Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

[Windows 8 x64] Chrome javascript popups


  • This topic is locked This topic is locked
6 replies to this topic

#1 dkbryant

dkbryant

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 16 May 2013 - 11:06 AM

For the last month or two I have been plagued by popups in Chrome (my default browser).  I've installed Firefox and it seems to be popup free at the moment.  The pop-ups are mostly phishing, or ads, although a few are very NSFW. To keep the popups at bay in Chrome, I have installed some popup blocker extensions and these do work.  There must be some underlying cause for the pop-ups, and I'd like to find and remove that.  
 
Eventually I would like to take all the popup blockers off, and run stock Chrome with AdBlocker
 
System Info
Windows 8 x64 (Version 6.2)
Google Chrome Version 26.0.1410.64 m (non-metro version)
[Chrome Extension] AdBlock 2.5.63
[Chrome Extension] JavaScript Popup Blocker 1.2.1
[Chrome Extension] Pop Up Block Pro 3.12
These same type chrome popups showed up on another of my systems as well, but I guess I'll start with the Win8 system listed here.

Windows Defender, Malwarebytes', and SpybotSD have not been able to clear it yet.

-Dan

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:08 PM

Posted 20 May 2013 - 09:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 dkbryant

dkbryant
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 20 May 2013 - 01:12 PM

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

AdwCleaner[S2].txt
# AdwCleaner v2.301 - Logfile created 05/20/2013 at 12:16:36
# Updated 16/05/2013 by Xplode
# Operating system : Windows 8  (64 bits)
# User : DefaultUser - FAMILYPC
# Boot Mode : Normal
# Running from : C:\Users\DefaultUser\Downloads\bleeping\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\DefaultUser\AppData\Roaming\Mozilla\Firefox\Profiles\91ch2zll.default\prefs.js

[OK] File is clean.

File : C:\Users\Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\tgz50q8g.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\DefaultUser\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Connor\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Shannon\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [1256 octets] - [20/05/2013 12:16:36]

########## EOF - C:\AdwCleaner[S2].txt - [1316 octets] ##########
DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537
Run by DefaultUser at 12:31:13 on 2013-05-20
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.1918.807 [GMT -5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\dashost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\DefaultUser\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Google Update] "C:\Users\DefaultUser\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GoogleChromeAutoLaunch_92B8CCC2668F2E68E0E0A0B33FCB43A7] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{13971D26-35A2-433B-87E3-578D57E6B555} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{13971D26-35A2-433B-87E3-578D57E6B555}\24279716E647 : NameServer = 208.67.222.222,208.67.222.220
TCP: Interfaces\{13971D26-35A2-433B-87E3-578D57E6B555}\24279716E647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{88477595-8CAC-4EC3-BE01-37C26A31A294} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D0370E51-7F69-4CFC-A030-2CF9E999CD29} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F229BA6A-A710-4536-9CA8-262807FF2373} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F229BA6A-A710-4536-9CA8-262807FF2373}\24279716E647 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{F229BA6A-A710-4536-9CA8-262807FF2373}\24279716E647 : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\DefaultUser\AppData\Roaming\Mozilla\Firefox\Profiles\91ch2zll.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Users\DefaultUser\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\DefaultUser\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\DefaultUser\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\DefaultUser\AppData\Roaming\Mozilla\plugins\npo1d.dll
.
============= SERVICES / DRIVERS ===============
.
R3 BthA2DP;Bluetooth Stereo;C:\Windows\System32\Drivers\BthA2DP.sys [2013-3-14 117632]
R3 BthHFAud;Bluetooth Hands-Free;C:\Windows\System32\Drivers\BthHfAud.sys [2013-3-14 30720]
R3 BthHFSrv;Bluetooth Handsfree Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2012-10-18 29696]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\System32\Drivers\RTL8192su.sys [2011-8-11 694376]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-2-6 102936]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-2-6 203544]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== Created Last 30 ================
.
2013-05-20 15:57:18	--------	d-----w-	C:\Program Files (x86)\GnuWin32
2013-05-20 08:00:35	9460464	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{63944AA7-3246-4FEA-BAEB-F1AFD9D6FB2B}\mpengine.dll
2013-05-19 13:40:37	9460464	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-05-18 04:04:59	50176	----a-w-	C:\Windows\System32\fmifs.dll
2013-05-18 04:04:59	41984	----a-w-	C:\Windows\SysWow64\fmifs.dll
2013-05-18 04:04:59	389632	----a-w-	C:\Windows\SysWow64\intl.cpl
2013-05-18 04:04:59	186880	----a-w-	C:\Windows\SysWow64\mssphtb.dll
2013-05-18 04:04:58	96256	----a-w-	C:\Windows\System32\mssprxy.dll
2013-05-18 04:04:58	65024	----a-w-	C:\Windows\System32\msscntrs.dll
2013-05-18 04:04:58	35328	----a-w-	C:\Windows\SysWow64\mssprxy.dll
2013-05-18 04:04:58	13824	----a-w-	C:\Windows\System32\msshooks.dll
2013-05-18 04:04:58	10752	----a-w-	C:\Windows\SysWow64\msshooks.dll
2013-05-18 04:04:55	2048	----a-w-	C:\Windows\SysWow64\tzres.dll
2013-05-18 04:04:55	2048	----a-w-	C:\Windows\System32\tzres.dll
2013-05-17 09:57:58	193712	----a-w-	C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10203.bin
2013-05-16 03:27:09	861184	----a-w-	C:\Windows\System32\drivers\http.sys
2013-05-16 03:27:08	2382336	----a-w-	C:\Windows\SysWow64\esent.dll
2013-05-16 03:27:07	2851840	----a-w-	C:\Windows\System32\esent.dll
2013-05-16 03:27:03	6987528	----a-w-	C:\Windows\System32\ntoskrnl.exe
2013-05-15 14:49:45	1455368	----a-w-	C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 10:21:26	70144	----a-w-	C:\Windows\System32\appinfo.dll
2013-05-15 10:21:26	112872	----a-w-	C:\Windows\System32\consent.exe
2013-05-05 04:07:36	26520	----a-w-	C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-05-04 04:36:22	--------	d-----w-	C:\Users\DefaultUser\AppData\Roaming\redsn0w
2013-05-04 03:46:13	--------	d-----w-	C:\Users\DefaultUser\AppData\Local\libimobiledevice
2013-05-04 03:24:55	33240	----a-w-	C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-05-04 03:23:21	--------	d-----w-	C:\Program Files\iPod
2013-05-04 03:23:19	--------	d-----w-	C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-04 03:23:19	--------	d-----w-	C:\Program Files\iTunes
2013-05-04 03:23:19	--------	d-----w-	C:\Program Files (x86)\iTunes
2013-05-04 03:22:19	--------	d-----w-	C:\Users\DefaultUser\AppData\Local\Apple
2013-05-04 03:19:59	--------	d-----w-	C:\Program Files\Bonjour
2013-05-04 03:19:59	--------	d-----w-	C:\Program Files (x86)\Bonjour
.
==================== Find3M  ====================
.
2013-05-07 20:07:50	78200	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-07 20:07:50	693112	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 15:29:56	278800	------w-	C:\Windows\System32\MpSigStub.exe
2013-04-13 05:56:35	444416	----a-w-	C:\Windows\apppatch\AcSpecfc.dll
2013-04-09 23:17:44	2242048	----a-w-	C:\Windows\System32\wininet.dll
2013-04-09 23:17:36	915968	----a-w-	C:\Windows\System32\uxtheme.dll
2013-04-09 23:16:58	3958784	----a-w-	C:\Windows\System32\jscript9.dll
2013-04-09 22:30:26	1767424	----a-w-	C:\Windows\SysWow64\wininet.dll
2013-04-09 22:29:44	2877440	----a-w-	C:\Windows\SysWow64\jscript9.dll
2013-04-09 05:33:02	489576	----a-w-	C:\Windows\System32\AudioEng.dll
2013-04-09 05:33:02	446792	----a-w-	C:\Windows\System32\AudioSes.dll
2013-04-09 05:33:02	253544	----a-w-	C:\Windows\System32\audiodg.exe
2013-04-09 05:27:43	284424	----a-w-	C:\Windows\System32\drivers\spaceport.sys
2013-04-09 05:20:02	86280	----a-w-	C:\Windows\System32\kdnet.dll
2013-04-09 05:20:02	306952	----a-w-	C:\Windows\System32\kd_02_10ec.dll
2013-04-09 05:18:05	77960	----a-w-	C:\Windows\System32\kdvm.dll
2013-04-09 05:17:57	1829408	----a-w-	C:\Windows\System32\ntdll.dll
2013-04-09 04:52:07	816128	----a-w-	C:\Windows\System32\SearchIndexer.exe
2013-04-09 04:52:07	373760	----a-w-	C:\Windows\System32\SearchProtocolHost.exe
2013-04-09 04:52:07	197120	----a-w-	C:\Windows\System32\SearchFilterHost.exe
2013-04-09 04:52:07	126464	----a-w-	C:\Windows\System32\Robocopy.exe
2013-04-09 04:52:06	804352	----a-w-	C:\Windows\System32\RecoveryDrive.exe
2013-04-09 04:51:51	367616	----a-w-	C:\Windows\System32\conhost.exe
2013-04-09 04:51:45	523264	----a-w-	C:\Windows\System32\XpsGdiConverter.dll
2013-04-09 04:51:41	99840	----a-w-	C:\Windows\System32\wscsvc.dll
2013-04-09 04:51:41	456704	----a-w-	C:\Windows\System32\wpncore.dll
2013-04-09 04:51:20	13648384	----a-w-	C:\Windows\System32\Windows.UI.Xaml.dll
2013-04-09 04:51:17	595456	----a-w-	C:\Windows\System32\Windows.Networking.dll
2013-04-09 04:51:17	391168	----a-w-	C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51:05	10116096	----a-w-	C:\Windows\System32\twinui.dll
2013-04-09 04:51:03	3552768	----a-w-	C:\Windows\System32\tquery.dll
2013-04-09 04:50:53	414720	----a-w-	C:\Windows\System32\GenuineCenter.dll
2013-04-09 04:50:39	422400	----a-w-	C:\Windows\System32\schannel.dll
2013-04-09 04:50:39	1285632	----a-w-	C:\Windows\System32\schedsvc.dll
2013-04-09 04:50:03	745984	----a-w-	C:\Windows\System32\mssvp.dll
2013-04-09 04:50:03	2107904	----a-w-	C:\Windows\System32\mssrch.dll
2013-04-09 04:50:02	435200	----a-w-	C:\Windows\System32\mssph.dll
2013-04-09 04:49:54	1444864	----a-w-	C:\Windows\System32\MSAudDecMFT.dll
2013-04-09 04:49:45	468992	----a-w-	C:\Windows\System32\MFMediaEngine.dll
2013-04-09 04:49:45	281088	----a-w-	C:\Windows\System32\mfreadwrite.dll
2013-04-09 04:49:36	817152	----a-w-	C:\Windows\System32\kerberos.dll
2013-04-09 04:49:33	210432	----a-w-	C:\Windows\System32\iuilp.dll
2013-04-09 04:49:16	231936	----a-w-	C:\Windows\System32\fhengine.dll
2013-04-09 04:49:09	172544	----a-w-	C:\Windows\System32\dwmredir.dll
2013-04-09 04:49:06	196096	----a-w-	C:\Windows\System32\dmvdsitf.dll
2013-04-09 04:48:43	2303488	----a-w-	C:\Windows\System32\authui.dll
2013-04-09 04:48:42	785408	----a-w-	C:\Windows\System32\audiosrv.dll
2013-04-09 04:48:42	169472	----a-w-	C:\Windows\System32\AudioEndpointBuilder.dll
2013-04-09 04:48:34	419840	----a-w-	C:\Windows\System32\intl.cpl
2013-04-09 02:35:13	4038144	----a-w-	C:\Windows\System32\win32k.sys
2013-04-09 02:34:49	83968	----a-w-	C:\Windows\System32\drivers\hidclass.sys
2013-04-09 02:34:42	27648	----a-w-	C:\Windows\System32\drivers\hidusb.sys
2013-04-09 02:34:30	95744	----a-w-	C:\Windows\System32\drivers\hidbth.sys
2013-04-09 02:33:41	60416	----a-w-	C:\Windows\System32\drivers\ndproxy.sys
2013-04-09 02:33:05	623104	----a-w-	C:\Windows\System32\drivers\srv2.sys
2013-04-09 02:32:02	805376	----a-w-	C:\Windows\System32\drivers\PEAuth.sys
2013-04-09 02:31:14	247808	----a-w-	C:\Windows\System32\drivers\srvnet.sys
2013-04-09 02:31:01	83456	----a-w-	C:\Windows\System32\drivers\wanarp.sys
2013-04-08 23:44:25	123880	----a-w-	C:\Windows\SysWow64\wscapi.dll
2013-04-08 23:39:14	1408896	----a-w-	C:\Windows\SysWow64\ntdll.dll
2013-04-08 23:37:29	426024	----a-w-	C:\Windows\SysWow64\AudioEng.dll
2013-04-08 23:37:29	324368	----a-w-	C:\Windows\SysWow64\AudioSes.dll
2013-04-08 21:52:16	670208	----a-w-	C:\Windows\SysWow64\SearchIndexer.exe
2013-04-08 21:52:16	302592	----a-w-	C:\Windows\SysWow64\SearchProtocolHost.exe
2013-04-08 21:52:16	171008	----a-w-	C:\Windows\SysWow64\SearchFilterHost.exe
2013-04-08 21:52:16	106496	----a-w-	C:\Windows\SysWow64\Robocopy.exe
2013-04-08 21:52:06	364544	----a-w-	C:\Windows\SysWow64\XpsGdiConverter.dll
2013-04-04 23:30:17	503080	----a-w-	C:\Windows\System32\ci.dll
2013-04-04 19:50:32	25928	----a-w-	C:\Windows\System32\drivers\mbam.sys
2013-04-02 14:09:52	4550656	----a-w-	C:\Windows\SysWow64\GPhotos.scr
2013-03-30 18:16:05	1403784	----a-w-	C:\Windows\System32\winload.efi
2013-03-30 18:16:05	1267424	----a-w-	C:\Windows\System32\winload.exe
2013-03-28 22:09:09	1093880	----a-w-	C:\Windows\System32\winresume.exe
2013-03-28 22:09:04	1217328	----a-w-	C:\Windows\System32\winresume.efi
2013-03-15 22:05:34	298456	----a-w-	C:\Windows\System32\rsaenh.dll
2013-03-15 22:05:16	252928	----a-w-	C:\Windows\SysWow64\rsaenh.dll
2013-03-02 10:57:48	337128	----a-w-	C:\Windows\System32\drivers\USBXHCI.SYS
2013-03-02 10:57:46	77544	----a-w-	C:\Windows\System32\drivers\storahci.sys
2013-03-02 10:57:46	332520	----a-w-	C:\Windows\System32\drivers\storport.sys
2013-03-02 10:45:20	148712	----a-w-	C:\Windows\System32\drivers\tpm.sys
2013-03-02 10:45:19	194792	----a-w-	C:\Windows\System32\drivers\sdbus.sys
2013-03-02 10:45:10	125160	----a-w-	C:\Windows\System32\drivers\dumpsd.sys
2013-03-02 10:39:39	495336	----a-w-	C:\Windows\System32\drivers\vhdmp.sys
2013-03-02 10:39:38	69864	----a-w-	C:\Windows\System32\drivers\pdc.sys
2013-03-02 10:39:32	327912	----a-w-	C:\Windows\System32\drivers\Classpnp.sys
2013-03-02 09:59:37	2231528	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2013-03-02 09:59:36	411880	----a-w-	C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-03-02 08:24:08	34304	----a-w-	C:\Windows\SysWow64\wuapp.exe
2013-03-02 08:23:43	83968	----a-w-	C:\Windows\SysWow64\wudriver.dll
2013-03-02 08:23:43	125952	----a-w-	C:\Windows\SysWow64\wuwebv.dll
2013-03-02 08:23:30	893952	----a-w-	C:\Windows\SysWow64\winmde.dll
2013-03-02 08:23:30	1338880	----a-w-	C:\Windows\SysWow64\WindowsCodecs.dll
2013-03-02 08:23:28	601088	----a-w-	C:\Windows\SysWow64\Windows.Globalization.dll
2013-03-02 08:23:28	504320	----a-w-	C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
2013-03-02 08:23:19	246784	----a-w-	C:\Windows\SysWow64\ubpm.dll
2013-03-02 08:23:04	356352	----a-w-	C:\Windows\SysWow64\SettingSync.dll
2013-03-02 08:23:04	100864	----a-w-	C:\Windows\SysWow64\SettingSyncInfo.dll
2013-03-02 08:23:00	375808	----a-w-	C:\Windows\SysWow64\ReAgent.dll
2013-03-02 08:22:36	357888	----a-w-	C:\Windows\SysWow64\netcfgx.dll
2013-03-02 08:22:32	5091840	----a-w-	C:\Windows\SysWow64\mstscax.dll
.
============= FINISH: 12:32:32.15 ===============
checkup.txt
Results of screen317's Security Check version 0.99.63
x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Reader XI
Mozilla Firefox (20.0.1)
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MsMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Edited by nasdaq, 20 May 2013 - 01:37 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:08 PM

Posted 20 May 2013 - 01:38 PM

Your logs are clean.

Are you still getting popups and in which browsers?

#5 dkbryant

dkbryant
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 24 May 2013 - 09:12 PM

Yes... guess the cleaner got them... Thanks a ton for the tools.

Finally able to run without the pop-up blocker now.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:08 PM

Posted 25 May 2013 - 07:49 AM

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:08 PM

Posted 31 May 2013 - 09:25 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users