Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search Cascading Windows


  • Please log in to reply
2 replies to this topic

#1 ajknoll23

ajknoll23

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 09 September 2013 - 03:55 PM

I work in an office of about 100 people in the IT department and we have come across a google search problem that is baffling us. 

 

It has happened to about 15-20 people so far and is not consistent at all having gone away and come back to a few people. 

 

Problem:

While typing in a query on google and hitting enter, numerous SEPARATE windows of search results will pop up continuously until one is X'd out. Making google unusable. 

 

We then get a google captcha request because it says we have unusual network traffic coming and they want to make sure we aren't robots.

 

Fixes Tried:

We have ran numerous virus scans including, McAfee, Spybot, MalwareBytes, HiJackThis, ADWCleaner. We have reset the browsers to default settings. And we have also re-imaged a few hard drives for it to still come back. 

 

I posted the DDS Report from my computer but my computer has not encountered the problem for a week or so. 

 

While searching for others that might have come across this problem, we haven't had any luck what so ever. 

 

Can someone please help!

 

___________________________________

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16502  BrowserJavaVersion: 10.25.2
Run by gmknolla at 14:09:05 on 2013-09-09
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.14281.11161 [GMT -7:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files (x86)\Malwarebytes' Managed Client\SCComm.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files (x86)\acquia-drupal\xmail\XMail.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\VpxClient.exe
C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Internet Explorer\vmware-vmrc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yes.az.gov/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - 
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\gmknolla\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} - hxxps://10.209.1.18/+CSCOL+/cscopf.cab
TCP: NameServer = 10.17.1.25 10.17.1.26 4.2.2.2
TCP: Interfaces\{552A3FFF-FB2D-4C69-9A09-1CF17FD46872} : DHCPNameServer = 10.17.1.25 10.17.1.26 4.2.2.2
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\gmknolla\AppData\Roaming\Mozilla\Firefox\Profiles\i8c534kt.default\
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2012-10-9 651832]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2012-10-9 28216]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-10-24 20024]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-6-18 470808]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\drivers\CLVirtualDrive.sys [2013-6-10 92536]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-10 204288]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-6-10 189608]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-7 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-7 701512]
R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2010-8-25 20792]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2011-1-12 120128]
R2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [2010-8-25 181480]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2010-8-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-6-18 77968]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2013-6-10 201360]
R2 SCCommService;MEEClientService;C:\Program Files (x86)\Malwarebytes' Managed Client\SCComm.exe [2013-4-23 130048]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-8-28 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-8-28 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-8-28 171928]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-8-6 4312928]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-7-6 856728]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
R2 XMail;XMail Server;C:\Program Files (x86)\acquia-drupal\xmail\XMail.exe [2013-8-6 397824]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-10-24 358456]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-10-24 791608]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-8-7 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-6-18 120224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2011-7-20 342704]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-8-6 1038088]
S3 IFCoEMP;IFCoEMP;C:\Windows\System32\drivers\ifM60x64.sys [2011-6-15 348944]
S3 IFCoEVB;IFCoEVB;C:\Windows\System32\drivers\ifP60x64.sys [2011-6-15 70928]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2013-6-18 78768]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2013-6-10 31152]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-14 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-14 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-14 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-15 1255736]
.
=============== File Associations ===============
.
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-09-09 16:54:08 1075424 ----a-w- C:\ProgramData\Microsoft\WDExpress\11.0\1033\ResourceCache.dll
2013-09-09 16:53:27 -------- d-----w- C:\Program Files (x86)\NuGet
2013-09-09 16:49:09 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft
2013-09-09 16:48:50 -------- d-----w- C:\Program Files (x86)\Windows Kits
2013-09-09 16:45:51 -------- d-----w- C:\Program Files (x86)\Microsoft Help Viewer
2013-09-09 16:44:10 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2013-09-09 16:44:03 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-09-09 16:43:10 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 11.0
2013-09-09 16:24:01 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2013-09-09 16:24:01 -------- d-----w- C:\ProgramData\Package Cache
2013-09-04 18:09:32 -------- d-----w- C:\Program Files (x86)\Cisco
2013-09-04 18:08:57 -------- d-----w- C:\ProgramData\Cisco
2013-08-28 16:56:31 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-08-28 16:55:45 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-08-28 16:55:40 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-26 16:23:34 -------- d-----w- C:\PortQryUI
2013-08-21 21:01:38 -------- d-----w- C:\ProgramData\IsolatedStorage
2013-08-20 21:48:33 -------- d-----w- C:\Users\gmknolla\AppData\Local\Macromedia
2013-08-19 14:35:52 -------- d-----w- C:\Program Files\iPod
2013-08-19 14:35:51 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-19 14:35:51 -------- d-----w- C:\Program Files\iTunes
2013-08-19 14:35:51 -------- d-----w- C:\Program Files (x86)\iTunes
2013-08-19 14:33:48 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-08-14 20:36:03 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-14 20:36:03 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-08-14 20:36:02 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-14 20:36:02 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-08-14 20:35:58 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-14 20:35:58 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-14 20:35:58 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-14 20:35:58 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-14 20:32:49 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-14 20:32:49 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-14 20:32:15 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-08-14 20:32:15 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-08-14 20:31:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-14 20:31:19 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-14 20:31:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-14 20:31:17 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-14 20:31:17 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-14 20:31:17 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-14 20:31:17 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-14 20:31:17 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-14 20:31:16 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-14 20:31:16 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-14 20:31:16 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-14 20:31:05 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-08-13 16:56:37 -------- d-----w- C:\Users\gmknolla\AppData\Local\VMware
2013-08-13 16:56:30 47768 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2013-08-13 16:52:54 -------- d-----w- C:\Program Files (x86)\VMware
2013-08-13 16:52:54 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2013-08-12 17:25:52 -------- d-----w- C:\Users\gmknolla\AppData\Local\Microsoft_Corporation
2013-08-12 17:21:03 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-08-12 17:15:48 84448 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2013-08-12 17:15:01 -------- d-----w- C:\Windows\SysWow64\1033
2013-08-12 17:14:31 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2013-08-12 17:14:31 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2013-08-12 17:13:28 -------- d-----w- C:\Windows\System32\1033
2013-08-12 17:13:27 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2013-08-12 17:13:27 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2013-08-12 17:11:24 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2013-08-12 17:10:06 -------- d-----w- C:\Program Files\Microsoft SQL Server
2013-08-12 15:28:36 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
.
==================== Find3M  ====================
.
2013-08-07 14:15:04 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-07 14:15:00 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-08-07 14:15:00 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-08-07 14:12:52 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-07 14:12:52 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-06 21:49:24 14880256 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-07-25 03:37:25 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-25 03:30:49 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-07-25 03:29:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-07-25 03:28:46 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-07-25 03:28:31 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-07-25 03:27:20 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-25 02:32:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-25 02:26:10 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-25 02:25:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-07-25 02:23:59 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-07-25 02:23:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-07-25 02:22:35 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-18 20:39:03 0 ----a-w- C:\Windows\ativpsrm.bin
.
============= FINISH: 14:09:34.02 ===============
 

Attached File  attach.zip   3.51KB   0 downloads


Edited by ajknoll23, 09 September 2013 - 04:14 PM.


BC AdBot (Login to Remove)

 


#2 ajknoll23

ajknoll23
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 10 September 2013 - 07:51 PM

Can anyone help me out here please?



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:53 PM

Posted 14 September 2013 - 01:04 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

I did not expect to see any unwanted items in your DDS log.

Open a new topic, post a DDS log from a problem computer .

Run also this tool in the same computer and post the log also.

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

I asked to start a new topic as we provide advice on one Computer per topic only.

When the topic as been created post the URL here in your next reply.
I will review it and will expedite the matter.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users