Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked Chrome - DDS Log


  • This topic is locked This topic is locked
4 replies to this topic

#1 felipemazza

felipemazza

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 08 June 2014 - 10:15 AM

Hello everyone,
 
I request your help into looking into this log. Chrome is hijacked and there's some adware too. Thanks in advance!
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.51.2
Run by mrdalledone at 12:12:22 on 2014-06-08
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.55.1046.18.6011.3208 [GMT -3:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Conexant\SA3\CxUtilSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Mobogenie\MgAssist.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Conexant\SA3\SmartAudio3.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\mrdalledone\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3323880&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP03622FCA-53B5-4EF0-B646-A0C0534521BF&SSPV=
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Auxiliar de Conexão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [Facebook Update] "C:\Users\mrdalledone\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\mrdalledone\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
StartupFolder: C:\Users\MRDALL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\mrdalledone\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\MRDALL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 189.4.0.143 189.4.0.148
TCP: Interfaces\{3710ADF9-7A3E-4A27-AA61-E24A63C8D61B} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{6A8C2025-9E2C-4AB1-B6A0-2298E91CB3E9} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A97715B7-ADE2-47E2-8A72-3B77D942849A} : DHCPNameServer = 189.40.224.80 189.40.226.80
TCP: Interfaces\{F8CE1B6F-6AE7-4B56-9CDE-15AB3F39375D} : DHCPNameServer = 189.4.0.143 189.4.0.148
TCP: Interfaces\{F8CE1B6F-6AE7-4B56-9CDE-15AB3F39375D}\05F6C697E64696160213 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F8CE1B6F-6AE7-4B56-9CDE-15AB3F39375D}\4646D2772747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F8CE1B6F-6AE7-4B56-9CDE-15AB3F39375D}\74162696 : DHCPNameServer = 10.1.1.1
TCP: Interfaces\{F8CE1B6F-6AE7-4B56-9CDE-15AB3F39375D}\7594641454 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{F8CE1B6F-6AE7-4B56-9CDE-15AB3F39375D}\7594641454D21444D4 : DHCPNameServer = 10.135.31.12 10.135.31.10
TCP: Interfaces\{F8CE1B6F-6AE7-4B56-9CDE-15AB3F39375D}\96B656331303 : DHCPNameServer = 192.168.25.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify:  GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
SSODL: WebCheck - <orphaned>
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe /sa3 /nv:3.0 /dne /s
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Driver de comutação do controlador host Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hcs.sys [2012-6-27 16152]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2012-3-8 107648]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 CltMngSvc;Search Protect Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2014-5-23 2497856]
R2 CxUtilSvc;CxUtilSvc;C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe [2012-6-27 109184]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2013-11-12 196616]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2012-8-30 275440]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-27 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
R2 MgAssistService;MgAssist Service;C:\Program Files (x86)\Mobogenie\MgAssist.exe [2014-2-26 70848]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-7-6 578264]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-6-27 1695040]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-27 363800]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2012-3-8 159360]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2012-8-21 76960]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-3-8 36480]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-3-8 340096]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-3-8 111232]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-3-8 30848]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-3-8 168064]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-3-8 68736]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-3-8 281472]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-3-8 551552]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-6-27 176096]
R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2012-6-27 331264]
R3 iusb3hub;Driver para hub Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hub.sys [2012-6-27 356120]
R3 iusb3xhc;Driver de controlador host eXtensível Intel® USB 3.0;C:\Windows\System32\drivers\iusb3xhc.sys [2012-6-27 788760]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-6-27 104048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2012-6-27 313448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-08 09:17:23 -------- d-----w- C:\Users\mrdalledone\AppData\Local\{7DC25B8E-0144-443F-8513-7E2FC3A4C9E5}
2014-06-06 15:57:26 -------- d-----w- C:\Users\mrdalledone\AppData\Local\{EEAF0A15-1111-4136-B267-6816276C881D}
2014-06-05 17:06:03 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1D0C8953-D067-4AC4-BE6A-0ECD60F9DB8B}\mpengine.dll
2014-06-03 16:59:04 -------- d-----w- C:\Users\mrdalledone\AppData\Local\{408EDED0-9DE2-49B2-A32A-1CB39C7A5DAA}
2014-06-01 18:45:26 -------- d-----w- C:\Users\mrdalledone\AppData\Local\{085D4735-3E87-4C2A-8C32-A252B72380F5}
2014-05-31 02:31:42 -------- d-----w- C:\Users\mrdalledone\AppData\Local\{9A930A70-49C7-4029-A950-1A117D3EE96A}
2014-05-30 13:21:07 -------- d-----w- C:\Users\mrdalledone\AppData\Local\{FFDBF45D-ABFE-48EE-B015-2051C4FD7867}
2014-05-29 20:33:04 -------- d-----w- C:\Users\mrdalledone\AppData\Local\{637081BD-1B98-47E0-9826-D2D1B0A758DD}
2014-05-28 19:23:48 -------- d-----w- C:\Users\mrdalledone\AppData\Local\{EAA761C9-18F8-4790-B88C-C18D83627356}
2014-05-25 17:47:45 -------- d-----w- C:\Users\mrdalledone\AppData\Local\{0EB9C405-8126-40A4-951A-9E8D0E828476}
2014-05-22 15:18:59 -------- d-----w- C:\Users\mrdalledone\AppData\Local\{6C412AD9-8018-4A20-8FA0-EC137BE25BF7}
2014-05-21 16:51:44 -------- d-----w- C:\Users\mrdalledone\AppData\Local\{7963FC8A-4288-4C41-BC6D-6C93ABDF05A9}
2014-05-20 12:53:39 -------- d-----w- C:\Users\mrdalledone\AppData\Local\{557D2F42-D105-4A69-9BC7-2260241110BF}
2014-05-19 23:52:26 -------- d-----w- C:\Users\mrdalledone\AppData\Local\{28726149-A966-48CE-8377-4A8299A6455E}
2014-05-18 23:39:48 -------- d-----w- C:\Users\mrdalledone\AppData\Local\{1C5BB12B-0937-4FE5-BE88-9B2FB229DDC0}
2014-05-16 14:48:48 -------- d-----w- C:\Users\mrdalledone\AppData\Local\{3E63E606-4CAE-43B0-96B6-631D9B2E9DAB}
2014-05-14 16:53:38 -------- d-----w- C:\Users\mrdalledone\AppData\Local\{AFD100EA-13C2-4760-AE7B-8877A8B770EA}
2014-05-12 16:15:34 -------- d-----w- C:\Users\mrdalledone\AppData\Local\{B938560C-1997-4DD5-B6CD-0D5167828FED}
2014-05-11 15:54:18 -------- d-----w- C:\Users\mrdalledone\AppData\Local\{898E0137-CCB3-49B0-AA5A-B912F195F2D5}
2014-05-10 17:52:13 -------- d-----w- C:\Users\mrdalledone\AppData\Local\{7A3A698C-8CFA-401B-91E4-30C9BAACE3AB}
.
==================== Find3M  ====================
.
2014-03-31 12:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-19 23:35:32 720594 ----a-w- C:\Users\mrdalledone\AppData\Roaming\unins000.exe
.
============= FINISH: 12:12:58,33 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:29 PM

Posted 09 June 2014 - 01:23 PM

Good evening. :)

Please download AdwCleaner by Xplode from here and save it to your Desktop.

  • Close all open programs, including browsers.
  • Double click adwcleaner.exe to begin.
  • Click the I Agree button to continue.
  • Click on Scan and, once complete, click on Report and let me have the contents of the text that opens.
  • A copy of the text file will also be saved to C:\AdwCleaner[R*].txt - make sure you post the file with the biggest "R" number.


So long, and thanks for all the fish.

 

 


#3 felipemazza

felipemazza
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 10 June 2014 - 09:07 AM

Good morning.

 

Here is the report. The default language was set to portuguese, so, if you have any doubts, just ask me and I'll translate it.

I've not clicked the "Delete" button, since you didn't asked me to.

 

 

# AdwCleaner v3.212 - Relatório criado 10/06/2014 às 10:55:28
# Atualizado 05/06/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : mrdalledone - MRDALLEDONE-PC
# Executando de : C:\Users\mrdalledone\Desktop\AdwCleaner.exe
# Opção : Examinar
 
***** [ Serviços ] *****
 
Serviço Encontrado : CltMngSvc
Serviço Encontrado : MgAssistService
 
***** [ Arquivos / Pastas ] *****
 
Arquivo Encontrado : C:\Users\mrdalledone\daemonprocess.txt
Pasta Encontrado : C:\Program Files (x86)\Mobogenie
Pasta Encontrado : C:\Program Files (x86)\SearchProtect
Pasta Encontrado : C:\ProgramData\apn
Pasta Encontrado : C:\Users\MRDALL~1\AppData\Local\Temp\apn
Pasta Encontrado : C:\Users\MRDALL~1\AppData\Local\Temp\AskSearch
Pasta Encontrado : C:\Users\mrdalledone\AppData\Local\genienext
Pasta Encontrado : C:\Users\mrdalledone\AppData\Local\Mobogenie
Pasta Encontrado : C:\Users\mrdalledone\AppData\Local\SearchProtect
Pasta Encontrado : C:\Users\mrdalledone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Pasta Encontrado : C:\Users\mrdalledone\AppData\Roaming\newnext.me
Pasta Encontrado : C:\Users\mrdalledone\Documents\Mobogenie
Pasta Encontrado : C:\Windows\SysWOW64\SearchProtect
 
***** [ Atalhos ] *****
 
 
***** [ Registro ] *****
 
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chave Encontrada : HKCU\Software\SearchProtectINT
Chave Encontrada : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chave Encontrada : [x64] HKCU\Software\SearchProtectINT
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Chave Encontrada : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Chave Encontrada : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SearchProtectINT_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chave Encontrada : HKLM\Software\SearchProtect
Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Dados Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Dados Encontrada : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Valor Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Valor Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.conduit.com/?ctid=CT3323880&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP03622FCA-53B5-4EF0-B646-A0C0534521BF&SSPV=
 
-\\ Google Chrome v35.0.1916.114
 
[ Arquivo : C:\Users\mrdalledone\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Encontrada [Search Provider] : hxxp://www.search.ask.com/web?p2=%5EAKE%5EOSJ000%5EYY%5EBR&gct=&o=APN10452&tpid=ORJ-V7&itbv=12.0.1.100&doi=2013-08-07&apn_uid=E659E7EF-B163-413A-AC4F-4A7258EC1214&apn_ptnrs=AKE&apn_dtid=%5EOSJ000%5EYY%5EBR&apn_dbr=cr_28.0.1500.95&psv=&trgb=CR&q={searchTerms}
Encontrada [Search Provider] : hxxp://www.softonic.com.br/s/{searchTerms}
Encontrada [Search Provider] : hxxp://www.administradores.com.br/busca/?cx=000518322702875048515%3Awu_nmiday3s&cof=FORID%3A11&ie=UTF-8&num=100&q={searchTerms}&siteurl=www.administradores.com.br%2F&ref=www.bing.com%2Fsearch%3Fq%3Dpoeral%2520administradores%26pc%3Dconduit%26ptag%3DA4C842CF11DC549F290F%26form%3DCONBNT%26conlogo%3DCT3210127&ss=1836j469874j11
Encontrada [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3323880&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP03622FCA-53B5-4EF0-B646-A0C0534521BF&q=UCM_SEARCH_TERM&SSPV=&ISID=
Encontrada [Search Provider] : hxxp://br.ask.com/web?q={searchTerms}
Encontrada [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3323880&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP03622FCA-53B5-4EF0-B646-A0C0534521BF&SSPV=&ISID=
Encontrada [Homepage] : hxxp://search.conduit.com/?ctid=CT3323880&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP03622FCA-53B5-4EF0-B646-A0C0534521BF&SSPV=&ISID=
Encontrada [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Encontrada [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
AdwCleaner[R0].txt - [5959 octets] - [10/06/2014 10:55:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6019 octets] ##########

Attached Files



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:29 PM

Posted 10 June 2014 - 01:23 PM

Good evening. :)

Run ADW again and let it fix what it finds. Let me have the log that it produces and let me know if that solves your problem.


Edited by Noviciate, 12 June 2014 - 03:48 PM.
Edited for speeling. :)

So long, and thanks for all the fish.

 

 


#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:29 PM

Posted 15 June 2014 - 12:28 PM

As there has been no response for five days this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users