Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups in browser - "Chitika" is one


  • This topic is locked This topic is locked
7 replies to this topic

#1 hourwasted

hourwasted

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 26 April 2013 - 06:41 AM

I am getting popups in the browser and quite often a very large popup with "Chitika" or similar spelling comes up. Its not happening at this exact moment so I cannot get the exact spelling. Its highly annoying and I would like to get rid of it.  Malaware does not find it, neither does AVG. Any help in removing this is appreciated... Thanks!!

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 26 April 2013 - 07:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 hourwasted

hourwasted
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 29 April 2013 - 09:24 PM

My laptop seems to have slowed down after running the following. Quite a bit slower. Please let me know next steps. thank you for your time. very much appreciated.

 

DDS log file contents:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16476

Run by maria at 22:02:28 on 2013-04-29

#Option Extended Search is enabled.

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4029.2413 [GMT -4:00]

.

AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\ATT-SST\McciTrayApp.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\taskeng.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.65\npchrome_frame.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -update activex

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [UVS10 Preload] C:\Program Files (x86)\Ulead Systems\Ulead Movie Wizard 3.2 SE VCD\uvPL.exe

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPTV\PPLive.exe

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab

DPF: {E734BF43-7194-4E3A-832F-307606DDF665} - hxxps://cs.conferenceservers.com/components/WDPLUGIN.CAB

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://fisa.ra.nyc.gov/dana-cached/sc/JuniperSetupClient.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{02A5DA40-B02C-472D-AD39-5643D8674E80} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{02A5DA40-B02C-472D-AD39-5643D8674E80}\133414432493025374 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{02A5DA40-B02C-472D-AD39-5643D8674E80}\24561636F6E6027596D2649602E4564777F627B602E233 : DHCPNameServer = 10.59.0.1

TCP: Interfaces\{02A5DA40-B02C-472D-AD39-5643D8674E80}\552435026505E4 : DHCPNameServer = 199.2.252.10 198.6.100.53 204.70.127.128

TCP: Interfaces\{02A5DA40-B02C-472D-AD39-5643D8674E80}\552435027457563747 : DHCPNameServer = 199.2.252.10 198.6.100.53 204.70.127.128

TCP: Interfaces\{02A5DA40-B02C-472D-AD39-5643D8674E80}\C696E6B6379737 : DHCPNameServer = 167.206.245.130 167.206.245.129

TCP: Interfaces\{332BCF7F-B51D-43AB-BA09-979F175892C7} : DHCPNameServer = 192.168.1.254

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.65\npchrome_frame.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

x64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"

x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>

x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

Hosts: 78.46.61.26 www.google-analytics.com.

Hosts: 78.46.61.26 ad-emea.doubleclick.net.

Hosts: 78.46.61.26 www.statcounter.com.

Hosts: 108.163.215.51 www.google-analytics.com.

Hosts: 108.163.215.51 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-28 55280]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-2-26 246072]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-2-14 239416]

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2011-8-11 91864]

R1 NEOFLTR_710_19757;Juniper Networks TDI Filter Driver (NEOFLTR_710_19757);C:\Windows\System32\drivers\NEOFLTR_710_19757.SYS [2012-1-18 99152]

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-2-27 4937264]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-2-19 282624]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-12-19 517632]

R2 McciServiceHost;McciServiceHost;C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe [2010-12-19 315392]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-2-28 1692480]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-2-28 172704]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-2-1 138752]

R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-2-1 6952960]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S2 TSUSVC;Tencent Software Update Service;C:\Program Files (x86)\Tencent\QQSoftMgr\1.0.375.203\TencentUpdateSvc.exe [2010-6-7 132472]

S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]

S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]

S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]

S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2012-6-8 27136]

S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-17 1255736]

.

=============== File Associations ===============

.

FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]

.

=============== Created Last 60 ================

.

2013-04-24 00:42:40 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-23 00:56:39 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-04-12 07:04:03 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-04-12 07:04:02 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-04-12 07:04:01 182896 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll

2013-04-12 07:04:01 149616 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll

2013-04-12 07:04:00 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-04-12 07:04:00 768512 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-04-12 07:04:00 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-04-12 07:04:00 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll

2013-04-11 22:13:13 3717632 ----a-w- C:\Windows\System32\mstscax.dll

2013-04-11 22:13:12 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-04-11 22:13:11 44032 ----a-w- C:\Windows\System32\tsgqec.dll

2013-04-11 22:13:11 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll

2013-04-11 22:13:11 158720 ----a-w- C:\Windows\System32\aaclient.dll

2013-04-11 22:13:11 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll

2013-04-11 22:13:01 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-04-11 22:12:58 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-04-11 22:12:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-04-11 22:12:56 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-04-11 22:12:56 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-04-11 22:12:56 112640 ----a-w- C:\Windows\System32\smss.exe

2013-04-11 22:12:55 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-04-03 22:08:19 -------- d-----w- C:\Users\maria\AppData\Roaming\AVG2013

2013-04-03 22:02:35 -------- d-----w- C:\Users\maria\AppData\Roaming\TuneUp Software

2013-04-03 22:01:26 -------- d--h--w- C:\$AVG

2013-04-03 22:01:26 -------- d-----w- C:\ProgramData\AVG2013

2013-04-03 22:00:30 -------- d-----w- C:\Program Files (x86)\AVG

2013-04-03 21:57:09 -------- d--h--w- C:\ProgramData\Common Files

2013-04-03 21:57:09 -------- d-----w- C:\Users\maria\AppData\Local\MFAData

2013-04-03 21:57:09 -------- d-----w- C:\Users\maria\AppData\Local\Avg2013

2013-04-03 21:57:09 -------- d-----w- C:\ProgramData\MFAData

2013-04-02 08:02:10 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BEFE19AB-9072-4281-92AE-25F6EB410142}\mpengine.dll

2013-03-17 17:03:43 68608 ----a-w- C:\Windows\System32\taskhost.exe

2013-03-17 14:35:01 -------- d-----w- C:\Windows\System32\SPReview

2013-03-17 14:33:26 -------- d-----w- C:\Windows\System32\EventProviders

2013-03-15 23:48:10 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-15 23:48:10 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-15 13:53:28 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-03-13 01:35:10 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-13 01:35:09 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-08 13:12:59 -------- d-----w- C:\Users\maria\AppData\Local\Programs

.

==================== Find6M ====================

.

2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-17 14:50:16 175616 ----a-w- C:\Windows\System32\msclmd.dll

2013-03-17 14:50:16 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2013-02-27 03:40:46 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys

2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-14 07:52:46 239416 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2013-02-08 08:37:56 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2013-02-08 08:37:54 311096 ----a-w- C:\Windows\System32\drivers\avgloga.sys

2013-02-08 08:37:50 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2013-02-08 08:37:42 206136 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2013-02-08 08:37:40 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2013-01-17 05:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-08 16:29:12 1402312 ----a-w- C:\Windows\SysWow64\msxml4.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll

2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll

2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

.

============= FINISH: 22:02:54.95 ===============

 

 

BEGIN CHECKUP.TXT LOG FILE:

 

Results of screen317's Security Check version 0.99.63

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG AntiVirus Free Edition 2013

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Java 7 Update 21

Adobe Reader 9 Adobe Reader out of Date!

Google Chrome 27.0.1453.56

Google Chrome 27.0.1453.65

````````Process Check: objlist.exe by Laurent````````

AVG avgwdsvc.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

 

 

BEGIN AD AWARE LOG FILE:

 

# AdwCleaner v2.300 - Logfile created 04/29/2013 at 22:09:43

# Updated 28/04/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : maria - MARIA-PC

# Boot Mode : Normal

# Running from : C:\Users\maria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IAKR3JME\adwcleaner.exe

# Option [Delete]

 

***** [Services] *****

 

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Common Files\Tencent

Folder Deleted : C:\Program Files (x86)\Tencent

Folder Deleted : C:\ProgramData\Tencent

Folder Deleted : C:\Users\maria\AppData\Local\Tencent

Folder Deleted : C:\Users\maria\AppData\LocalLow\Tencent

Folder Deleted : C:\Users\maria\AppData\Roaming\Tencent

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6517DD27-EA6F-4947-9DEA-F9C487BB1020}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6517DD27-EA6F-4947-9DEA-F9C487BB1020}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\maria\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1568 octets] - [17/03/2013 13:18:53]

AdwCleaner[R2].txt - [1558 octets] - [17/03/2013 13:20:26]

AdwCleaner[R3].txt - [1618 octets] - [17/03/2013 13:37:54]

AdwCleaner[S2].txt - [1962 octets] - [29/04/2013 22:09:43]

########## EOF - C:\AdwCleaner[S2].txt - [2022 octets] ##########



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 05 May 2013 - 08:17 AM

I appologise for this long delay.

If you still need help please advise.

#5 hourwasted

hourwasted
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 06 May 2013 - 08:02 PM

Yes it is still happening. I still need help figuring what is wrong. Please let me know. thanks.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 07 May 2013 - 08:33 AM

Your Hosts file was compromised and must be reset back to the default.
How To:
http://support.microsoft.com/kb/972034

Use the Fix it button on the page.
Restart the computer normally.
===

Open notepad and copy/paste the text in the quote box below into it:

Folder::
C:\Program Files (x86)\Tencent

Driver::
TSUSVC
ClearJavaCache::
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Let me know what problem persists.
==================================

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 13 May 2013 - 09:48 AM

Are you still with me?

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:58 PM

Posted 19 May 2013 - 08:30 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users