Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE 11 hijacked by search.chatzum.com redirects to search.nation.com


  • This topic is locked This topic is locked
2 replies to this topic

#1 Marilyn07

Marilyn07

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 17 December 2013 - 10:37 PM

Greetings from the edge,

 

I am about to go insane trying remove search.chatzum.com from a friend's laptop.  I've run everything I can possible throw at it.  I've done the obvious things:  resetting the homepage in options, deleting search engines, disabling and removing add-ons, etc.  I've edited the registry, but chatzum keeps coming back. 

 

When IE 11 is started search.chatzum.com flashes in the address bar and the open tab, then immediately redirects to search.nation.com and the startpage Search Nation Advanced.

 

This laptop was an infected mess when I started it over a week ago and it seems to be clean other than this "chatzum" nightmare.  If the laptop had a geniune copy of Windows 7 and working DVD drive, I would have reformatted and clean installed long ago.

 

Please help!

 

Thanks,

 

Marilyn07

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Risha at 18:48:16 on 2013-12-17
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.2038.989 [GMT -8:00]
.
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dldocoms.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Spyware Terminator\st_rsser.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.chatzum.com/?orig=HP&affid=62&cztbid=511598739
mStart Page = hxxp://www.bing.com
mSearch Page = hxxp://www.bing.com
mDefault_Page_URL = hxxp://www.bing.com
mDefault_Search_URL = hxxp://www.bing.com
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
TCP: NameServer = 192.168.1.1 208.67.222.222
TCP: Interfaces\{E1894586-B5A4-4D39-A12E-79B4B5E9675E} : DHCPNameServer = 192.168.1.1 208.67.222.222
TCP: Interfaces\{E1894586-B5A4-4D39-A12E-79B4B5E9675E}\2656C6B696E6E2632643 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E1894586-B5A4-4D39-A12E-79B4B5E9675E}\84F4D454D214732383 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E1894586-B5A4-4D39-A12E-79B4B5E9675E}\B416D616C60284F6573756 : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\risha\appdata\roaming\mozilla\firefox\profiles\9zo1b0k1.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-12-08 23:50; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: !HIDDEN! 2010-08-15 19:30; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-12-8 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-12-8 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-12-8 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-12-8 403440]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2013-5-6 35064]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2013-9-17 188808]
R1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\drivers\hmd.sys [2013-10-6 15400]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2013-12-15 32768]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files\iobit\advanced systemcare 7\ASCService.exe [2013-12-8 878368]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-12-8 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-12-8 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-12-8 50344]
R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2013-9-12 1337752]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2013-9-17 122376]
R2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2013-12-8 2151200]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\spyware terminator\st_rsser.exe [2013-12-15 587912]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-11 108032]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2011-11-12 33792]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-12-9 74456]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-12-8 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-2 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-17 1343400]
.
=============== Created Last 30 ================
.
2013-12-18 02:14:19    62576    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{d3cc8f72-60b4-4cea-ac91-dbd8c74a82fe}\offreg.dll
2013-12-18 00:56:54    --------    d--h--w-    c:\windows\msdownld.tmp
2013-12-18 00:43:02    104664    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-12-17 21:52:27    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-12-17 16:25:40    --------    d-----w-    C:\logs
2013-12-17 16:25:34    113664    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\dldodrpp.dll
2013-12-17 15:38:31    --------    d-----w-    c:\users\risha\appdata\roaming\OpenOffice
2013-12-17 15:35:40    --------    d-----w-    c:\program files\OpenOffice 4
2013-12-16 05:31:01    32768    ----a-w-    c:\windows\system32\drivers\sp_rsdrv2.sys
2013-12-16 05:31:00    --------    d-----w-    c:\users\risha\appdata\roaming\Spyware Terminator
2013-12-16 05:31:00    --------    d-----w-    c:\programdata\Spyware Terminator
2013-12-16 05:30:51    --------    d-----w-    c:\program files\Spyware Terminator
2013-12-14 00:07:15    --------    d-----w-    c:\program files\ESET
2013-12-13 01:09:55    388096    ----a-r-    c:\users\risha\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-12-13 01:09:54    --------    d-----w-    c:\program files\Trend Micro
2013-12-13 00:09:55    --------    d-----w-    c:\users\risha\appdata\local\CrashDumps
2013-12-12 22:26:55    --------    d-----w-    c:\program files\HitmanPro
2013-12-12 22:25:01    --------    d-----w-    c:\programdata\HitmanPro
2013-12-12 21:32:17    --------    d-----w-    C:\history
2013-12-12 20:45:11    --------    d-----w-    c:\users\risha\appdata\local\temp
2013-12-11 20:54:36    7772552    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{d3cc8f72-60b4-4cea-ac91-dbd8c74a82fe}\mpengine.dll
2013-12-11 20:26:32    --------    d-----w-    c:\program files\Hosts_Anti_Adwares_PUPs
2013-12-11 19:18:03    --------    d-----w-    c:\users\risha\appdata\local\Apps
2013-12-11 18:51:32    --------    d-----w-    C:\SUPERDelete
2013-12-11 14:57:50    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2013-12-11 14:35:51    999936    ----a-w-    c:\program files\internet explorer\networkinspection.dll
2013-12-11 14:34:33    640512    ----a-w-    c:\windows\system32\advapi32.dll
2013-12-11 14:34:33    619520    ----a-w-    c:\windows\system32\tdh.dll
2013-12-11 14:34:33    3969472    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-12-11 14:34:33    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2013-12-11 14:34:32    3914176    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-12-11 14:34:12    338944    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-12-11 14:34:12    231424    ----a-w-    c:\windows\system32\mswsock.dll
2013-12-11 14:34:12    1294272    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-12-11 14:32:38    76288    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-12-11 14:32:38    6016    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-12-11 14:32:38    43008    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-12-11 14:32:38    284672    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-12-11 14:32:38    258560    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-12-11 14:32:38    20480    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-12-11 14:32:37    24064    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-12-11 09:54:55    49152    ----a-w-    c:\windows\system32\taskhost.exe
2013-12-11 09:50:48    1505280    ----a-w-    c:\windows\system32\d3d11.dll
2013-12-11 09:47:00    679424    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-12-11 09:47:00    216576    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-12-11 09:43:32    936448    ----a-w-    c:\program files\common files\microsoft shared\ink\journal.dll
2013-12-11 09:43:31    988672    ----a-w-    c:\program files\windows journal\JNTFiltr.dll
2013-12-11 09:43:31    969216    ----a-w-    c:\program files\windows journal\JNWDRV.dll
2013-12-11 09:43:30    1221632    ----a-w-    c:\program files\windows journal\NBDoc.DLL
2013-12-11 09:43:20    175104    ----a-w-    c:\windows\system32\wintrust.dll
2013-12-11 09:42:52    1620992    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-12-11 09:42:37    86016    ----a-w-    c:\windows\system32\drivers\usbcir.sys
2013-12-11 09:42:37    80896    ----a-w-    c:\windows\system32\drivers\USBAUDIO.sys
2013-12-11 09:42:31    55808    ----a-w-    c:\windows\system32\drivers\hidclass.sys
2013-12-11 09:42:31    36352    ----a-w-    c:\windows\system32\drivers\usbscan.sys
2013-12-11 09:42:31    25728    ----a-w-    c:\windows\system32\drivers\hidparse.sys
2013-12-11 09:42:24    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-12-11 09:42:02    652800    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-12-11 09:40:28    918528    ----a-w-    c:\windows\system32\rdpcorets.dll
2013-12-11 09:40:28    31232    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2013-12-11 09:40:26    9728    ----a-w-    c:\windows\system32\Wdfres.dll
2013-12-11 09:40:26    527064    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2013-12-11 09:40:26    47720    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2013-12-11 09:40:22    81408    ----a-w-    c:\windows\system32\drivers\drmk.sys
2013-12-11 09:40:22    177152    ----a-w-    c:\windows\system32\drivers\portcls.sys
2013-12-11 09:40:20    305152    ----a-w-    c:\windows\system32\gdi32.dll
2013-12-11 09:40:18    680960    ----a-w-    c:\program files\windows defender\MpSvc.dll
2013-12-11 09:40:18    392704    ----a-w-    c:\program files\windows defender\MpClient.dll
2013-12-11 09:40:17    224768    ----a-w-    c:\program files\windows defender\MpCommu.dll
2013-12-11 09:34:21    1796096    ----a-w-    c:\windows\system32\authui.dll
2013-12-11 09:34:21    101720    ----a-w-    c:\windows\system32\consent.exe
2013-12-11 09:34:02    47104    ----a-w-    c:\windows\system32\appinfo.dll
2013-12-11 08:30:20    --------    d-----w-    c:\windows\system32\SPReview
2013-12-11 08:29:49    --------    d-----w-    c:\windows\system32\EventProviders
2013-12-11 06:17:58    --------    d-----w-    c:\users\risha\appdata\roaming\SUPERAntiSpyware.com
2013-12-11 06:17:20    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-12-11 06:17:20    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-12-11 05:30:52    1288984    ----a-w-    C:\ntdll_dump.dll
2013-12-10 21:05:55    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-10 18:26:08    --------    d-----w-    c:\windows\ERUNT
2013-12-10 17:50:58    98816    ----a-w-    c:\windows\sed.exe
2013-12-10 17:50:58    256000    ----a-w-    c:\windows\PEV.exe
2013-12-10 17:50:58    208896    ----a-w-    c:\windows\MBR.exe
2013-12-10 16:34:16    --------    d-----w-    C:\7f1a4fb2e7df46a91f8cfd081581a75e
2013-12-10 16:17:16    1785344    ----a-w-    c:\program files\windows journal\Journal.exe
2013-12-09 23:24:31    --------    d-----w-    C:\AdwCleaner
2013-12-09 19:21:50    74456    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-12-09 16:12:31    1060864    ----a-w-    c:\windows\system32\mfc71.dll
2013-12-09 15:15:40    --------    d-----w-    c:\programdata\COMODO
2013-12-09 15:15:04    --------    d-----w-    C:\first_launch
2013-12-09 08:18:06    2422272    ----a-w-    c:\windows\system32\wucltux.dll
2013-12-09 08:17:53    88576    ----a-w-    c:\windows\system32\wudriver.dll
2013-12-09 08:17:39    33792    ----a-w-    c:\windows\system32\wuapp.exe
2013-12-09 08:17:39    171904    ----a-w-    c:\windows\system32\wuwebv.dll
2013-12-09 07:51:46    --------    d-----w-    c:\users\risha\appdata\roaming\AVAST Software
2013-12-09 07:51:07    178304    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-12-09 07:51:05    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-12-09 07:51:04    774392    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-12-09 07:51:03    70384    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-12-09 07:51:01    79720    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-12-09 07:50:55    43152    ----a-w-    c:\windows\avastSS.scr
2013-12-09 07:50:24    --------    d-----w-    c:\program files\AVAST Software
2013-12-09 07:49:39    --------    d-----w-    c:\programdata\AVAST Software
2013-12-09 07:41:18    17226632    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2013-12-09 07:27:03    --------    d-----w-    c:\users\risha\appdata\local\Macromedia
2013-12-09 07:20:38    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-09 04:55:33    --------    d-----w-    c:\program files\CCleaner
2013-12-09 03:43:00    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-12-09 03:42:53    --------    d-----w-    c:\program files\Spybot - Search & Destroy 2
2013-12-09 03:11:23    --------    d-----w-    c:\users\risha\appdata\roaming\Malwarebytes
2013-12-09 03:11:10    --------    d-----w-    c:\programdata\Malwarebytes
2013-12-09 03:11:08    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-12-09 03:11:08    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-12-08 20:33:49    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-12-08 20:32:50    36864    ----a-w-    c:\windows\system32\tsgqec.dll
2013-12-08 20:32:50    3217408    ----a-w-    c:\windows\system32\mstscax.dll
2013-12-08 20:32:50    131584    ----a-w-    c:\windows\system32\aaclient.dll
2013-12-08 20:31:41    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2013-12-08 20:31:40    69632    ----a-w-    c:\windows\system32\smss.exe
2013-12-08 20:28:10    15872    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-12-08 20:23:50    240496    ----a-w-    c:\windows\system32\drivers\netio.sys
2013-12-08 20:23:50    187752    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2013-12-08 20:13:17    1389568    ----a-w-    c:\windows\system32\msxml6.dll
2013-12-08 20:08:56    376832    ----a-w-    c:\windows\system32\dpnet.dll
2013-12-08 20:08:56    2560    ----a-w-    c:\windows\system32\dpnaddr.dll
2013-12-08 20:07:54    78336    ----a-w-    c:\windows\system32\synceng.dll
2013-12-08 19:56:29    102912    ----a-w-    c:\windows\system32\browser.dll
2013-12-08 19:56:28    41984    ----a-w-    c:\windows\system32\browcli.dll
2013-12-08 19:55:53    542208    ----a-w-    c:\windows\system32\kerberos.dll
2013-12-08 19:51:17    769024    ----a-w-    c:\windows\system32\localspl.dll
2013-12-08 19:51:17    30208    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\winprint.dll
2013-12-08 19:50:48    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2013-12-08 19:50:48    1236992    ----a-w-    c:\windows\system32\msxml3.dll
2013-12-08 19:48:36    805376    ----a-w-    c:\windows\system32\cdosys.dll
2013-12-08 19:48:36    57344    ----a-w-    c:\program files\common files\system\ado\msador15.dll
2013-12-08 19:48:36    212992    ----a-w-    c:\program files\common files\system\msadc\msadco.dll
2013-12-08 19:48:36    143360    ----a-w-    c:\program files\common files\system\ado\msjro.dll
2013-12-08 19:48:36    1019904    ----a-w-    c:\program files\common files\system\ado\msado15.dll
2013-12-08 19:48:35    372736    ----a-w-    c:\program files\common files\system\ado\msadox.dll
2013-12-08 19:48:35    352256    ----a-w-    c:\program files\common files\system\ado\msadomd.dll
2013-12-08 19:47:52    8192    ----a-w-    c:\windows\system32\rdrmemptylst.exe
2013-12-08 19:47:52    58880    ----a-w-    c:\windows\system32\rdpwsx.dll
2013-12-08 19:47:52    129536    ----a-w-    c:\windows\system32\rdpcorekmts.dll
2013-12-08 19:47:28    183808    ----a-w-    c:\windows\system32\drivers\rdpwd.sys
2013-12-08 19:46:47    56176    ----a-w-    c:\windows\system32\drivers\partmgr.sys
2013-12-08 19:38:30    5120    ----a-w-    c:\windows\system32\wmi.dll
2013-12-08 19:38:30    19824    ----a-w-    c:\windows\system32\drivers\fs_rec.sys
2013-12-08 19:37:45    826880    ----a-w-    c:\windows\system32\rdpcore.dll
2013-12-08 19:37:45    24576    ----a-w-    c:\windows\system32\drivers\tdtcp.sys
2013-12-08 19:37:45    18432    ----a-w-    c:\windows\system32\drivers\tdpipe.sys
2013-12-08 19:37:45    15872    ----a-w-    c:\windows\system32\drivers\rdpvideominiport.sys
2013-12-08 19:37:45    134656    ----a-w-    c:\windows\system32\rdpudd.dll
2013-12-08 19:37:26    690688    ----a-w-    c:\windows\system32\msvcrt.dll
2013-12-08 19:36:38    314880    ----a-w-    c:\windows\system32\webio.dll
2013-12-08 19:35:43    514560    ----a-w-    c:\windows\system32\qdvd.dll
2013-12-08 19:35:43    1328128    ----a-w-    c:\windows\system32\quartz.dll
2013-12-08 19:34:31    67072    ----a-w-    c:\windows\system32\packager.dll
2013-12-08 19:28:41    534528    ----a-w-    c:\windows\system32\EncDec.dll
2013-12-08 19:27:05    24384    ----a-w-    c:\windows\system32\RegistryDefragBootTime.exe
2013-12-08 19:03:51    --------    d-----w-    c:\programdata\ProductData
2013-12-08 19:03:39    --------    d-----w-    c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-12-08 19:03:32    --------    d-----w-    c:\programdata\IObit
2013-12-08 19:03:30    --------    d-----w-    c:\users\risha\appdata\roaming\IObit
2013-12-08 19:03:15    --------    d-----w-    c:\program files\IObit
2013-12-08 18:59:41    --------    d-----w-    c:\windows\pss
2013-12-08 18:43:40    --------    d-----w-    c:\programdata\Oracle
2013-12-08 18:42:43    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-12-08 18:38:14    --------    d-----w-    c:\users\risha\appdata\roaming\TuneUp Software
2013-12-08 18:35:27    --------    d-----w-    c:\program files\iPod
2013-12-08 18:35:25    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-08 18:35:25    --------    d-----w-    c:\program files\iTunes
2013-12-08 18:23:05    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-12-08 18:23:05    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-12-08 18:23:05    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-12-08 18:23:05    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-12-08 18:23:05    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin.dll
2013-12-08 06:30:53    --------    d-----w-    c:\windows\system32\%LocalAppData%
.
==================== Find3M  ====================
.
2013-12-13 00:09:51    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 09:53:32    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-12-11 08:46:41    152576    ----a-w-    c:\windows\system32\msclmd.dll
2013-11-26 09:22:11    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56    61952    ----a-w-    c:\windows\system32\iesetup.dll
2013-11-26 08:52:26    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16    553472    ----a-w-    c:\windows\system32\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-26 07:32:06    1928192    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33    1820160    ----a-w-    c:\windows\system32\wininet.dll
2013-10-30 01:27:28    2349056    ----a-w-    c:\windows\system32\win32k.sys
2013-10-19 01:36:59    159232    ----a-w-    c:\windows\system32\imagehlp.dll
2013-10-12 02:04:36    121856    ----a-w-    c:\windows\system32\wshom.ocx
2013-10-12 02:03:31    163840    ----a-w-    c:\windows\system32\scrrun.dll
2013-10-12 02:03:08    656896    ----a-w-    c:\windows\system32\nshwfp.dll
2013-10-12 01:15:48    141824    ----a-w-    c:\windows\system32\wscript.exe
2013-10-12 01:15:48    126976    ----a-w-    c:\windows\system32\cscript.exe
2013-10-07 05:17:38    15400    ----a-w-    c:\windows\system32\drivers\hmd.sys
2013-10-07 05:17:38    15400    ----a-w-    c:\windows\inf\hmd\hmd.sys
2013-10-05 19:57:25    1168384    ----a-w-    c:\windows\system32\crypt32.dll
2013-09-25 02:01:08    136640    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:01:06    67520    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2013-09-25 01:57:46    99840    ----a-w-    c:\windows\system32\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    c:\windows\system32\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    c:\windows\system32\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    c:\windows\system32\ncrypt.dll
2013-09-25 01:56:02    1038848    ----a-w-    c:\windows\system32\lsasrv.dll
2013-09-25 00:49:20    22016    ----a-w-    c:\windows\system32\lsass.exe
2013-09-25 00:49:18    15872    ----a-w-    c:\windows\system32\sspisrv.dll
.
============= FINISH: 18:50:06.68 ===============
 

 

 



BC AdBot (Login to Remove)

 


#2 Marilyn07

Marilyn07
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 18 December 2013 - 01:58 PM

I fixed the problem by enabling Advanced System Care's "homepage protection"  Chatzum is gone from the registry!



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:06 PM

Posted 21 December 2013 - 09:13 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users