Solved I need help with very strange Chinese SPAM/Malware

I have Firefox loaded, but I rarely ever use it.

 

I was just about to paste the Fixit report and when I clicked on the link to Windows BBS
I was interfered with by the Chinese Spam. This one was different in that when it changed the search tab to all Chinese Characters in the second half of the Chinese chartacters were the Letters DNS and then more Chinese Characters.

Here is the report:

IE Performance and Safety Publisher details


Issues found


Data Execution Prevention disabled



Fixed




Enable Data Execution Prevention


Succeeded





Smartscreen Filter disabled



Fixed




Enable Smartscreen Filter


Succeeded






Issues checked


Caching policy setting for temporary Internet files isn't optimized



Checked



Add-ons are causing Internet Explorer to stop responding



Checked



Add-ons may slow down Internet Explorer startup and tab creation



Checked



Security settings



Checked



Pop-Up Blocker disabled



Checked



The number of simultaneous connections allowed to a server has changed



Checked



Disk space allowed for temporary Internet files isn't optimized



Checked





Issues found Detection details



6
Data Execution Prevention disabled Fixed




Data Execution Prevention (DEP) in Internet Explorer is disabled which may leave the computer vulnerable to remote code execution threats.

















6
Smartscreen Filter disabled Fixed




The Smartscreen Filter is disabled which may leave the computer vulnerable to phishing threats.






















--------------------------------------------------------------------------------




















Issues checked Detection details



6
Caching policy setting for temporary Internet files isn't optimized Checked




Storing temporary Internet files can help speed up browsing when you return to websites that you visit often. If they are not saved, or deleted frequently, browsing might seem slow.















6
Add-ons are causing Internet Explorer to stop responding Checked




One or more problematic add-ons were detected. These add-ons might be causing Internet Explorer to stop responding.















6
Add-ons may slow down Internet Explorer startup and tab creation Checked




One or more add-ons were detected. These add-ons might slow down Internet Explorer startup and tab creation.















6
Security settings Checked




Security settings are not set to the recommended levels which may leave the computer vulnerable to security threats.











--------------------------------------------------------------------------------

































































6
Pop-Up Blocker disabled Checked




The Pop-Up Blocker is disabled allowing pop-ups that may cover web pages.















6
The number of simultaneous connections allowed to a server has changed Checked




The number of concurrent or simultaneous connections that Internet Explorer can maintain to a single website or server has changed. Using the default setting might help improve performance.















6
Disk space allowed for temporary Internet files isn't optimized Checked




The current disk space allocated for the temporary Internet file cache is too large or too small. This can reduce Internet Explorer performance.















Detection details



























Publisher details

 

I'm sorry, Broni, but I don't see how to reset my modem (router) security settings on the page you sent. Should I go ahead anyway?

 

Hi Broni,

Okay, I did as you said and all the lights went off and then, after a minute or so, they all came back on except for the wireless light.

I didn't think to mention this earlier because I didn't think it was connected to this malware problem, but a couple of weeks ago I noticed that the wireless light on the router was constantly on. I called my ISP and the wireless technician told me that there was nothing wrong and that it may just mean that people are trying to piggyback on my wireless connection. It made no sense to me and my modem has been acting kind of strange of late. Anyway, the wireless light is now off.

 

I've just run Google searches of several security software websites, Interpol Cybercrime, FBI Cybercrime, and others in an effort to draw out the malware, but nothing happened and it seems to be working a little better. No problems that I can see at this point, anyway. Although, with this particular malware, I sometimes go for a day or two without seeing it. It seems better though.

 

Me again. I got message asking me if I wanted to use the IE security settings. I selected the Ask me later option.

 

Hi again, Broni,

An hour has passed and it's definitely working better and the wireless light has not come on in all this time, which I think is a good sign.

It's past 1 am so I'm going to turn in now. Thanks so much. Let's talk tomorrow (Thursday) evening.

 

Of course. Sorry about that. I didn't notice them. I did the IE reset and the OTL Fix, so it's just the remaining four, right?

i.e. Security Check, Farbar Service Scanner, Temp File Cleaner and Eset Online Scanner.

 

Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Internet Security 2014
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Secunia PSI (2.0.0.3001)
Java version out of Date!
Adobe Flash Player 12.0.0.77 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 17% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

 

Broni, I'm running Windows 7 64-bit so it's the Farbar 64-bit version, right? Not 32-bit.

 

Farbar Service Scanner Version: 21-05-2014
Ran by a (administrator) on 29-05-2014 at 20:08:48
Running from "C:\Users\a\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UP8DJ452 "
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware "=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

Here's the Temp File Cleaner result:

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: a
->Temp folder emptied: 106402 bytes
->Temporary Internet Files folder emptied: 122657960 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 602 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rosedale Productions
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 252 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 490152 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

Total Files Cleaned = 118.00 mb

 

Broni, there are a couple of options on pg. 1 of ESET.

One of the two need to be checked. They are:

Enable detection of potentially unwanted applications

and

Disable detection of potentially unwanted applications

I should check Enable?