Jump to content

Proxy server error virus - Please help!


Madbantz
 Share

Recommended Posts

Hello,

Recently I downloaded an incorrect file by mistake and now I am receiving a proxy server error for all my web browsers. I have tried resets of the browsers, run virus scans, run malwarebytes (which detected some bad files) however now I am out of ideas. I know there are no issues with the Internet as other devices are connecting with no issues.

I believe it is a similar issue to this: https://forums.malwarebytes.org/index.php?/topic/157663-proxy-server-error-due-virus/

Please help!

Many thanks,

Tim

Link to post
Share on other sites

  • Staff

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

51a612a8b27e2-Zoek.png Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns;b
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.
 
 
 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Hi TwinHeadedEagle,

 

Many thanks for your help.

 

Zoek.exe v5.0.0.0 Updated 24-11-2014
Tool run by tmilton on 25/11/2014 at 10:21:28.36.
Microsoft Windows 7 Enterprise  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\tmilton\Desktop\zoek.exe [scan all users] [script inserted] 
 
==== System Restore Info ======================
 
25/11/2014 10:24:16 AM Zoek.exe System Restore Point Created Succesfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Broadcom deleted successfully
C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\admin\AppData\Roaming\Creative deleted successfully
C:\Users\tmilton\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\tmilton\AppData\Roaming\Open Text deleted successfully
C:\Users\tmilton\AppData\Roaming\webex deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
C:\Windows\system32\appdata deleted
 
==== Deleting Files \ Folders ======================
 
C:\$SBC03A.tmp deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\Windows\wininit.ini deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\tmilton\AppData\Roaming\Mozilla\Firefox\Profiles\bUmij1CY.default\extensions\abs@avira.com deleted
"C:\Windows\Installer\17d30cf.msi" deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [22/11/2014 11:36 AM]
 
==== Firefox Extensions ======================
 
==== Firefox Plugins ======================
 
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[12/09/2014 04:43 AM]
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[22/11/2014 11:35 AM]
 
YouTube - admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Docs - tmilton\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
 
==== Chromium Startpages ======================
 
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3243FB579343EF43A819C58E02AC43B deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5BF3423C-4397-4FE3-A318-C9850EA24CB3} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C3243FB579343EF43A819C58E02AC43B deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\admin\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\tmilton\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\tmilton\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\tmilton\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\tmilton\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\tmilton\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Cache found
 
==== Empty Chrome Cache ======================
 
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\tmilton\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=131 folders=41 81673252 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\admin\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\tmilton\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Users\tmilton\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\tmilton\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
 
==== EOF on 25/11/2014 at 10:59:11.51 ======================
 
 
Attachments below (assuming i uploaded them correctly - drag and drop?)
 
file:///Volumes/NO%20NAME/Addition.txt
file:///Volumes/NO%20NAME/FRST.txt
Link to post
Share on other sites

  • Staff

warning.gif Multiple Resident Protection warning!
 
Always have one (and no more than one!) AntiVirus program! In this case having more of them will not provide you with better protection - instead they may cause slowness, lock-ups and even mark another ones as harmful, leading to leave your system unstable and even damaged. Please choose only one from the listed below to stay with and uninstall the others:

  • avast! Antivirus
  • McAfee VirusScan Enterprise

Uninstallation procedure:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for each uninstalled entry, right-click it and select Uninstall.

This should be done until any other steps will be taken.
 
 
 
 
 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2014 01

Ran by tmilton at 2014-11-25 12:28:48 Run:1

Running from C:\Users\tmilton\Desktop\FRST

Loaded Profile: tmilton (Available profiles: tmilton & admin)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

closeprocesses:

emptytemp:

Task: {55FD106C-4C63-4ED0-BD5B-93FAC4B3EEDD} - \DonutQuotes No Task File <==== ATTENTION

HKU\S-1-5-21-142042000-781976021-1318725885-103767\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp

HKU\S-1-5-21-142042000-781976021-1318725885-103767\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA

HKU\S-1-5-21-142042000-781976021-1318725885-103767\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://intranet.opentext.com/intranet/llisapi.dll?func=Personal.Favorites

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-142042000-781976021-1318725885-103767\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKU\S-1-5-21-142042000-781976021-1318725885-103767 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-142042000-781976021-1318725885-103767 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}

S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

*****************

 

Processes closed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55FD106C-4C63-4ED0-BD5B-93FAC4B3EEDD}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55FD106C-4C63-4ED0-BD5B-93FAC4B3EEDD}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DonutQuotes" => Key deleted successfully.

HKU\S-1-5-21-142042000-781976021-1318725885-103767\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.

HKU\S-1-5-21-142042000-781976021-1318725885-103767\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs => value deleted successfully.

HKU\S-1-5-21-142042000-781976021-1318725885-103767\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => value deleted successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

"HKU\S-1-5-21-142042000-781976021-1318725885-103767\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.

HKU\S-1-5-21-142042000-781976021-1318725885-103767\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

"HKU\S-1-5-21-142042000-781976021-1318725885-103767\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully.

"HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66}" => Key not found.

CtClsFlt => Service deleted successfully.

Synth3dVsc => Service deleted successfully.

tsusbhub => Service deleted successfully.

VGPU => Service deleted successfully.

EmptyTemp: => Removed 1.3 GB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

Link to post
Share on other sites

  • Staff
 



  • Open Internet Explorer by clicking the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33_818. In the search box, type Internet Explorer, and then, in the list of results, click Internet Explorer.




  • Click the Tools button, and then click Internet Options.




  • Click the Connections tab, and then click LAN settings.




  • Select the Use a proxy server for your LAN check box.




  • In the Address box, type the address of the proxy server.




  • In the Port box, type the port number.




  • If your network requires separate proxy addresses for different services, such as HTTP, HTTPS, or FTP, click the Advancedbutton, and then type the individual proxy server addresses to use.




  • When you are finished making changes, click OK until you return to Internet Explorer.



Link to post
Share on other sites

  • Staff

FRST.gif FRST search
 
Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

  • Type Proxy into the Search: field in FRST then click the Search Registry button.
  • FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
  • Please attach it to your reply.
Link to post
Share on other sites

  • Staff

reg_file_icon.jpg Registry Fix

Modifying the registry may create unforeseen results. Please do not proceed, unless you have created a registry backup prior to doing that!

We need to prepare a fix file first.

  • Press the WindowsKey.png + R on your keyboard at the same time.
  • A Run window should appear in the lower left corner. Type in notepad.exe and press Enter.
  • In the shown window paste in the following script. Make sure that all of the codebox content is pasted!
    Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]"ProxyEnable"="0"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]"ProxyOverride"="<local>"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]"MigrateProxy"="0"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]"ProxyServer"=-
  • Go to File menu and select Save as.
  • Make sure that the Save as type option is set to All Files (*.*) and the place to save will be your desktop.
  • Name the file fix.reg and select Save.

After that, your prepared fix.reg file should be located on your desktop.

Now we need to import the file into the registry.

  • Locate the fix.reg file on your desktop.
  • Right-click the reg_file_icon.jpg icon of your file and select Merge.
  • You'll be prompted about adding the information to the registry. Please agree.

After this please manually reboot your machine. Any report won't be generated.

Link to post
Share on other sites

  • Staff

RogueKiller.png Scan with RogueKiller
 
Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on RogueKiller.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.

Link to post
Share on other sites

RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : tmilton [Administrator]

Mode : Scan -- Date : 11/26/2014  09:58:46

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 6 ¤¤¤

[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found

[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found

[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8800;https=127.0.0.1:8800  -> Found

[PUM.Proxy] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8800;https=127.0.0.1:8800  -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3203448110-1706212225-1614624430-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3203448110-1706212225-1614624430-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEKT-75PVMT1 ATA Device +++++

--- User ---

[MBR] 1b0af95234d8f93fbb512e64e6e6813b

[bSP] c2c7a0f9a6b27397a5173c27e8fbe015 : Unknown MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB

1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 752 MB

2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1622016 | Size: 304452 MB

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive1: RIM BlackBerry SD USB Device +++++

Error reading User MBR! NOT VALID!

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive2: RIM BlackBerry USB Device +++++

Error reading User MBR! NOT VALID!

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

+++++ PhysicalDrive3: General UDisk USB Device +++++

--- User ---

[MBR] 39101476787b6a4f8fb9e3e674a26035

[bSP] 8b03c563f32ee3a1bd8914321ec13b1c : Unknown MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1869771365 | Size: 82367 MB

1 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1701519481 | Size: 913028 MB

3 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 0 | Size: 1677301 MB

User = LL1 ... OK

Error reading LL2 MBR! ([32] The request is not supported. )

 

 

============================================

RKreport_DEL_11232014_123051.log - RKreport_DEL_11232014_125800.log - RKreport_DEL_11232014_130916.log - RKreport_DEL_11232014_151920.log

RKreport_DEL_11232014_164916.log - RKreport_DEL_11232014_210228.log - RKreport_DEL_11242014_142631.log - RKreport_SCN_11232014_122918.log

RKreport_SCN_11232014_125643.log - RKreport_SCN_11232014_130856.log - RKreport_SCN_11232014_133421.log - RKreport_SCN_11232014_154738.log

RKreport_SCN_11232014_205734.log - RKreport_SCN_11242014_140405.log 

Link to post
Share on other sites

  • Staff

FRST.gif FRST search
 
Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:

  • Copy ProxyEnable;ProxyServer into the Search: field in FRST then click the Search Registry button.
  • FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.
  • Please attach it to your reply.
Link to post
Share on other sites

  • Staff

reg_file_icon.jpg Registry Fix

Modifying the registry may create unforeseen results. Please do not proceed, unless you have created a registry backup prior to doing that!

We need to prepare a fix file first.

  • Press the WindowsKey.png + R on your keyboard at the same time.
  • A Run window should appear in the lower left corner. Type in notepad.exe and press Enter.
  • In the shown window paste in the following script. Make sure that all of the codebox content is pasted!
    Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]"ProxyEnable"="0"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings]"ProxyEnable"="0"[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]"ProxyEnable"="0"[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]"ProxyEnable"="0"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]"ProxyServer"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings]"ProxyServer"=-
  • Go to File menu and select Save as.
  • Make sure that the Save as type option is set to All Files (*.*) and the place to save will be your desktop.
  • Name the file fix.reg and select Save.

After that, your prepared fix.reg file should be located on your desktop.

Now we need to import the file into the registry.

  • Locate the fix.reg file on your desktop.
  • Right-click the reg_file_icon.jpg icon of your file and select Merge.
  • You'll be prompted about adding the information to the registry. Please agree.

After this please manually reboot your machine. Any report won't be generated.

Link to post
Share on other sites

  • Staff

TDSSKiller_Kaspersky.png Scan with TDSSKiller
 
Please download TDSSKiller by Kaspersky and save it to your desktop.

  • Right-click on TDSSKiller_Kaspersky.png
  • icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Click on Change parameters and put a checkmark beside Loaded modules. A reboot will be needed to apply the changes, allow it to do so.
  • Your machine may appear very slow and unusable after that - it's normal.
  • TDSSKiller will run automaticaly. Click on Change parameters and click OK.
  • Click the Start Scan button and wait patiently.
  • If anything will be found follow this guidelines:
    • If a suspicious object is detected, the default action will be Skip, click on Continue.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
      Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
      If Cure is not available, please choose Skip instead.
    • Do not choose Delete unless instructed!
    A report will be created in your root directory, (usually C:\ drive) in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt. Please include the contents of that file in your next post.

 

 

 

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix
 
This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

 
Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.