Jump to content

unwanted PuPs and Host and Proxy changes...


Recommended Posts

Hello. I have been battling something since I reformatted last week.

  I think I have traced it to a bad HJT download site where the HJT program was bundled with other .exe files.

When I installed the HJT last night, everything autoran even though my settings are set for them not to. I had to do a force shutdown..

The computer started OK but took about 5-8 minutes after log on to get to the desktop...

I ran Spybot and came up with 5 different PuPs and deleted them...

 

Thank I was not able to go on the internet, something was blocking it. SO I ran the DDS and it found a hidden harmful start-up program.

Since I could not get on the internet to post the report, I just deleted it, and everything was OK, I can get on the internet now. Also, no reports were generated after the DDS scan.

 

I tried to run the Junk File Remover, but it says:

 "Not enough free memory to run program, close applications and try again"    I have 6 gigs of memory 

 

So I decided to run the RogueKiller64 and it, too, found something.

 

Not sure what to do now, I literally just reformatted...

 

 

RogueKiller V8.7.8 _x64_ [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Aluk To Dolo [Admin rights]
Mode : Scan -- Date : 11/17/2013 17:30:23
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 7 ¤¤¤
[PROXY IE][PUM] HKCU\[...]\Internet Settings : ProxyServer (localhost:21320 [Country: (Private Address) (XX), City: (Private Address)]) -> FOUND
[DNS][PUM] HKLM\[...]\CCSet\[...]\{415FEA29-C966-46AB-9D22-F69BA9BEB61A} : NameServer (8.26.56.26,156.154.70.22 [uNITED STATES (US) - PHILIPPINES (PH)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{415FEA29-C966-46AB-9D22-F69BA9BEB61A} : NameServer (8.26.56.26,156.154.70.22 [uNITED STATES (US) - PHILIPPINES (PH)]) -> FOUND
[DNS][PUM] HKLM\[...]\CS002\[...]\{415FEA29-C966-46AB-9D22-F69BA9BEB61A} : NameServer (8.26.56.26,156.154.70.22 [uNITED STATES (US) - PHILIPPINES (PH)]) -> FOUND
[iFEO] HKLM\[...]\taskmgr.exe : Debugger (C:\Program Files\COMODO\COMODO Internet Security\killswitch.exe [7]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31000528AS ATA Device +++++
--- User ---
[MBR] cc908465360b86dea2a6024b885900a0
[bSP] 334a29248bdd3eaf78b17f2f6d35f663 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_11172013_173023.txt >>
 
Link to post
Share on other sites

Please close this pot. I am going to re-re-format my hard-drive. I have serious problems: my desktop has been hijacked and random desktop backgrounds appear and disappear, along with random icons- some of which I have never seen before. Also, all of my internet security, anti-virus, and firewall settings and programs are reset constantly. Also, I think someone has remotely connected to my computer and opened a grey-dialog box that moves around the computer screen saying "This computer is not yours"

I keep running Adwarex64 and it keeps reporting the same problems even though I delete them.

So, to be safe, I am going to reformat.

 

Question to whomever, this problem has been an issue for me for several months now, and I have reformatted 3 times since August and the problems persist. Am I being hacked or do I have a problem with my HHD?
Thanks for any help!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.