Router infected? Seeking assistance with a fake tech support hijack

[WCSWood]

will have hitman done in a bit.

 

[WCSWood]

HitmanPro 3.7.14.263
www.hitmanpro.com

   Computer name . . . . : WILLIS-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : Willis-PC\Willis
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-04-26 18:50:18
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 10s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 36

   Objects scanned . . . : 984,164
   Files scanned . . . . : 10,032
   Remnants scanned  . . : 178,184 files / 795,948 keys

Suspicious files ____________________________________________________________

   C:\Users\Willis\Downloads\FRST64.exe
      Size . . . . . . . : 2,376,192 bytes
      Age  . . . . . . . : 0.3 days (2016-04-26 10:51:20)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 958E2E32C50A5D38744AD3F880D094F2A4994786FBB5C62393F09C8243558C36
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -63.8s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000e2
         -63.8s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\F0A46FF1-2A06-4500-8237-F82616F6DA92\e6c3e7ab1eea45cc_0
         -63.0s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000e3
         -63.0s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\F0A46FF1-2A06-4500-8237-F82616F6DA92\c5bfd090f8e59788_0
         -56.3s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000e5
         -55.7s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000e6
         -55.7s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000e7
         -55.3s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000e8
         -51.6s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000e9
         -50.7s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ea
         -43.7s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ec
         -41.7s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ed
         -41.3s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ee
         -38.5s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ef
         -36.8s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.bleepingcomputer.com_0.localstorage
         -36.8s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.bleepingcomputer.com_0.localstorage-journal
         -36.7s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000f0
         -36.4s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000f1
         -36.3s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000f2
         -36.2s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000f3
         -36.1s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000f4
         -35.4s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000f5
         -34.2s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000f6
         -28.8s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000f7
         -27.8s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000f8
         -27.1s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000f9
         -26.0s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000fa
         -25.8s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000fb
         -22.5s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000fc
         -22.5s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000fd
         -21.7s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000fe
         -21.0s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ff
         -20.8s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000100
         -19.3s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000101
         -19.0s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000102
         -18.4s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000103
         -15.6s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000104
         -15.5s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000105
         -14.3s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000106
         -12.7s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000107
         -12.6s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000108
         -11.4s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000109
         -11.3s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00010a
         -11.0s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00010b
         -10.6s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00010c
         -5.9s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00010d
         -5.2s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00010e
         -4.7s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00010f
         -4.2s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000110
         -3.9s C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000111
          0.0s C:\Users\Willis\Downloads\FRST64.exe


Potential Unwanted Programs _________________________________________________

   ask.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Web Data


Cookies _____________________________________________________________________

   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:adadvisor.net
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.traffichunt.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.trafficjunky.net
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:as.sexad.net
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:chango.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:d.adroll.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.phn.doublepimp.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:pagefair.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornhub.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornhublive.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:tubemogul.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com
   C:\Users\Willis\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net

 

[WCSWood]

I was wondering if this could be related to my phone? It is the only
place where I have downloaded any apps or accessory programs.
Also, this virus always shuts down the wi-fi router and the computer
at the same time and I have had it kill the internet when the computer
is powered down and disconnected from the internet. Thanks again
for the attention to my issue.

 

[Juliet]

You could had placed something on the computer when downloading an item for your phone, but what, can't tell.

https://support.google.com/chrome/answer/95582?hl=en
Do this for Google Chrome and it will remove those item found by the last scan.

Might turn out you'll need to completely remove it, then reinstall.

http://windows.microsoft.com/en-us/windows/open-device-manager#1TC=windows-7
read over the above article to check for any items in device manager that might need to be reinstalled , should have a yellow or red flag.

~~~~~~~~~~~~~~~~~`

One scan we haven't run.

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
Emergency Backup Procedure - Tech Support Forum

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

How to use ComboFix

Download ComboFix from here:
Link 1
Link 2
Link 3

Place ComboFix.exe on your Desktop <--Important

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
  * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
  
  You can get help on disabling your protection programs here
• Double click on ComboFix.exe & follow the prompts.
• You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
• Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
• When finished, it shall produce a log for you. Post that log in your next reply
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  
  Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer
  
  ---------------------------------------------------------------------------------------------
• Ensure your AntiVirus and AntiSpyware applications are re-enabled.
  
  Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
  Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
  ---------------------------------------------------------------------------------------------
• If there are Internet issues after running ComboFix:
  Internet Explorer:
  Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
  Firefox:
  Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
  Chrome:
  Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
  Safari
  Launch Safari
  Go to general settings menu
  Then in Preferences/ Advanced
  Then on line click Proxies change settings ...
  Click Internet Options, then click the Connections tab, click Network Settings.
  Disable option (uncheck) for the use of proxy server ...
  

~~~~~~~~~~~~~~~~~~`

 

[Juliet]

also

Malwarebytes Anti-Rootkit

• Download Malwarebytes Anti-Rootkit
• Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
• Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
• Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
• Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
• After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
• Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
• If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.

• Please click by the introduction screen on the Next button to continue.

• Next you will see the Update Database screen.
• Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.

• When the update has finished, click on the Next button.

• Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
• Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.

• When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
• Make sure everything is selected and that the option to create a restore point is checked.
• Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
• Click on Yes button to restart your computer.

• There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
• The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
  • For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
• The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.

 

[Juliet]

Sorry to give you so much to do but I have to leave soon.

re-boot the modem and the router again

Turn the router off by the switch, shut down the computer. Wait a couple of minutes, turn the router back on, wait for all the lights to stop flashing then turn the computer back on.

 

[WCSWood]

Hey there, I'm afraid I have no idea what looks like it should be in device manager or not.
And did you mean reinstall Chrome or Windows 7?
And also, I am not seeming to be able to disable Spybots
scanners to please Combofix. Should I let it run anyway?
Should be able to get on the other stuff this evening if my internet
holds out.

 

[Juliet]

Hey there, I'm afraid I have no idea what looks like it should be in device manager or not.
And did you mean reinstall Chrome or Windows 7?
And also, I am not seeming to be able to disable Spybots
scanners to please Combofix. Should I let it run anyway?
Should be able to get on the other stuff this evening if my internet
holds out.

For the time being for now just uninstall/remove Google Chrome, it can be downloaded later.

Spybot's TeaTimer

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
If TeaTimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
In the File menu click "Exit" to exit Spybot Search & Destroy.



Re-enable TeaTimer:

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
doubleClick "Resident".
Check the "Resident "TeaTimer" (Protection of overall system settings) active." box.
In the File menu click "Exit" to exit Spybot Search & Destroy.

Now try to run ComboFix, Malwarebytes Anti-Rootkit

If TeaTimer is causing a problem we can download and install Spybot Search & Destroy later too.

re-boot the modem and the router again

Turn the router off by the switch, shut down the computer. Wait a couple of minutes, turn the router back on, wait for all the lights to stop flashing then turn the computer back on

 

[WCSWood]

ComboFix 16-04-22.01 - Willis 04/27/2016 16:27:25.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3932.2946 [GMT -4:00]
Running from: c:\users\Willis\Desktop\ComboFix.exe
AV: Spybot - Search and Destroy *Disabled/Updated* {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2016-03-27 to 2016-04-27 )))))))))))))))))))))))))))))))
.
.
2016-04-27 20:30 . 2016-04-27 20:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-27 00:09 . 2016-04-27 00:09 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2016-04-27 00:09 . 2016-04-27 00:09 1707160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2016-04-27 00:08 . 2016-04-27 00:08 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2016-04-26 22:48 . 2016-04-26 22:59 -------- d-----w- c:\programdata\HitmanPro
2016-04-26 22:25 . 2016-04-26 22:31 -------- d-----w- C:\AdwCleaner
2016-04-26 14:52 . 2016-04-26 14:53 -------- d-----w- C:\FRST
2016-04-26 10:00 . 2016-03-28 16:07 11686560 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84562AE2-F434-4E98-82DA-6D7C8D13151D}\mpengine.dll
2016-04-24 23:47 . 2016-04-24 23:47 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2016-04-24 23:47 . 2016-04-24 23:47 1707160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2016-04-24 23:46 . 2016-04-24 23:46 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2016-04-24 23:46 . 2016-04-24 23:46 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2016-04-24 15:40 . 2016-04-24 15:40 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-04-24 15:39 . 2016-04-24 22:13 -------- d-----w- c:\programdata\RogueKiller
2016-04-23 14:49 . 2016-03-31 00:33 50176 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2016-04-23 14:48 . 2016-03-31 19:25 814280 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2016-04-23 14:19 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2016-04-23 14:19 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-04-23 12:55 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
2016-04-23 12:54 . 2016-03-06 18:53 2048 ----a-w- c:\windows\system32\msxml3r.dll
2016-04-23 12:54 . 2016-03-06 18:53 1885696 ----a-w- c:\windows\system32\msxml3.dll
2016-04-23 12:54 . 2016-03-06 18:38 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2016-04-23 12:54 . 2016-03-06 18:38 1240576 ----a-w- c:\windows\SysWow64\msxml3.dll
2016-04-23 12:49 . 2015-07-15 18:15 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2016-04-23 12:49 . 2015-07-15 18:10 1743360 ----a-w- c:\windows\system32\sysmain.dll
2016-04-23 12:49 . 2015-07-15 18:10 11264 ----a-w- c:\windows\system32\msmmsp.dll
2016-04-23 12:49 . 2015-07-15 18:02 2560 ----a-w- c:\windows\system32\drivers\en-US\mountmgr.sys.mui
2016-04-23 12:48 . 2015-08-06 18:04 14176768 ----a-w- c:\windows\system32\shell32.dll
2016-04-23 12:48 . 2015-08-06 18:03 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-04-23 12:48 . 2015-08-06 17:44 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2016-04-23 12:47 . 2015-09-01 18:14 503296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2016-04-23 12:47 . 2015-09-01 18:14 1247232 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2016-04-23 12:47 . 2015-09-01 18:14 110592 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2016-04-23 12:47 . 2015-09-01 18:13 224768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2016-04-23 12:47 . 2015-09-01 18:12 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2016-04-23 12:47 . 2015-09-01 17:52 348672 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2016-04-23 12:47 . 2015-09-01 17:52 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2016-04-23 12:46 . 2015-11-03 19:04 802304 ----a-w- c:\windows\system32\usp10.dll
2016-04-23 12:46 . 2015-11-03 18:56 627712 ----a-w- c:\windows\SysWow64\usp10.dll
2016-04-23 12:29 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2016-04-23 12:24 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll
2016-04-23 12:24 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll
2016-04-23 12:24 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll
2016-04-23 12:24 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2016-04-23 12:24 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
2016-04-23 12:24 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
2016-04-23 12:24 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2016-04-23 12:24 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2016-04-23 12:24 . 2014-04-05 02:47 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2016-04-23 12:24 . 2014-04-05 02:47 288192 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2016-04-23 12:22 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2016-04-23 00:37 . 2016-04-23 00:37 -------- d-----w- c:\program files (x86)\Tweaking.com
2016-04-22 23:45 . 2016-04-27 15:40 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-22 23:44 . 2016-04-22 23:44 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-04-22 23:44 . 2016-04-22 23:44 -------- d-----w- c:\programdata\Malwarebytes
2016-04-22 23:44 . 2016-03-10 18:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-04-22 23:44 . 2016-03-10 18:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-04-22 23:44 . 2016-03-10 18:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-04-22 16:28 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2016-04-22 16:28 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2016-04-22 16:28 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2016-04-22 16:28 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2016-04-22 16:28 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2016-04-22 16:28 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2016-04-22 16:28 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2016-04-22 16:28 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2016-04-22 16:28 . 2015-06-03 20:22 457400 ----a-w- c:\windows\system32\ci.dll
2016-04-22 16:28 . 2015-06-03 20:17 546656 ----a-w- c:\windows\system32\winresume.exe
2016-04-22 16:28 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2016-04-22 16:26 . 2016-03-29 17:53 3216896 ----a-w- c:\windows\system32\win32k.sys
2016-04-22 16:26 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2016-04-22 16:26 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2016-04-22 16:26 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2016-04-22 16:22 . 2014-06-18 02:19 449024 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2016-04-22 16:22 . 2014-06-18 01:51 646144 ----a-w- c:\windows\SysWow64\osk.exe
2016-04-22 16:22 . 2014-06-18 02:18 692736 ----a-w- c:\windows\system32\osk.exe
2016-04-22 16:21 . 2015-02-03 03:31 215552 ----a-w- c:\windows\system32\ubpm.dll
2016-04-22 16:21 . 2015-02-03 03:12 171520 ----a-w- c:\windows\SysWow64\ubpm.dll
2016-04-22 16:21 . 2015-11-10 18:55 1648128 ----a-w- c:\windows\system32\DWrite.dll
2016-04-22 16:21 . 2015-11-10 18:55 1180160 ----a-w- c:\windows\system32\FntCache.dll
2016-04-22 16:21 . 2015-11-10 18:39 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2016-04-22 16:21 . 2015-11-10 18:55 1008640 ----a-w- c:\windows\system32\user32.dll
2016-04-22 16:21 . 2015-11-10 18:37 833024 ----a-w- c:\windows\SysWow64\user32.dll
2016-04-22 16:21 . 2015-07-01 20:49 260096 ----a-w- c:\windows\system32\WebClnt.dll
2016-04-22 16:21 . 2015-07-01 20:48 102912 ----a-w- c:\windows\system32\davclnt.dll
2016-04-22 16:21 . 2015-07-01 20:30 206848 ----a-w- c:\windows\SysWow64\WebClnt.dll
2016-04-22 16:21 . 2015-07-01 20:30 82432 ----a-w- c:\windows\SysWow64\davclnt.dll
2016-04-22 15:18 . 2015-11-11 18:53 1735680 ----a-w- c:\windows\system32\comsvcs.dll
2016-04-22 15:18 . 2015-11-11 18:53 525312 ----a-w- c:\windows\system32\catsrvut.dll
2016-04-22 15:18 . 2015-11-11 18:39 1242624 ----a-w- c:\windows\SysWow64\comsvcs.dll
2016-04-22 15:18 . 2015-11-11 18:39 487936 ----a-w- c:\windows\SysWow64\catsrvut.dll
2016-04-22 15:18 . 2015-09-14 21:40 634432 ----a-w- c:\windows\system32\winload.exe
2016-04-22 15:15 . 2014-03-04 09:44 722944 ----a-w- c:\windows\system32\objsel.dll
2016-04-22 15:14 . 2015-07-30 18:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2016-04-22 15:14 . 2015-07-30 17:57 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2016-04-22 15:12 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2016-04-22 15:10 . 2016-02-09 09:55 30720 ----a-w- c:\windows\system32\seclogon.dll
2016-04-22 15:10 . 2015-02-25 03:18 754688 ----a-w- c:\windows\system32\drivers\http.sys
2016-04-22 15:04 . 2015-01-17 02:48 1067520 ----a-w- c:\windows\system32\msctf.dll
2016-04-22 15:04 . 2015-01-17 02:30 828928 ----a-w- c:\windows\SysWow64\msctf.dll
2016-04-22 15:04 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll
2016-04-22 15:04 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2016-04-22 15:04 . 2016-01-22 06:18 961024 ----a-w- c:\windows\system32\CPFilters.dll
2016-04-22 15:04 . 2016-01-22 06:18 723968 ----a-w- c:\windows\system32\EncDec.dll
2016-04-22 15:04 . 2016-01-22 06:04 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2016-04-22 15:04 . 2016-01-22 06:04 535040 ----a-w- c:\windows\SysWow64\EncDec.dll
2016-04-22 15:04 . 2016-01-22 06:17 159744 ----a-w- c:\windows\system32\mtxoci.dll
2016-04-22 15:04 . 2016-01-22 06:02 114176 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-04-22 15:04 . 2016-01-22 06:02 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-04-22 15:04 . 2016-01-22 06:02 290816 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaora.dll
2016-04-22 15:01 . 2016-03-11 18:57 2048 ----a-w- c:\windows\system32\tzres.dll
2016-04-22 15:01 . 2016-03-11 18:35 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2016-04-22 15:01 . 2015-10-13 04:57 950720 ----a-w- c:\windows\system32\drivers\ndis.sys
2016-04-22 15:01 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll
2016-04-22 15:01 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll
2016-04-22 15:01 . 2014-07-17 02:07 235520 ----a-w- c:\windows\system32\winsta.dll
2016-04-22 15:01 . 2014-07-17 02:07 455168 ----a-w- c:\windows\system32\winlogon.exe
2016-04-22 15:01 . 2014-07-17 02:07 150528 ----a-w- c:\windows\system32\rdpcorekmts.dll
2016-04-22 15:01 . 2014-07-17 01:40 157696 ----a-w- c:\windows\SysWow64\winsta.dll
2016-04-22 15:01 . 2014-07-17 01:21 212480 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2016-04-22 15:01 . 2014-07-17 01:21 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2016-04-22 14:59 . 2015-12-08 21:52 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2016-04-22 14:59 . 2015-12-08 19:07 405504 ----a-w- c:\windows\system32\gdi32.dll
2016-04-22 14:54 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2016-04-22 14:54 . 2015-11-03 19:04 241664 ----a-w- c:\windows\system32\els.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-21 19:05 . 2010-11-21 03:27 453288 ------w- c:\windows\system32\MpSigStub.exe
2016-03-17 22:24 . 2016-04-23 15:11 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 SDHookDriver;Hook Test Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = localhost:21320
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-04-27 16:31:24
ComboFix-quarantined-files.txt 2016-04-27 20:31
.
Pre-Run: 953,754,488,832 bytes free
Post-Run: 954,290,442,240 bytes free
.
- - End Of File - - 028C3FAA58B37D7813AE42C5B0CCF8EB
A36C5E4F47E84449FF07ED3517B43A31

 

[WCSWood]

So the rootkit scan showed nothing to clean up.
Also, never found the word resident or teatimer in
spybot, but was able to find a tab that allowed me
to turn off scanning? Am I missing something important
in my Spybot S&D?

 

[WCSWood]

Also, if yer still around. When looking for a way to
close Spybot I came across what they refer to as their
proxy server and a recommendation to select that
as opposed to the proxy server I currently use. I did
so. And, my new computer comes with a free trial of
something called Webroot. Would this be of any benefit
to download and use? Thanks again

 

[Juliet]

So the rootkit scan showed nothing to clean up. Also, never found the word resident or teatimer in spybot, but was able to find a tab that allowed me
to turn off scanning? Am I missing something important
in my Spybot S&D?

No, my information is outdated.

When looking for a way to close Spybot I came across what they refer to as their proxy server and a recommendation to select that
as opposed to the proxy server I currently use. I did so. And, my new computer comes with a free trial of something called Webroot. Would this be of any benefit to download and use? Thanks again

You can try SpyBots proxy and experiment with that.

Webroot is an antivirus?, if you download and install it make sure to only have 1 antivirus on the machine.
~~~~~~~~~~~~~~~~~~~~

ComboFix found something that usually turns up with RogueKiller
ProxyServer: [S-1-5-21-3555595148-3114840531-2816408531-1000] => localhost:21320

With IE open go to Internet options>connections tab>LAN settings< Under Proxy server, make sure Use a Proxy... is not checked

~~~~~~~~~~~~~~~~~~~`
Please download MiniToolBox http://www.bleepingcomputer.com/download/minitoolbox/
save it to your desktop and run it.

Please close any Firefox browsers you may have open
Double click the icon to launch the program
Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

 

[WCSWood]

MiniToolBox by Farbar Version: 07-02-2016 01
Ran by Willis (administrator) on 27-04-2016 at 18:59:48
Running from "C:\Users\Willis\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Model: OptiPlex 760 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: localhost:21320

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================

Intel(R) 82567LM-3 Gigabit Network Connection = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Willis-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82567LM-3 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-25-64-DF-EF-97
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a1f5:d64e:2999:356e%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, April 27, 2016 4:59:57 PM
Lease Expires . . . . . . . . . . : Wednesday, April 27, 2016 8:18:42 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 234890472
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-AB-45-75-00-25-64-DF-EF-97
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{E510B59C-2187-4F93-B8D1-12B6EE9033BC}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2607:f8b0:4004:809::200e
172.217.1.206


Pinging google.com [216.58.217.78] with 32 bytes of data:
Reply from 216.58.217.78: bytes=32 time=41ms TTL=51
Reply from 216.58.217.78: bytes=32 time=42ms TTL=51

Ping statistics for 216.58.217.78:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 41ms, Maximum = 42ms, Average = 41ms
Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 2001:4998:58:c02::a9
2001:4998:44:204::a7
2001:4998:c:a06::2:4008
98.138.253.109
98.139.183.24
206.190.36.45


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=45ms TTL=50
Reply from 98.139.183.24: bytes=32 time=44ms TTL=50

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 44ms, Maximum = 45ms, Average = 44ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 25 64 df ef 97 ......Intel(R) 82567LM-3 Gigabit Network Connection
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.101 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.101 276
192.168.0.101 255.255.255.255 On-link 192.168.0.101 276
192.168.0.255 255.255.255.255 On-link 192.168.0.101 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.101 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.101 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::a1f5:d64e:2999:356e/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

**** End of log ****

 

[WCSWood]

Use a proxy was checked and I unchecked it.

 

[WCSWood]

So I rebooted, power cycled the modem and router
and then checked everything. The Spybot had unchecked
use it's proxy and IE had also rechecked use a proxy.
I have no idea if that means anything.

 

[Juliet]

It means we wait and see if something rears it's ugly head.

Was there a specific browser where this was happening?

 

[WCSWood]

No. I usually only use Chrome, but when it first
started showing the fake tech support screen I used
to check IE and it was also blocked.

 

[Juliet]

Everything we've done should had removed it, how is the computer now?

AND, by downloading something to your cell phone, could be risky business.

 

[WCSWood]

All is as it should be this morning. I have not reinstalled Chrome
but IE LAN settings were unchanged on reboot. Spybot's proxy
server was again unchecked so I reselected to use their's.
I have no intention of downloading any other apps for the phone.
I take it you are not concerned with the wifi router or modem?

 

[Juliet]

What brand name is on your router?

I can try to find the info on how to change the password.