Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Opens lots of Adaware and pops up new pages


  • This topic is locked This topic is locked
1 reply to this topic

#1 Pulin

Pulin

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 24 May 2014 - 01:09 AM

Hi,

Since last two days it seems that my computer is infected by Adaware/viruses. Whenever I open a new page and click somewhere on the page, it opens new page which is not intended. Alsao opens lots of pop ups. I have run Malwarebytes, rkill. I am using Google chrome, it also did same thing with Firefox.

I have run ComboFix and it's report is as follows. Pl. advise to fix this issue.

 

 

ComboFix 14-05-19.01 - Cent340 05/24/2014   0:45.3.2 - x64
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.4030.2323 [GMT -5:00]
Running from: c:\users\Cent340\Downloads\ComboFix.exe
AV: System Center Endpoint Protection *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: System Center Endpoint Protection *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-24 to 2014-05-24  )))))))))))))))))))))))))))))))
.
.
2014-05-24 05:51 . 2014-05-24 05:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-05-24 05:51 . 2014-05-24 05:51 -------- d-----w- c:\users\TSP\AppData\Local\temp
2014-05-24 05:51 . 2014-05-24 05:51 -------- d-----w- c:\users\tr_support\AppData\Local\temp
2014-05-24 05:51 . 2014-05-24 05:51 -------- d-----w- c:\users\pp20\AppData\Local\temp
2014-05-24 05:51 . 2014-05-24 05:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-24 05:40 . 2014-05-24 05:40 79064 ----a-w- c:\windows\system32\drivers\hvsywt.sys
2014-05-24 05:30 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27FC32AC-9986-4D19-9002-62135F3C4E87}\mpengine.dll
2014-05-23 07:59 . 2010-08-30 13:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-23 07:36 . 2014-05-23 15:49 -------- d-----w- C:\AdwCleaner
2014-05-23 07:11 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-23 07:11 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-23 07:11 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-23 07:11 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-23 06:59 . 2014-05-24 01:20 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-23 06:59 . 2014-05-12 12:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-23 06:59 . 2014-05-12 12:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-23 06:59 . 2014-05-12 12:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-23 06:54 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-23 06:51 . 2014-03-25 02:34 14179328 ----a-w- c:\windows\system32\shell32.dll
2014-05-23 06:51 . 2014-05-09 06:14 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-23 06:51 . 2014-05-09 06:11 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-23 04:50 . 2014-05-23 06:59 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-23 04:50 . 2014-05-23 04:50 -------- d-----w- c:\programdata\Malwarebytes
2014-05-22 23:44 . 2014-05-22 23:44 -------- d-----w- c:\windows\SysWow64\Garmin
2014-05-22 23:13 . 2014-05-04 16:28 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF954721-0726-44D5-B80A-46470E4E5A40}\gapaengine.dll
2014-05-12 17:33 . 2004-07-26 21:16 476320 ------w- c:\windows\SysWow64\ImagXpr7.dll
2014-05-12 17:33 . 2004-07-26 21:16 471040 ------w- c:\windows\SysWow64\ImagXRA7.dll
2014-05-12 17:33 . 2004-07-26 21:16 262144 ------w- c:\windows\SysWow64\ImagXR7.dll
2014-05-12 17:33 . 2004-07-26 21:16 1568768 ------w- c:\windows\SysWow64\ImagX7.dll
2014-05-12 17:33 . 2004-07-09 13:43 364544 ------w- c:\windows\SysWow64\TwnLib4.dll
2014-05-12 17:33 . 2000-06-26 15:45 106496 ----a-w- c:\windows\SysWow64\TwnLib20.dll
2014-05-12 17:33 . 2014-05-12 17:33 -------- d-----w- c:\program files (x86)\Ahead
2014-05-12 17:33 . 2014-05-12 17:33 -------- d-----w- c:\program files (x86)\Common Files\Ahead
2014-05-12 17:32 . 2014-05-12 17:32 -------- d-----w- c:\program files (x86)\Yahoo!
2014-05-02 02:26 . 2013-09-20 15:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-05-02 02:26 . 2014-05-23 09:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-05-02 02:26 . 2014-05-23 09:37 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-04-30 23:41 . 2014-04-30 23:41 -------- d-----w- c:\users\Cent340\.dvdcss
2014-04-26 00:27 . 2014-04-26 00:27 -------- d-----w- c:\users\Cent340\AppData\Roaming\Oracle
2014-04-26 00:27 . 2014-04-15 01:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-25 18:23 . 2014-04-25 18:23 80806080 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2014-04-25 18:23 . 2014-04-25 18:23 548024 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2014-04-25 18:23 . 2014-04-25 18:23 26134720 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2014-04-25 07:16 . 2014-04-25 07:16 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-04-25 04:00 . 2014-03-06 06:00 359936 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-04-25 04:00 . 2014-03-06 05:50 257536 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2014-04-25 04:00 . 2014-03-06 08:32 574976 ----a-w- c:\windows\system32\ieui.dll
2014-04-25 04:00 . 2014-03-06 08:57 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-04-25 04:00 . 2014-03-06 08:02 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-04-25 04:00 . 2014-03-06 08:36 222720 ----a-w- c:\program files\Internet Explorer\ielowutil.exe
2014-04-25 04:00 . 2014-03-06 07:44 222720 ----a-w- c:\program files (x86)\Internet Explorer\ielowutil.exe
2014-04-25 04:00 . 2014-03-06 07:03 470016 ----a-w- c:\program files (x86)\Internet Explorer\ieinstal.exe
2014-04-25 04:00 . 2014-03-08 02:34 293072 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2014-04-25 04:00 . 2014-03-08 01:59 235216 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2014-04-25 04:00 . 2014-03-06 07:44 482816 ----a-w- c:\program files\Internet Explorer\ieinstal.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-23 06:56 . 2012-03-21 15:28 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-04 16:28 . 2014-03-14 20:53 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-15 00:21 . 2014-04-15 00:21 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-04-15 00:21 . 2014-04-15 00:21 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-04-15 00:21 . 2014-04-15 00:21 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-04-15 00:21 . 2014-04-15 00:21 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-03-21 03:19 . 2014-03-21 03:19 53248 ----a-r- c:\users\Cent340\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2014-03-21 00:19 . 2014-03-20 23:24 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-03-11 20:07 . 2014-03-11 20:07 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
2014-03-11 14:52 . 2013-06-19 03:50 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-06 19:10 . 2014-03-06 19:10 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-03-06 19:10 . 2014-03-06 19:10 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-03-06 19:10 . 2014-03-06 19:10 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-03-06 19:10 . 2014-03-06 19:10 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-03-06 19:10 . 2014-03-06 19:10 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-03-06 19:10 . 2014-03-06 19:10 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-03-06 19:10 . 2014-03-06 19:10 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-03-06 19:10 . 2014-03-06 19:10 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-03-06 19:10 . 2014-03-06 19:10 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-03-06 19:10 . 2014-03-06 19:10 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-03-06 19:10 . 2014-03-06 19:10 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-03-06 19:10 . 2014-03-06 19:10 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-03-06 19:10 . 2014-03-06 19:10 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-03-06 19:10 . 2014-03-06 19:10 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-03-06 19:10 . 2014-03-06 19:10 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-03-06 19:10 . 2014-03-06 19:10 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-03-06 19:10 . 2014-03-06 19:10 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-03-06 19:10 . 2014-03-06 19:10 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-03-06 19:10 . 2014-03-06 19:10 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-03-06 19:10 . 2014-03-06 19:10 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-03-06 19:10 . 2014-03-06 19:10 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-03-06 19:10 . 2014-03-06 19:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-03-06 19:10 . 2014-03-06 19:10 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-03-06 19:10 . 2014-03-06 19:10 247808 ----a-w- c:\windows\system32\msls31.dll
2014-03-06 19:10 . 2014-03-06 19:10 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-03-06 19:10 . 2014-03-06 19:10 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-03-06 19:10 . 2014-03-06 19:10 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-03-06 19:10 . 2014-03-06 19:10 81408 ----a-w- c:\windows\system32\icardie.dll
2014-03-06 19:10 . 2014-03-06 19:10 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-03-06 19:10 . 2014-03-06 19:10 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-03-06 19:10 . 2014-03-06 19:10 413696 ----a-w- c:\windows\system32\html.iec
2014-03-06 19:10 . 2014-03-06 19:10 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-06 19:10 . 2014-03-06 19:10 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2014-03-06 19:10 . 2014-03-06 19:10 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-03-06 19:10 . 2014-03-06 19:10 235520 ----a-w- c:\windows\system32\url.dll
2014-03-06 19:10 . 2014-03-06 19:10 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-03-06 19:10 . 2014-03-06 19:10 143872 ----a-w- c:\windows\system32\wextract.exe
2014-03-06 19:10 . 2014-03-06 19:10 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-03-06 19:10 . 2014-03-06 19:10 101376 ----a-w- c:\windows\system32\inseng.dll
2014-03-06 19:10 . 2014-03-06 19:10 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-03-06 19:10 . 2014-03-06 19:10 774144 ----a-w- c:\windows\system32\jscript.dll
2014-03-06 19:10 . 2014-03-06 19:10 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-03-06 19:10 . 2014-03-06 19:10 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-03-06 19:10 . 2014-03-06 19:10 147968 ----a-w- c:\windows\system32\occache.dll
2014-03-06 19:10 . 2014-03-06 19:10 13824 ----a-w- c:\windows\system32\mshta.exe
2014-03-06 19:10 . 2014-03-06 19:10 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-03-04 09:44 . 2014-04-10 01:16 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-10 01:16 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-10 01:16 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-10 01:16 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-10 01:16 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-10 01:16 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-10 01:16 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-10 01:16 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-10 01:16 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-10 01:16 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-10 01:16 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1314816]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-04-25 4101584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" [2014-05-12 54072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-04-23 122200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
2;2 Nonbrand_WUS-N;Nonbrand_WUS-N Service;c:\program files (x86)\KEEBOX\150N Wireless Utility\ANIWZCSdS.exe;c:\program files (x86)\KEEBOX\150N Wireless Utility\ANIWZCSdS.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppdbulkio.sys;c:\windows\SYSNATIVE\drivers\hppdbulkio.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\Microsoft Policy Platform\policyHost.exe;c:\program files\Microsoft Policy Platform\policyHost.exe [x]
R3 lppsvc;Microsoft Policy Platform Processor;c:\program files\Microsoft Policy Platform\policyHost.exe;c:\program files\Microsoft Policy Platform\policyHost.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 tcm;tcm;c:\windows\system32\drivers\tcm.sys;c:\windows\SYSNATIVE\drivers\tcm.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys;c:\windows\SYSNATIVE\DRIVERS\anodlwfx.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 CmRcService;Configuration Manager Remote Control;c:\windows\CCM\RemCtrl\CmRcService.exe;c:\windows\CCM\RemCtrl\CmRcService.exe [x]
S2 DisplayFusionService;DisplayFusionService;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe;c:\program files (x86)\DisplayFusion\DisplayFusionService.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 IDFEndpointService;Identity Finder Endpoint Service;c:\program files (x86)\Identity Finder 5\idfEndpoint.exe;c:\program files (x86)\Identity Finder 5\idfEndpoint.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 Nonbrand_WUS-N_WPS;Nonbrand_WUS-N_WPS Service;c:\program files (x86)\KEEBOX\150N Wireless Utility\ANIWConnService.exe;c:\program files (x86)\KEEBOX\150N Wireless Utility\ANIWConnService.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 46176857
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - 46176857
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-21 20:22 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-18 17:04]
.
2014-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-18 17:04]
.
2014-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3894344012-970156269-1345102928-1006Core.job
- c:\users\Cent340\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-17 22:16]
.
2014-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3894344012-970156269-1345102928-1006UA.job
- c:\users\Cent340\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-17 22:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-04-08 19:22 2333400 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-04-08 19:22 2333400 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-04-08 19:22 2333400 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:14263;https=127.0.0.1:14263
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 172.27.35.1 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Cent340\AppData\Roaming\Mozilla\Firefox\Profiles\w8t92iyi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.txstate.edu/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-24  00:53:59
ComboFix-quarantined-files.txt  2014-05-24 05:53
ComboFix2.txt  2014-05-23 15:22
ComboFix3.txt  2014-05-23 07:56
.
Pre-Run: 124,978,470,912 bytes free
Post-Run: 124,868,218,880 bytes free
.
- - End Of File - - 570BAD80C329F9280C23FB87CF6B2CD5

Edited by hamluis, 24 May 2014 - 07:35 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,870 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:24 AM

Posted 24 May 2014 - 07:37 AM

Dupe, moved other to MRL, http://www.bleepingcomputer.com/forums/t/535371/unwanted-pages-in-chrome/ .

 

Topic closed to avoid confusion.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users