Author Topic: Can't detect botnet, clock is ticking, need help! (Read 5378 times)

REDACTED · « **Reply #15 on:** July 10, 2016, 04:30:04 PM »

That's good! Are we pretty sure resetting the router eliminates any chance the router could be infected? I applied a firmware update after the TWC warnings that had been available for a while -- maybe there was a vulnerability there...

Here's the next set of FRST logs, from the wife's work computer. If these last two computers turn up nothing, I'll give up and see if any more warnings arrive.

essexboy · « **Reply #16 on:** July 10, 2016, 05:56:23 PM »

At the moment after looking at the logs I would lean to an infected router

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Quote

CreateRestorePoint:
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-1633599915-3026970425-1524807270-1006 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-1633599915-3026970425-1524807270-1018 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
CHR HomePage: Profile 3 -> hxxp://search.conduit.com/?gd=&ctid=CT3323897&octid=EB_ORIGINAL_CTID&ISID=MB3CD9896-2E76-441F-ABD1-6CB26C6AB59E&SearchSource=55&CUI=&UM=5&UP=SP1CB79EBA-EE96-483C-AA28-A309B710F687&SSPV=
C:\ProgramData\hash.dat
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool
Click the Scan button and wait for the process to complete.
Click the logfile button and the log will open in Notepad
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted
Please post the content of that log file with your next answer.
The report will be saved in the C:\AdwCleaner folder.

REDACTED · « **Reply #17 on:** July 11, 2016, 03:24:01 PM »

Here are the FRST fixlog and Adwcleaner logs from computer #3 of 4.

essexboy · « **Reply #18 on:** July 11, 2016, 03:39:25 PM »

Any further detections yet ?

REDACTED · « **Reply #19 on:** July 11, 2016, 10:17:36 PM »

Nothing new from TWC or any of my antivirus so far.

Here are the FRST logs from the last computer in the house, #4... it's a much older machine.

essexboy · « **Reply #20 on:** July 12, 2016, 03:50:16 PM »

This has both adaware and Avast, one must go

Quote

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Ad-Aware Antivirus (Disabled - Up to date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}

It may be worth asking your ISP if the are still seeing problems with your connections

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Quote

CreateRestorePoint:
URLSearchHook: HKU\S-1-5-21-1747599479-3015541507-1853431253-1000 - (No Name) - {9b53772a-8259-495d-a6b2-fa5966fe52e1} - No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-1747599479-3015541507-1853431253-1000 -> No Name - {9B53772A-8259-495D-A6B2-FA5966FE52E1} - No File
2016-07-02 04:49 - 2014-11-28 12:39 - 00000000 __SHD C:\Users\Evan\AppData\Local\EmieUserList
2016-07-02 04:49 - 2014-11-28 12:39 - 00000000 __SHD C:\Users\Evan\AppData\Local\EmieSiteList
2016-07-02 04:49 - 2014-11-28 12:39 - 00000000 __SHD C:\Users\Evan\AppData\Local\EmieBrowserModeList
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool
Click the Scan button and wait for the process to complete.
Click the logfile button and the log will open in Notepad
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted
Please post the content of that log file with your next answer.
The report will be saved in the C:\AdwCleaner folder.

Author Topic: Can't detect botnet, clock is ticking, need help! (Read 5378 times)

REDACTED

Re: Can't detect botnet, clock is ticking, need help!

essexboy

Re: Can't detect botnet, clock is ticking, need help!

REDACTED

Re: Can't detect botnet, clock is ticking, need help!

essexboy

Re: Can't detect botnet, clock is ticking, need help!

REDACTED

Re: Can't detect botnet, clock is ticking, need help!

essexboy

Re: Can't detect botnet, clock is ticking, need help!