Jump to content

Recommended Posts

Hello

 

Over the last couple of days my computer has started to crash almost 50% of the time when trying to load new web pages. It will eventually load after repeatedly refreshing/typing out page address but initially all I get is resolving host.

 

I am running windows 8 and have already tried flushing dns.

 

When that didn't do the trick I carried out a full scan on both avast and malwarebytes which found a few pup files and 1 trojan  which was successfully removed. Running another scan on each program seems to confirm this.

 

However when I then continue to use the internet this same resolving host message keeps coming up.

 

I have downloaded hijack this to create a log file and initially it said it was unable to find one and did I want to start a new. I then did some more research before downloading roguekiller, running a scan there and deleting suggested entries. Hijack this still won't save a log file.

 

Having been through a similar procedure before I was able to do all this without much fuss but am now starting to feel a little in over my head. Please help.

 

My rogue killer scan is as follows:

 

RogueKiller V8.7.6 [Oct 28 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Molly [Admin rights]
Mode : DNSFix -- Date : 11/07/2013 23:30:13
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 3 ¤¤¤
[Tst.HjT] HiJackThis.exe -- C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe[-] -> KILLED [TermProc]
[sUSP PATH] ace_engine.exe -- C:\Users\Molly\AppData\Roaming\ACEStream\engine\ace_engine.exe [7] -> KILLED [TermProc]
[sUSP PATH] TinyDM.exe -- C:\Users\Molly\AppData\Local\DM\TinyDM.exe [-] -> KILLED [TermProc]
[sUSP PATH] ace_update.exe -- C:\Users\Molly\AppData\Roaming\ACEStream\updater\ace_update.exe [7] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 2 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{22DEEBCB-9F17-498E-B345-594BFCDE77A6} : NameServer (208.122.23.22,208.122.23.23 [(Unknown Country?) (XX) - (Unknown Country?) (XX)]) -> REPLACED ()
[DNS][PUM] HKLM\[...]\CS001\[...]\{22DEEBCB-9F17-498E-B345-594BFCDE77A6} : NameServer (208.122.23.22,208.122.23.23 [(Unknown Country?) (XX) - (Unknown Country?) (XX)]) -> REPLACED ()
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : Tst.HjT ¤¤¤
 
Finished : << RKreport[0]_DN_11072013_233013.txt >>
RKreport[0]_D_11072013_232935.txt;RKreport[0]_H_11072013_233006.txt;RKreport[0]_S_11072013_232601.txt
RKreport[0]_S_11072013_232857.txt
 
 
 
Link to post
Share on other sites

I just ran aswMBR also from looking at another thread. Here is the log for that.

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-08 00:05:24
-----------------------------
00:05:24.224    OS Version: Windows x64 6.2.9200 
00:05:24.224    Number of processors: 4 586 0x1001
00:05:24.225    ComputerName: HETTY  UserName: Molly
00:05:24.304    Initialze error 1 
00:05:24.820    AVAST engine defs: 13110700
00:05:41.207    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000039
00:05:41.210    Disk 0 Vendor: WDC_WD10JPVT-60A1YT0 01.01A01 Size: 953869MB BusType: 11
00:05:41.257    Disk 0 MBR read successfully
00:05:41.260    Disk 0 MBR scan
00:05:41.264    Disk 0 unknown MBR code
00:05:41.268    Disk 0 Partition 1 00     EE          GPT            953869 MB offset 1
00:05:41.272    Disk 0 scanning C:\Windows\system32\drivers
00:05:41.275    Service scanning
00:05:42.021    Modules scanning
00:05:42.029    Disk 0 trace - called modules:
00:05:42.040    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 
00:05:42.050    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ad4060]
00:05:42.054    3 CLASSPNP.SYS[fffff88001313e0a] -> nt!IofCallDriver -> [0xfffffa8007a1cb10]
00:05:42.062    5 hpdskflt.sys[fffff88001d71379] -> nt!IofCallDriver -> [0xfffffa80078a3830]
00:05:42.067    7 amd_xata.sys[fffff8800127b634] -> nt!IofCallDriver -> \Device\00000039[0xfffffa80078ca130]
00:05:42.074    AVAST engine scan C:\Windows
00:05:42.080    AVAST engine scan C:\Windows\system32
00:05:42.086    AVAST engine scan C:\Windows\system32\drivers
00:05:42.093    AVAST engine scan C:\Users\Molly
00:05:42.100    AVAST engine scan C:\ProgramData
00:05:42.106    Scan finished successfully
00:06:35.346    Disk 0 MBR has been saved successfully to "C:\Users\Molly\Desktop\MBR.dat"
00:06:35.352    The log file has been saved successfully to "C:\Users\Molly\Desktop\aswMBR.txt"
Link to post
Share on other sites

Hello happygooner! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post the log files in your next reply.

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

  • 2 weeks later...

Thank you Borislav

 

Whatever was afflicting the computer appears to have resolved itself so I have my suspicions it was a problem with the isp rather than anything related to malware in the end. Please feel free to close this thread and if the problems comes back I will start a new.

 

Thanks again

gooner

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.