Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

chrome opens new tabs endlessly and cannot type in address bar


  • Please log in to reply
29 replies to this topic

#1 czechraiser

czechraiser

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 02 April 2013 - 03:53 PM

Hi, please help. this is a relatively new computer but it has started having new windows/tabs popping up endlessly. If i try doing something on the computer like opening a program or typing in the start/search window the process accelerates. For some reason, when i open chrome in sandboxie it works ok for a while but then gets going again. i desperately need my computer to function as i work from it. I have tried searching for what virus it is by googling symptoms, but nothing. I have also run avast, kaspersky tdds, sophos, and malwarebytes all coming up negative. 

 

I also admit to having tried both hijack this (which keeps generating new file missing items that i 'fix' but reappear and combofix also to no avail (I did both before coming to this site). 

 

Thank you for any and all help. So depressed by this. 

 

Here are the dds files:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.02)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD Steady Video Plug-In 
AMD VISION Engine Control Center
calibre
Camtasia Studio 8
CarbonPoker
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ComicRack v0.9.160
Comodo Dragon
COMODO Internet Security
Full Tilt Poker
GeekBuddy
Google Chrome
Google Update Helper
Java 7 Update 17
Java Auto Updater
K-Lite Codec Pack 9.6.5 (Full)
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Panda Cloud Cleaner
ParadisePoker
PartyPoker
PokerStars
PokerStars.fr
PokerStrategy.com Equilab
PokerTracker 4 (remove only)
PostgreSQL 8.3
ProPokerTools Odds Oracle 2.2.1
Realtek Ethernet Controller Driver
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Sandboxie 3.76 (64-bit)
Skype™ 6.1
Sophos Virus Removal Tool
StarCraft II
TeamViewer 8
VLC media player 2.0.5
Winner Poker
WinRAR 4.20 (64-bit)
WPT Poker
.
==== End Of File ===========================
 
and
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 10.17.2
Run by Gordon G at 22:39:44 on 2013-04-02
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{60EDABCB-8CE5-448B-9328-6625C98C0B18} : DHCPNameServer = 10.0.0.138
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2013-04-02 20:16:53 -------- d-sh--w- C:\$RECYCLE.BIN
2013-04-02 19:50:10 -------- d-----w- C:\ComboFix
2013-04-01 12:14:12 -------- d-----w- C:\Program Files (x86)\Common Files\COMODO
2013-03-30 21:26:33 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2013-03-30 21:24:06 98816 ----a-w- C:\Windows\sed.exe
2013-03-30 21:24:06 256000 ----a-w- C:\Windows\PEV.exe
2013-03-30 21:24:06 208896 ----a-w- C:\Windows\MBR.exe
2013-03-30 20:53:21 -------- d-----w- C:\Users\Gordon G\AppData\Roaming\Malwarebytes
2013-03-30 20:53:13 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-30 20:53:12 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-30 20:53:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-30 00:55:51 -------- d-----w- C:\comics
2013-03-29 22:54:25 -------- d-----w- C:\Users\Gordon G\AppData\Local\Equilab
2013-03-29 22:53:58 -------- d-----w- C:\Program Files (x86)\PokerStrategy.com
2013-03-29 22:53:26 -------- d-----w- C:\Users\Gordon G\AppData\Local\Downloaded Installations
2013-03-29 20:06:46 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-27 18:24:45 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2013-03-27 18:08:57 -------- d-----w- C:\Program Files (x86)\Panda Security
2013-03-24 04:06:05 -------- d-----w- C:\Users\Gordon G\AppData\Local\ElevatedDiagnostics
.
==================== Find3M  ====================
.
2013-03-29 20:06:36 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-29 20:06:36 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-28 16:42:32 56072 ----a-w- C:\Windows\System32\certsentry.dll
2013-03-28 16:42:32 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll
2013-03-13 13:06:11 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 13:06:11 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-24 21:43:04 43216 ----a-w- C:\Windows\System32\cmdcsr.dll
2013-01-24 21:43:02 461384 ----a-w- C:\Windows\System32\guard64.dll
2013-01-24 21:43:02 354752 ----a-w- C:\Windows\SysWow64\guard32.dll
2013-01-24 21:42:54 45776 ----a-w- C:\Windows\System32\cmdkbd64.dll
2013-01-24 21:42:54 326352 ----a-w- C:\Windows\System32\cmdvrt64.dll
2013-01-24 21:42:50 40656 ----a-w- C:\Windows\SysWow64\cmdkbd32.dll
2013-01-24 21:42:50 263888 ----a-w- C:\Windows\SysWow64\cmdvrt32.dll
2013-01-23 20:55:27 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-01-23 20:55:27 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2013-01-23 20:55:27 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2013-01-16 18:51:46 699880 ----a-w- C:\Windows\System32\drivers\cmdguard.sys
2013-01-16 18:51:46 48360 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2013-01-16 18:51:44 23176 ----a-w- C:\Windows\System32\drivers\cmderd.sys
.
============= FINISH: 22:41:01.63 ===============
 

Let me know if you wish me to post the hijack this or combofix reports or anything else as I will do it right away. Thank you very much. Gordon



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:11 PM

Posted 02 April 2013 - 04:24 PM


Hello czechraiser

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
  • Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 czechraiser

czechraiser
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 02 April 2013 - 05:20 PM

Hi, thanks for responding so quickly. Here are two of the texts requested. adwcleaner ran but did not create a text nor even a file where it was supposed to be located. 

 

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Gordon G [Admin rights]
Mode : Scan -- Date : 04/02/2013 23:54:16
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 5 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: WDC WD20EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 96acab29dc3fd0fe79c9a2572784823a
[BSP] e5d3466419fa9c732ee7e1c182fbe934 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1907627 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[1]_S_04022013_02d2354.txt >>
RKreport[1]_S_04022013_02d2354.txt
 
 
 
 Results of screen317's Security Check version 0.99.61  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 8 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Panda Cloud Cleaner   
 Java 7 Update 17  
 Adobe Reader XI  
 Google Chrome 25.0.1364.172  
 Google Chrome 26.0.1410.43  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 
 Results of screen317's Security Check version 0.99.61  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 8 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Panda Cloud Cleaner   
 Java 7 Update 17  
 Adobe Reader XI  
 Google Chrome 25.0.1364.172  
 Google Chrome 26.0.1410.43  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#4 czechraiser

czechraiser
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 02 April 2013 - 05:21 PM

I keep getting hijacked off this page when i try to type here so i have to do quick responses and enter or what i write gets lost. i ran adw and security check twice because when i first ran all three as you said in the right order, the texts for the first two were created and i saved them, but when i went back to get them they were gone. 

 

whatever the problem is, it is still here and active...



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:11 PM

Posted 02 April 2013 - 05:32 PM


Hello czechraiser

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

  • Gringo




I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 czechraiser

czechraiser
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 02 April 2013 - 05:52 PM

Hi again,

The computer seems to be behaving the way it was to start all of this. I should note that it doesn't always do it; it behaves normally for a little while but then begins the process and starts firing up the chrome tabs or new windows (it does both) and doesn't allow any typing in the address bar (erases it and leaves you on the start page). 

 

here's the log from combofix:

 

 

ComboFix 13-04-02.01 - Gordon G 04/03/2013   0:40.3.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8189.6617 [GMT 2:00]
Running from: c:\users\Gordon G\Downloads\ComboFix.exe
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Antivirus *Disabled/Outdated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-02 to 2013-04-02  )))))))))))))))))))))))))))))))
.
.
2013-04-02 22:45 . 2013-04-02 22:45 -------- d-----w- c:\users\postgres\AppData\Local\temp
2013-04-02 22:45 . 2013-04-02 22:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-02 21:33 . 2013-04-02 21:33 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-02 21:33 . 2013-04-02 21:33 310688 ----a-w- c:\windows\system32\javaws.exe
2013-04-02 21:33 . 2013-04-02 21:33 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-02 21:33 . 2013-04-02 21:33 188832 ----a-w- c:\windows\system32\javaw.exe
2013-04-02 21:33 . 2013-04-02 21:33 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-04-02 21:33 . 2013-04-02 21:33 188320 ----a-w- c:\windows\system32\java.exe
2013-04-02 21:33 . 2013-04-02 21:33 -------- d-----w- c:\program files\Java
2013-04-02 21:31 . 2013-04-02 21:31 -------- d-----w- c:\users\Gordon G\AppData\Local\HoldemResources
2013-04-02 21:28 . 2013-04-02 21:28 -------- d-----w- c:\program files (x86)\ALL IN Expert
2013-04-02 21:28 . 2001-03-12 14:07 260096 ----a-w- c:\windows\SysWow64\richtx32.ocx
2013-04-02 21:28 . 2000-05-22 13:58 140488 ----a-w- c:\windows\SysWow64\comdlg32.ocx
2013-04-02 21:28 . 1998-06-23 22:00 115016 ----a-w- c:\windows\SysWow64\msinet.ocx
2013-04-01 12:14 . 2013-04-01 12:14 -------- d-----w- c:\program files (x86)\Common Files\COMODO
2013-03-30 21:26 . 2013-03-30 21:26 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-03-30 20:53 . 2013-03-30 20:53 -------- d-----w- c:\users\Gordon G\AppData\Roaming\Malwarebytes
2013-03-30 20:53 . 2013-03-30 20:53 -------- d-----w- c:\programdata\Malwarebytes
2013-03-30 20:53 . 2013-03-30 20:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-30 20:53 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-30 00:55 . 2013-03-30 00:59 -------- d-----w- C:\comics
2013-03-29 22:54 . 2013-03-30 01:35 -------- d-----w- c:\users\Gordon G\AppData\Local\Equilab
2013-03-29 22:53 . 2013-03-29 22:53 -------- d-----w- c:\program files (x86)\PokerStrategy.com
2013-03-29 22:53 . 2013-03-29 22:53 -------- d-----w- c:\users\Gordon G\AppData\Local\Downloaded Installations
2013-03-29 20:07 . 2013-03-29 20:07 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-03-29 20:06 . 2013-03-29 20:06 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-29 20:06 . 2013-03-29 20:06 -------- d-----w- c:\program files (x86)\Java
2013-03-27 18:24 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2013-03-27 18:08 . 2013-03-27 18:08 -------- d-----w- c:\program files (x86)\Panda Security
2013-03-24 04:06 . 2013-03-24 04:06 -------- d-----w- c:\users\Gordon G\AppData\Local\ElevatedDiagnostics
2013-03-15 13:26 . 2013-03-15 13:26 -------- d-----w- c:\users\Gordon G\AppData\Roaming\Media Player Classic
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-29 20:06 . 2013-02-05 01:06 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-29 20:06 . 2013-02-05 01:06 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-28 16:42 . 2013-01-23 20:55 56072 ----a-w- c:\windows\system32\certsentry.dll
2013-03-28 16:42 . 2013-01-23 20:55 47368 ----a-w- c:\windows\SysWow64\certsentry.dll
2013-03-13 13:06 . 2012-12-22 16:36 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 13:06 . 2012-12-22 16:36 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-06 23:32 . 2013-01-10 04:12 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-01-24 21:43 . 2013-01-24 21:43 43216 ----a-w- c:\windows\system32\cmdcsr.dll
2013-01-24 21:43 . 2013-01-24 21:43 461384 ----a-w- c:\windows\system32\guard64.dll
2013-01-24 21:43 . 2013-01-24 21:43 354752 ----a-w- c:\windows\SysWow64\guard32.dll
2013-01-24 21:42 . 2013-01-24 21:42 45776 ----a-w- c:\windows\system32\cmdkbd64.dll
2013-01-24 21:42 . 2013-01-24 21:42 326352 ----a-w- c:\windows\system32\cmdvrt64.dll
2013-01-24 21:42 . 2013-01-24 21:42 40656 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2013-01-24 21:42 . 2013-01-24 21:42 263888 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2013-01-23 20:55 . 2013-01-23 20:55 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-01-23 20:55 . 2013-01-23 20:55 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2013-01-23 20:55 . 2013-01-23 20:55 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2013-01-22 03:53 . 2013-01-22 03:53 73728 ----a-r- c:\users\Gordon G\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-01-22 03:53 . 2013-01-22 03:53 73728 ----a-r- c:\users\Gordon G\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-01-22 03:53 . 2013-01-22 03:53 73728 ----a-r- c:\users\Gordon G\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-01-16 18:51 . 2013-01-16 18:51 95752 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-01-16 18:51 . 2013-01-16 18:51 699880 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-01-16 18:51 . 2013-01-16 18:51 48360 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-01-16 18:51 . 2013-01-16 18:51 23176 ----a-w- c:\windows\system32\drivers\cmderd.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-12-16 765200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"gbrspcontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2013-03-13 1851088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe [2013-3-29 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-03-13 1851088]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2013-01-16 23176]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2013-01-16 699880]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2013-01-16 48360]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [2013-03-29 70352]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2013-03-28 2074768]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2010-12-14 65536]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-01-24 158928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-29 12:55 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-22 13:06]
.
2013-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-22 23:45]
.
2013-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-22 23:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-01-24 1451728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.0.0.138
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-03  00:47:47
ComboFix-quarantined-files.txt  2013-04-02 22:47
ComboFix2.txt  2013-04-02 20:02
.
Pre-Run: 1,724,039,966,720 bytes free
Post-Run: 1,723,737,112,576 bytes free
.
- - End Of File - - C74E9644B4887AB213B92386631394E6


#7 czechraiser

czechraiser
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 02 April 2013 - 06:05 PM

Ok, i may have reported incorrectly. The computer seems now to be working normally with no sudden tab opening, but this kind of lull has happened before so I'm not sure whether the virus/malware is gone or hibernating for the moment... Either way much thanks for the help so far :)



#8 czechraiser

czechraiser
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 02 April 2013 - 07:12 PM

new update...it seems to have started again...i was at one site and got redirected back to the page that shows all my most visited sites without me doing anything at all--this is one of the symptoms i was experiencing earlier; it hasn't started opening new tabs again yet but i expect that will soon follow



#9 czechraiser

czechraiser
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 02 April 2013 - 07:16 PM

Yes, it's all back again, including new windows and tabs opening endlessly. Stopped for about 2 hours maybe after running the combofix, but back with a vengeance now. 



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:11 PM

Posted 02 April 2013 - 07:39 PM


Hello czechraiser

We need to reset Chrome back to defaults to completely clear out what is going on.

We can keep the bookmarks by exporting them - Export Bookmarks


Then I need you to go Google Sync and sign into your account

scroll down untill you see the "Stop and Clear" button and click on button

At the prompt click on "Ok"

Now we need to uninstall chrome

I want you to uninstall Chrome and if asked about user data or settings then remove this also

restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome

After you have Chrome reinstalled please check things out and let me know how it is doing.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 czechraiser

czechraiser
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 02 April 2013 - 08:05 PM

Hi, I did the above and now cannot reload chrome because the same BS is happening with explorer only faster and there is absolutely no time to get into hotmail or the forum to download chrome. One thing i should mention is that all the tabs are endlessly refreshing even as other new tabs are opening. If you are wondering, I am writing this from my laptop. This is possibly the most frustrating thing I have encountered with any computer and i have dealt with many viruses/trojans in the past. I cannot tell you how much I hate whoever created whatever it is that is doing this. 

 

Please tell me what to do next. 



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:11 PM

Posted 02 April 2013 - 08:18 PM

Hello


I want you to read this and see if you can do that - http://www.bleepingcomputer.com/forums/t/478027/graphics-card-on-my-laptop-seems-to-be-opening-new-browser-windowstabs-during-graphic-intensive-tasks/
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 czechraiser

czechraiser
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 02 April 2013 - 08:29 PM

I'm not sure if i accidentally made it seem like all of this is happening on my laptop; it's not. It's happening on a two month old desktop computer. I meant in the above post that i am writing to you from my ten year old nearly useless laptop because the desktop is impossible to use now as windows pop up every second and the windows themselves are constantly reloading. The problem begins as soon as i turn the computer on, not when i do graphics intensive tasks and I haven't updated or done anything that has involved my graphics card in any serious way in the timeframe of when this began and since. 



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:11 PM

Posted 02 April 2013 - 08:47 PM

Hello


I have seen three cases of this so far and your sounds allot like it - I want you to check it out while we are working together


when the tabs open up to what page are they opening to?
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 czechraiser

czechraiser
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:11 PM

Posted 02 April 2013 - 08:59 PM

Both explorer and Chrome open to their respective home pages over and over. On a side note i went into safe mode and reinstalled google chrome from there. Both explorer and chrome work fine in safe mode. I seem to have lost the html document that had my bookmarks on it though for some reason--i can't find it in either of the two locations i saved it to. Is it a good idea to use the recovery tool in safe mode and take my computer back to an earlier date and that date's settings?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users