Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adpeak infection, all attempts to remove kill other connected services


  • Please log in to reply
1 reply to this topic

#1 ectar

ectar

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:39 AM

Posted 06 January 2014 - 08:13 AM

I have an Adpeak infection but everytime I attempt a removal I am left unable to use Chrome, IE, Bonjour services, or connect to WoW. 
I have used a system restore to a point before the infection was fixed by Security Essentials. Thanks in advance
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by alaphwolf at 6:59:30 on 2014-01-06
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32718.29436 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter64.exe
C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsShellCenter64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Sysinternals\procexp.exe
C:\Users\ALAPHW~1\AppData\Local\Temp\procexp64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
uRun: [Actual Multiple Monitors] "C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
LSP: C:\Windows\System32\AdpeakProxy.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8B200ED4-30A3-47F5-86B6-46B7BC424CC8} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: taskmgr.exe - "C:\PROGRAM FILES (X86)\SYSINTERNALS\PROCEXP.EXE"
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: taskmgr.exe - "C:\PROGRAM FILES (X86)\SYSINTERNALS\PROCEXP.EXE"
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 134944]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2012-2-21 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2012-2-21 396776]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-10-29 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-11 726160]
R3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-11-15 126464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2013-10-2 38912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-14 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-14 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-14 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-13 1255736]
S4 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-15 15122208]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-11-11 414496]
.
=============== File Associations ===============
.
FileExt: .txt: Notepad++_file="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
FileExt: .ini: Notepad++_file="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
.
=============== Created Last 30 ================
.
2014-01-06 12:36:16 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{51B128CC-7043-4A37-A038-7189658993C7}\offreg.dll
2014-01-06 11:37:30 -------- d-----w- C:\AdwCleaner
2014-01-06 09:04:16 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{51B128CC-7043-4A37-A038-7189658993C7}\mpengine.dll
2014-01-05 10:25:30 -------- d-----w- C:\Windows\pss
2013-12-30 11:30:06 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-21 14:10:49 -------- d-----w- C:\Users\alaphwolf\AppData\Roaming\.minecraft
2013-12-14 18:12:06 -------- d-----w- C:\Program Files (x86)\Samsung Magician
2013-12-11 11:06:30 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-10 04:56:46 -------- d-----w- C:\Users\alaphwolf\AppData\Local\Black_Tree_Gaming
2013-12-10 04:56:43 -------- d-----w- C:\Program Files\Nexus Mod Manager
2013-12-10 04:51:20 -------- d-----w- C:\BOSS
2013-12-09 17:37:21 -------- d-----w- C:\Users\alaphwolf\AppData\Local\Skyrim
2013-12-09 16:11:58 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-12-09 16:11:58 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-12-09 16:11:58 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-12-09 16:11:58 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2013-12-09 16:11:58 -------- d-----w- C:\Program Files (x86)\OpenAL
.
==================== Find3M  ====================
.
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 10:21:41 267936 ----a-w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-11-11 15:02:02 6674208 ----a-w- C:\Windows\System32\nvcpl.dll
2013-11-11 15:02:02 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-11-11 15:01:59 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-11-11 15:01:59 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-11-11 15:01:59 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-11-11 15:01:58 3467927 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-11-11 14:59:28 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-18 01:36:09 1063200 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-10-18 01:36:08 955168 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-10-16 16:18:44 439296 ----a-w- C:\Windows\SysWow64\AdpeakProxy64.dll
2013-10-16 16:18:44 338944 ----a-w- C:\Windows\SysWow64\AdpeakProxy.dll
2013-10-16 00:48:05 1884448 ----a-w- C:\Windows\System32\nvdispco6433158.dll
2013-10-16 00:48:05 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433158.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-09-21 15:36:30 44 ---h--w- C:\Program Files (x86)\d26e53f0.tmp
.
============= FINISH:  6:59:37.38 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:07:39 AM

Posted 07 January 2014 - 11:33 PM

:welcome: to BC Forums, ectar !

 

:step1:  Please use the Farbar Recovery Scan Tool
Download > http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
Select the version that applies to your system.
Save it to your Desktop.

Double-click the downloaded file to run it.

When the tool opens click Yes to the disclaimer.

At the program's console, press the Scan button.

 

When done, the tool makes a log, FRST.txt, in the same directory from which the tool is run (Desktop).
>> Please provide the FRST.txt in your reply.

 

The first time the tool is run, it also makes another log: Addition.txt
>> Also post the Addition.txt in your reply.

 

:step2:  Next, please use the tool Zoek:
Download > http://hijackthis.nl/smeenk/
Select the .zip version, and save to the Desktop.

 

On the Desktop, right-click the .zip file, and select: Extract to Zoek\, or the option that extracts the tool to its own folder on the Desktop.

Open the new Zoek folder on the Desktop, and double-click zoek.exe to start the program. (Give it a few seconds to appear.)

 

If your AntiVirus warns you about the program, either allow Zoek to run, or temporarily disable your AV program.
Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

 

Next, copy/paste the entire script in the code box below to the input field of Zoek:

createsrpoint;
process;
filesrcm;
startupall;
installedprogs;
installer-list;
uninstall-list;
hijackthis;
firefoxlook;
chromelook; 
srinfo;
DIR /S /A:L "%systemdrive%\*">>"%temp%\log.txt";b

Note: This script is written only for use on this computer. Please do not use it on another computer even if the problems are similar!

Now...

  • Close any open Browsers.
  • Click the Run script button, and wait. It takes a few minutes to run all the script.
  • When the tool finishes, the zoek-results.log is opened in Notepad.
  • The log is also found on the systemdrive, normally C:\
  • If a reboot is needed log is opened after the reboot.

 

>> Please post the zoek-results.log in your reply.

 

 


Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users