Free\EfficientCalendarFree.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot S&D\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: //irc.freenode.net/#scribus
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} - hxxps://lojackforlaptops.absolute.com/ctmweb/testoc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{4A1992CA-68B4-4261-89A2-B987A264CA05} : DHCPNameServer = 192.168.0.1 205.171.3.25
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [RunDLLEntry] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\AmbRunE.dll,RunDLLEntry
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jill Davis\AppData\Roaming\Mozilla\Firefox\Profiles\3vl44657.default\
FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS
FF - prefs.js: browser.startup.homepage - hxxp://www.inkscapeforum.com/index.php
FF - prefs.js: keyword.URL - hxxps://startpage.com/do/search?languag ... web&query=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2011-8-4 62496]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-27 55280]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdflt.sys [2010-3-25 18792]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2011-12-31 1263200]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2011-8-4 38288]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-5-3 89600]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-12-31 3246040]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-2 202752]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
R2 GlidePoint;GlidePoint Touchpad Client;C:\Program Files\GlidePoint\glidesvc.exe [2011-3-28 262440]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-3-25 60928]
R2 iWinTrusted;iWinTrusted;C:\Program Files (x86)\Games\iWin Games Manager\iWinTrusted.exe [2009-9-2 78104]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2010-2-26 60416]
R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2010-2-26 80896]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2010-2-26 55808]
R2 rpcld;Remote Procedure Call (RPC) LD;C:\ProgramData\Rpcnet\Bin\rpcld.exe --> C:\ProgramData\Rpcnet\Bin\rpcld.exe [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot S&D\Spybot - Search & Destroy\SDWinSec.exe [2010-5-13 1153368]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-5-2 2320920]
R2 WMCoreService;Mobile Broadband Service;C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode --> C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [?]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2010-2-26 23912]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-12-31 285280]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-3-25 172704]
R3 glideusb;GlidePoint USB Touchpad Filter;C:\Windows\System32\drivers\glideusb.sys [2011-3-28 109480]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-2-26 56344]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-11-17 25072]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-3-25 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-3-25 79360]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-5-2 151040]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-23 19456]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-3-25 79360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-23 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-30 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-03-20 12:06:21 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EFB75CC5-FBBB-4BDC-99A7-A3090F87DF18}\mpengine.dll
2013-03-13 00:09:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-03-13 00:04:01 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-08 02:33:59 917400 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2013-03-08 02:33:59 2954136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2013-03-08 02:33:59 277400 ----a-w- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
2013-03-08 02:33:59 13983976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\installer\Firefox Setup 6.0.2.exe
2013-03-08 02:33:58 74136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-03-08 02:33:58 263064 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2013-03-08 02:33:58 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2013-03-08 02:33:58 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2013-03-08 02:33:58 19352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2013-03-08 02:33:58 116120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
2013-02-21 19:51:21 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M ====================
.
2013-03-22 00:59:27 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2013-03-22 00:59:24 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2013-03-17 22:58:34 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-17 22:58:34 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-21 19:51:12 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-02-21 19:51:12 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-17 08:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 21:23:35.39 ===============

Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/27/2010 4:22:05 PM
System Uptime: 3/21/2013 6:59:01 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 0874P6
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz | U2E1 | 928/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 229.154 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP311: 2/14/2013 6:52:14 AM - Windows Update
RP312: 2/19/2013 3:04:23 PM - Windows Update
RP313: 2/21/2013 12:49:47 PM - Removed Java(TM) 6 Update 39
RP314: 2/21/2013 12:50:53 PM - Installed Java 7 Update 15
RP315: 2/23/2013 6:26:29 AM - Windows Update
RP316: 2/26/2013 11:38:25 PM - Windows Update
RP317: 3/2/2013 2:15:17 PM - Windows Update
RP318: 3/7/2013 7:09:46 AM - Windows Update
RP319: 3/12/2013 6:07:18 PM - Windows Update
RP320: 3/20/2013 6:05:37 AM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
Hosts: 127.0.0.1 ads.bleepingcomputer.com
Hosts: 127.0.0.1 wdcs.trendmicro.com
Hosts: 127.0.0.1 www.spywareinfo.com
.
==== Installed Programs ======================
.
7-Zip 4.65 (x64 edition)
Accelerometer
Acronis True Image Home 2011
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Advanced Audio FX Engine
ATI AVIVO64 Codecs
ATI Catalyst Control Center
ATI Catalyst Install Manager
Banctec Service Agreement
Bejeweled 2 Deluxe
Bitvise SSH Client 4.51 (remove only)
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Compatibility Pack for the 2007 Office system
Complete Care Consumer Service Agreement
Cozi
Cubemaster Gold v4.3
Dell Driver Download Manager
Dell Edoc Viewer
Dell Getting Started Guide
Dell Mobile Broadband Manager
Dell Support Center
Dell Touchpad
Dell Webcam Central
Dell Wireless HSPA Mini-Card Drivers
Efficient Calendar Free 1.68
ESET Smart Security
EULAlyzer 2.0
Exact Audio Copy 1.0beta3
GIMP 2.6.8
GlidePoint® Touchpad Driver 3 (64-bit)
Gold Miner SE Free Trial
Google Earth
Google Update Helper
GoToAssist 8.0.0.514
Hexagon Mahjongg
IDT Audio
Inkscape 0.48.4
Intel PROSet Wireless
Intel(R) Management Engine Components
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Turbo Boost Technology Driver
IrfanView (remove only)
Java 7 Update 15
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 20 (64-bit)
Jewel Quest II (remove only)
Jewel Quest Solitaire II (remove only)
Jungle Fruit Free Trial
Junk Mail filter update
Liong the Dragon Free Trial
Live! Cam Avatar Creator
LoJack for Laptops Notifier
Mah Jong Quest II (remove only)
Mahjong Journey of Enlightenment
Mahjong World
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
NASA World Wind 1.4
Notepad++
OpenOffice.org 3.2
PowerDVD DX
Puzzle Express Free Trial
Quickset64
Realtek Ethernet Controller Driver For Windows Vista and Later
RENESIS® Player Browser Plugins
RENESIS® Player Windows Thumbnail Plugin
RICOH Media Driver ver.2.07.01.04
Roxio Burn
Scribus 1.3.8
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
ShisenSho 0.3.0
Skins
SmileyPad v2.28
Sound Blaster X-Fi MB
Spybot - Search & Destroy
SpywareBlaster 4.6
Sudoku, Kakuro + Friends 1.00
SVG Explorer Extension 0.1.1
Twistingo Free Trial
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Virus 3 Free Trial
Visual IRC 2.0
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinPatrol 2009
.
==== Event Viewer Messages From Past Week ========
.
3/21/2013 6:59:18 PM, Error: Service Control Manager [7000] - The Dock Login Service service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================
brynn
Active Member
 
Posts: 10
Joined: March 19th, 2013, 10:10 pm
Advertisement
Register to Remove

Re: just to check out the system/tune-up

Unread postby melboy » March 22nd, 2013, 2:59 pm

I'm melboy and I am going to try to help you with any problems. Please take note of the following:

  1. I will be working on any malware issues you may have with your machine.
  2. Any fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


========================================


TFC

Please download TFC by Old Timer to your desktop,

  • Save any unsaved work. TFC will close all open application windows. Your recycle bin will be emptied.
  • Right click on TFC.exe and select "Run as Administrator"
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, select the Settings tab, then the Scanner Settings tab
  • For Action for Potentially Unwanted Programs (PUP), choose Show in results list and check for removal
  • Select to the Scanner tab, select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



aswMBR

Download aswMBR and save it to your Desktop.

  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • When the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK
  • Two files will be created, aswMBR.txt & a file named MBR.dat
  • Save MBR.dat to to a form of removable media. (CD, DVD, USB flash drive etc) - This is a backup of your MBR. Do not delete this file.
  • NOTE: Do not click to fix anything at this stage!
  • Click EXIT.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: just to check out the system/tune-up

Unread postby brynn » March 23rd, 2013, 1:49 pm

Thanks, melboy. I just wanted to let you know I've seen your reply, and working on your instructions. I'm not feeling very well today, so might not get it finished today. But I'll try 8)
brynn
Active Member
 
Posts: 10
Joined: March 19th, 2013, 10:10 pm

Re: just to check out the system/tune-up

Unread postby brynn » March 23rd, 2013, 2:14 pm

Ok, TFC is done. But I have a small problem with your instructions for MBAM. On the Settings tab, then Scanner tab, I don't have Action for Potentially Uwanted Program or Show Results in List and check for removal, or anything close to that. My MBAM version is 1.46, and I haven't upgraded in a pretty long time. Should I upgrade?

Or otherwise.....well, everything on that tab is checked, so I'll go ahead and do the scan, and be back shortly with the log.
brynn
Active Member
 
Posts: 10
Joined: March 19th, 2013, 10:10 pm

Re: just to check out the system/tune-up

Unread postby brynn » March 23rd, 2013, 2:23 pm

Here comes MBAM log (no malicious items found):

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 913032308

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

3/23/2013 12:18:58 PM
mbam-log-2013-03-23 (12-18-58).txt

Scan type: Quick scan
Objects scanned: 236245
Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
brynn
Active Member
 
Posts: 10
Joined: March 19th, 2013, 10:10 pm

Re: just to check out the system/tune-up

Unread postby brynn » March 23rd, 2013, 3:23 pm

Ok, here comes aswMBR file:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-23 12:25:02
-----------------------------
12:25:02.022 OS Version: Windows x64 6.1.7601 Service Pack 1
12:25:02.022 Number of processors: 8 586 0x1E05
12:25:02.022 ComputerName: JILLSLAPTOP UserName: Jill Davis
12:25:03.632 Initialize success
12:33:23.214 AVAST engine defs: 13032301
12:45:00.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:45:00.084 Disk 0 Vendor: WDC_WD3200BEKT-75F3T0 11.01A11 Size: 305245MB BusType: 11
12:45:00.204 Disk 0 MBR read successfully
12:45:00.211 Disk 0 MBR scan
12:45:00.230 Disk 0 Windows VISTA default MBR code
12:45:00.238 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:45:00.280 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
12:45:00.340 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290205 MB offset 30800325
12:45:00.372 Disk 0 scanning C:\Windows\system32\drivers
12:45:19.469 Service scanning
12:45:52.229 Modules scanning
12:45:52.250 Disk 0 trace - called modules:
12:45:52.298 ntoskrnl.exe CLASSPNP.SYS disk.sys stdflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:45:52.311 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004de8060]
12:45:52.330 3 CLASSPNP.SYS[fffff8800188f43f] -> nt!IofCallDriver -> [0xfffffa8004c68ce0]
12:45:52.343 5 stdflt.sys[fffff8800184da4a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004af6680]
12:45:53.751 AVAST engine scan C:\Windows
12:45:56.787 AVAST engine scan C:\Windows\system32
12:50:12.986 AVAST engine scan C:\Windows\system32\drivers
12:50:32.022 AVAST engine scan C:\Users\Jill Davis
13:00:40.702 AVAST engine scan C:\ProgramData
13:04:49.145 Scan finished successfully
13:06:24.054 Disk 0 MBR has been saved successfully to "C:\Users\Jill Davis\Desktop\MBR.dat"
13:06:24.068 The log file has been saved successfully to "C:\Users\Jill Davis\Desktop\aswMBR.txt"
brynn
Active Member
 
Posts: 10
Joined: March 19th, 2013, 10:10 pm

Re: just to check out the system/tune-up

Unread postby brynn » March 23rd, 2013, 3:45 pm

Hopefully a minor issue, has cropped up since I ran these tools. Whenever I access my Favorites menu, which is a Firefox add-on, I get a red ESET alert:

Address has been blocked. It gives a URL http://www.comfort-software.com/favicon.ico and an IP address.

So now I need to know how to stop that alert from popping up every time I use the Favs menu :-)

Note that I have restarted in an attempt to stop it, but it didn't. I'm guessing that comfort software makes the Ff add-on, but I haven't confirmed that.

Thanks :-)

Edit
Hhmmm....actually no, that's not it. Maybe the scans uncovered something....?

Edit #2
Oohh, it's actually a shortcut in my Fav menu. No idea where it came from. But somewhere in all these instructions, I think it was said not to make any changes or delete anything. So I'll hold off for now. But my instinct is to just delete the shortcut.
brynn
Active Member
 
Posts: 10
Joined: March 19th, 2013, 10:10 pm

Re: just to check out the system/tune-up

Unread postby melboy » March 24th, 2013, 10:21 am

Hi brynn. :)

brynn wrote:my instinct is to just delete the shortcut.
I can't see why ESET has an issue with it, but yes - delete it.

https://www.virustotal.com/en/url/54819 ... 364134528/

brynn wrote:My MBAM version is 1.46, and I haven't upgraded in a pretty long time. Should I upgrade?
Yes, upgrade to the latest. That's quite far behind the current release.

You are using an old version of Java. Oracle's Java (Was Sun Java) is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Oracle Java is:
Java Runtime Environment Version 7 Update 17.


Uninstall Programs

  • Go to start > control panel > programs and features.
  • Right click on each instance of:

    • Java 7 Update 15
    • Java Auto Updater
    • Java(TM) 6 Update 18
    • Java(TM) 6 Update 20 (64-bit)
    • Malwarebytes' Anti-Malware

  • Click Uninstall & then follow the prompts to remove it.
  • If something isn't found, please continue with the next entry in the list.


Malwarebytes' Anti-Malware (MBAM)

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup-version.number.exe and follow the prompts to install the program.
  • At the end, Uncheck Enable the free trial Malwarebytes' Anti-Malware PRO
    (You can activate this when we've finished, if you wish)
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Select the Settings tab, then the Scanner Settings tab
  • For Action for Potentially Unwanted Programs (PUP), choose Show in results list and check for removal
  • Select to the Scanner tab, select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when the application is started.
.
Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: just to check out the system/tune-up

Unread postby brynn » March 24th, 2013, 9:51 pm

Hi melboy,
Oh, so the page you linked is showing that only ESET sees it as a problem? Does that mean likely it's....a false positive, or something like that?

I've seen all the warnings about Java, over the last, idk, year or so. And since I hardly ever need or use it, I thought I had disabled it. And I think I've been ignoring updates, because I don't use it. But I do understand why I should have a current version.

Ok, I'll follow your instructions, and post back when I'm finished 8)

Thanks
brynn
Active Member
 
Posts: 10
Joined: March 19th, 2013, 10:10 pm

Re: just to check out the system/tune-up

Unread postby brynn » March 24th, 2013, 10:30 pm

All Java stuff is uninstalled.

No malicious items found in MBAM scan 8)

Edit

Oops, forgot the log. Here it is:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.24.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jill Davis :: JILLSLAPTOP [administrator]

3/24/2013 8:24:14 PM
mbam-log-2013-03-24 (20-24-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222044
Time elapsed: 3 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
brynn
Active Member
 
Posts: 10
Joined: March 19th, 2013, 10:10 pm

Re: just to check out the system/tune-up

Unread postby melboy » March 25th, 2013, 7:00 pm

Hi brynn :)

How are things running - any problems?

Did you set Startpage.com as your default search engine in Firefox?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: just to check out the system/tune-up

Unread postby brynn » March 25th, 2013, 10:10 pm

There haven't been any changes really. I didn't think I had a malware problem before, but mikey apparently thought it would be a good idea to have you guys check out my system.

The problem that I still have, that mikey at first thought was a browser hijack, is getting the stupid CenturyLink search page, instead of my website. I tried to open my site just now, and got the CL search page again. After a few to several tries, I'll get into my site.

mikey thinks my DNS servers are too slow. I have DNS Benchmark, and want to get better DNS servers, and thought you guys might help me set that up. I can probably do it myself, but when you're unsure, it's always nice to have someone more knowledgable to help. Anyway, I guess that's not what you guys do here? If we're pretty much finished here, I'll go ahead and start on that on my own.

What I don't know, is if getting different DNS servers will help with the CL problem. Maybe I should go to CL, but the info I have so far (even though it offers an opt out option which doesn't work) is that it can't be disabled. But STILL, my site IS THERE, and I shouldn't be getting the CL search/not found page, at all!

Do you think better DNS servers will stop me from getting the CL page? Is it because my domain resolving is so slow, that CL thinks it's not there at all? (Technically, CL provides my internet access, which is part of what makes it so confusing to me.)

Yes, I set StartPage as my default search engine. (I boycott Google, as much as possible.)

Thanks 8)

PS -- There may be some other problem going on with either my site or server. For some reason, I can't stay logged in to my own site! I've confirmed that I have the cookie(s). And if I click on certain links on the front page of the site, when that page opens, I'm magically logged in. So maybe not staying logged in is somehow connected to getting the CL page??? I've been wondering if better DNS servers would help with staying logged in. I could give you a link to my site, but I think you'd need admin permissions to be able to look around. Plus, that's pretty much mikey's job (as host) anyway. Also, it's seriously under construction! But if this info rings any bells for you, it might be helpful. Anyway, thanks again 8)
brynn
Active Member
 
Posts: 10
Joined: March 19th, 2013, 10:10 pm

Re: just to check out the system/tune-up

Unread postby melboy » March 26th, 2013, 2:53 pm

Hi brynn :)

It's certainly worth trying different DNS servers to see if that resolves the problem.

Your current ones are listed here:
TCP: NameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{4A1992CA-68B4-4261-89A2-B987A264CA05} : DHCPNameServer = 192.168.0.1 205.171.3.25

Whois Lookup: http://whois.domaintools.com/205.171.3.25

The IP address resolves to redirect1.qwest.net (Qwest were acquired by Century Link a couple of years ago) Perhaps DNS queries are redirected first?

Either change them to the IP addresses listed here: http://www.centurylinkservices.net/faq.php#dnsips

Code: Select all
dns-auth-3.centurylinkservices.net	207.14.235.234	Primary
dns-auth-4.centurylinkservices.net	67.238.98.162	Secondary
dns-auth-5.centurylinkservices.net	74.4.19.187	Secondary


Or alternatively, try OpenDNS. There are instructions on the page here: https://store.opendns.com/start/

You can use the information on how to change DNS settings in the OpenDNS links to change the DNS settings to either OpenDNS or CenturyLink's.

Let me know if you need further help. :)
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: just to check out the system/tune-up

Unread postby brynn » March 27th, 2013, 5:56 am

Thanks melboy. I managed to change my DNS servers last night. But I was tired, so I didn't want to log off, and log back on to test, because I was just too tired to deal with it, if there was a problem. But I logged on just now, without any problems. And the best news, I browsed to my website, and it opened immediately! And not only that, but I'm logged in! So indeed, the better DNS servers seem to have solved the problems I was having.

(I doesn't seem like much of a stretch, to think that Century Link has its customers configure these slow DNS servers, on purpose, so that their customers have to get redirected to see their garbage, and generate more income for themselves. What a shameful program!! (imo) Makes me want to consider other ways to access the internet!)

Anyway, thanks for your help in checking out my system. Now I can rest assured, not only that my system is clean, but that my security practices over the last several years have been effective. :sunny:

Image
brynn
Active Member
 
Posts: 10
Joined: March 19th, 2013, 10:10 pm

Re: just to check out the system/tune-up

Unread postby melboy » March 27th, 2013, 7:47 pm

Your logs look to be clean. Congratulations!

This is my general post for when your logs show no signs of malware ;) - Please let me know if you still are having problems with your computer and what these problems are.


OTC by OldTimer

Download OTC by Old Timer and save it to your Desktop.

  • Right click on OTC.exe and select "Run as Administrator"
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself


================================================


General Security and Computer Health

Below are some steps to follow in order to dramatically lower the chances of infection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.


Enable UAC

The User Account Control (UAC) helps protect your PC against malicious software.
http://windows.microsoft.com/en-US/wind ... nt-control

  1. Click on Start > Control Panel.
  2. In the search box, type uac, and then click Change User Account Control settings.
  3. Move the slider to choose when you want to be notified (I recommend at least the Default level).
  4. Click OK.

  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Manually check for Windows updates via Start > All Programs > Windows Update > In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your PC, or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.


    Recommended Programs

    I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

    • WinPatrol
      As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
    • Malwarebytes' Anti-Malware
      Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. You can find a tutorial HERE. As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. The Full version can be used as an addition to an anti-virus & includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.
      It's IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges. You can now trial the full versions features within the program. Click the Protection Tab to see.
    • Hosts File
      For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.

Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Gary R & Wingman:
COMPUTER SECURITY - a short guide to staying safer online

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 127 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware