TechSpot

Browser Redirects to "Update to ____ required" Websites

Solved
By tony56
Jan 2, 2014
  1. Since this morning, Google Chrome will redirect whatever webpage I'm on to websites that say "______ is out of date and needs to be updated" every 20~40 minutes. So far, it appears that only chrome is affected. The laptop was with my cousin for the past few days since she was still waiting on her new laptop, but when I called her earlier, she said that she hasn't downloaded anything since getting the laptop. The MBAM and DDS logs are below.

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org
    Database version: v2014.01.02.01
    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16750
    Tony Long :: TONYWIN8 [administrator]
    2014-01-02 6:35:05 PM
    mbam-log-2014-01-02 (18-35-05).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 212626
    Time elapsed: 1 minute(s), 37 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.45.2
    Run by Tony Long at 18:41:43 on 2014-01-02
    Microsoft Windows 8 6.2.9200.0.1252.2.1033.18.8067.6034 [GMT -5:00]
    .
    AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\dwm.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Classic Shell\ClassicShellService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhostex.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Classic Shell\ClassicStartMenu.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
    C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Windows\system32\dashost.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
    C:\Program Files\Acer\Acer Launch Manager\LMMsg.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Windows\System32\RuntimeBroker.exe
    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
    C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\SysWOW64\C2MP\TrayMenu.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
    C:\Dolby PCEE4\pcee4.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
    C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
    C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\wmi64.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.ca/
    uDefault_Page_URL = hxxp://acer13.msn.com
    mWinlogon: Userinit = userinit.exe,
    BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
    BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
    TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    uRun: [FixMyRegistry] C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mExplorerRun: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
    StartupFolder: C:\Users\TONYLO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Sidebar.lnk - C:\Program Files\Windows Sidebar\sidebar.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\TrayMenu.lnk - C:\Windows\SysWOW64\C2MP\TrayMenu.exe
    IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
    IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
    DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://labo.erinn.biz/cs/mabiweb.2012.04.25.0.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{473B0CF1-2050-46E2-8FF5-AFA95F706079} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{473B0CF1-2050-46E2-8FF5-AFA95F706079}\0534E49687E23616 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{473B0CF1-2050-46E2-8FF5-AFA95F706079}\45F4E4957594E483F5E4564777F627B6 : DHCPNameServer = 207.238.87.34 208.77.2.11
    TCP: Interfaces\{473B0CF1-2050-46E2-8FF5-AFA95F706079}\C4F4E474132333 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{473B0CF1-2050-46E2-8FF5-AFA95F706079}\C4F4E474F584F4D454 : DHCPNameServer = 207.238.87.34 208.77.2.11
    TCP: Interfaces\{473B0CF1-2050-46E2-8FF5-AFA95F706079}\C4F4E474F5E4544575F425B4 : DHCPNameServer = 207.238.87.34 208.77.2.11
    TCP: Interfaces\{F1CEBD5D-4CB4-458C-9743-9CD450F7F169} : DHCPNameServer = 192.168.2.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
    x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
    x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
    x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
    x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
    x64-ExplorerRun: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
    x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
    x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
    x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
    x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-1-31 652784]
    R1 ccSet_NARA;NARA Settings Manager;C:\Windows\System32\Drivers\NARAx64\0401000.00E\ccSetx64.sys [2013-6-3 168608]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\Drivers\klim6.sys [2012-8-2 30304]
    R1 klwfp;klwfp;C:\Windows\System32\Drivers\klwfp.sys [2013-5-6 50448]
    R1 kneps;kneps;C:\Windows\System32\Drivers\kneps.sys [2013-5-6 178448]
    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe [2013-2-28 227968]
    R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2013-5-6 356128]
    R2 CCDMonitorService;CCDMonitorService;C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2013-2-27 2615368]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-6-3 128896]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-6-3 165760]
    R2 LMSvc;Launch Manager Service;C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [2013-3-14 431656]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-6-3 364416]
    R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2013-6-3 34384]
    R3 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2013-1-18 660040]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2013-5-13 342528]
    R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\Drivers\klkbdflt.sys [2013-5-6 29280]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\Drivers\klmouflt.sys [2013-5-6 29280]
    R3 LMDriver;Launch Manager Wireless Driver;C:\Windows\System32\Drivers\LMDriver.sys [2013-1-9 21360]
    R3 RadioShim;Shim for HID-KMDF Interface layer;C:\Windows\System32\Drivers\RadioShim.sys [2013-1-9 15704]
    R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-6-3 794184]
    R3 RTSPER;Realtek PCIE Card Reader - PER;C:\Windows\System32\Drivers\RtsPer.sys [2013-6-3 455240]
    R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-5-14 31984]
    S0 klelam;klelam;C:\Windows\System32\Drivers\klelam.sys [2012-7-27 29616]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
    S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2013-6-3 89168]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2013-6-3 346192]
    S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2013-6-3 115280]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2013-6-3 179432]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2013-6-3 77464]
    S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2013-6-3 136424]
    S3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2013-6-3 583760]
    S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
    S3 QRDCIO;Quanta Generic IO Access;C:\Windows\System32\Drivers\QRDCIO.sys [2013-6-3 9728]
    S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
    S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-8-15 3943104]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
    FileExt: .ini: Applications\WordPad.exe="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2013-12-31 18:37:29 -------- d-----w- C:\Users\Tony Long\AppData\Local\MusicPlayer
    2013-12-27 10:19:11 236208 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10229.bin
    2013-12-24 20:22:34 -------- d-----w- C:\Program Files\office.tmp
    2013-12-15 05:21:38 23350272 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2013-12-15 05:21:36 22615040 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2013-12-11 21:35:01 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-12-11 21:35:00 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
    2013-12-04 01:06:01 -------- d-----w- C:\ProgramData\Oracle
    .
    ==================== Find3M ====================
    .
    2013-12-11 14:53:46 30304 ----a-w- C:\Windows\System32\drivers\klim6.sys
    2013-12-11 14:53:45 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys
    2013-12-04 00:53:54 78304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-12-04 00:53:54 694240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-11-27 01:23:30 12872 ----a-w- C:\Windows\System32\bootdelete.exe
    2013-11-23 06:43:58 420864 ----a-w- C:\Windows\System32\WMPhoto.dll
    2013-11-23 05:05:01 368640 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-11-06 23:18:57 4036608 ----a-w- C:\Windows\System32\win32k.sys
    2013-11-01 05:38:21 312320 ----a-w- C:\Windows\System32\msieftp.dll
    2013-11-01 03:49:24 273408 ----a-w- C:\Windows\SysWow64\msieftp.dll
    2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll
    2013-10-25 06:19:12 915968 ----a-w- C:\Windows\System32\uxtheme.dll
    2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll
    2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-10-19 05:45:45 62976 ----a-w- C:\Windows\System32\imagehlp.dll
    2013-10-19 04:04:07 59392 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2013-10-10 11:53:35 96600 ----a-w- C:\Windows\System32\drivers\wfplwfs.sys
    2013-10-10 09:32:09 115712 ----a-w- C:\Windows\SysWow64\cscript.exe
    2013-10-10 09:30:50 162304 ----a-w- C:\Windows\SysWow64\scrobj.dll
    2013-10-10 09:30:50 156160 ----a-w- C:\Windows\SysWow64\scrrun.dll
    2013-10-10 09:24:02 143872 ----a-w- C:\Windows\System32\wshom.ocx
    2013-10-10 09:23:41 146944 ----a-w- C:\Windows\System32\cscript.exe
    2013-10-10 09:22:46 222720 ----a-w- C:\Windows\System32\scrobj.dll
    2013-10-10 09:22:46 194048 ----a-w- C:\Windows\System32\scrrun.dll
    2013-10-10 09:21:20 1160192 ----a-w- C:\Windows\System32\IKEEXT.DLL
    2013-10-10 09:20:43 723968 ----a-w- C:\Windows\System32\BFE.DLL
    2013-10-10 06:01:01 29280 ----a-w- C:\Windows\System32\drivers\klmouflt.sys
    2013-10-10 06:01:01 29280 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys
    2013-10-08 22:30:32 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
    2013-10-08 22:30:17 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll
    2013-10-08 22:30:17 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll
    2013-10-08 22:28:11 40448 ----a-w- C:\Windows\System32\wuapp.exe
    2013-10-08 22:27:56 99328 ----a-w- C:\Windows\System32\wudriver.dll
    2013-10-08 22:27:56 252928 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
    2013-10-08 22:27:56 1622016 ----a-w- C:\Windows\System32\wucltux.dll
    2013-10-08 22:27:56 142848 ----a-w- C:\Windows\System32\wuwebv.dll
    2013-10-08 22:27:45 175104 ----a-w- C:\Windows\System32\storewuauth.dll
    2013-10-08 12:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-10-05 06:10:20 285016 ----a-w- C:\Windows\System32\drivers\spaceport.sys
    .
    ============= FINISH: 18:41:51.43 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 8
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2013-08-30 3:45:58 PM
    System Uptime: 2014-01-02 6:14:08 PM (0 hours ago)
    .
    Motherboard: Acer | | Dazzle_CX
    Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz | U3E1 | 1801/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 94 GiB total, 25.456 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
    Description: Bluetooth USB Module
    Device ID: USB\VID_04CA&PID_3006\6&2DB963E2&0&3
    Manufacturer: Qualcomm Atheros Communications
    Name: Bluetooth USB Module
    PNP Device ID: USB\VID_04CA&PID_3006\6&2DB963E2&0&3
    Service: BTHUSB
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    clear.fi SDK- Movie 2
    clear.fi SDK - Video 2
    8GadgetPack
    Acer Launch Manager
    Acer Power Management
    Acer Recovery Management
    Acer USB Charge Manager
    AcerCloud Docs
    AcerCloud Portal
    Adobe Reader XI (11.0.05)
    Bandisoft MPEG-1 Decoder
    Bulk Rename Utility 2.7.1.2
    Classic Shell
    clear.fi Media
    clear.fi Photo
    CodeBlocks
    CosmicBreak_eng
    CyberLink MediaEspresso 6.5
    Dolby Home Theater v4
    Google Chrome
    Google Drive
    Google Update Helper
    IBM Installation Manager
    IBM Software Delivery Platform
    Identity Card
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel(R) SDK for OpenCL - CPU Only Runtime Package
    Intel® Trusted Connect Service Client
    Java 7 Update 25 (64-bit)
    Java 7 Update 45
    Java Auto Updater
    Java SE Development Kit 7 Update 25 (64-bit)
    Kaspersky Internet Security 2013
    Live Updater
    Mabinogi
    Malwarebytes Anti-Malware version 1.75.0.1300
    Media Player Codec Pack 4.2.9
    Microsoft SkyDrive
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Mulimedia Logic
    Nero BackItUp
    Nero BackItUp 12 Essentials OEM.a01
    Nero BackItUp Help (CHM)
    Nero ControlCenter
    Nero ControlCenter Help (CHM)
    Nero Core Components
    Nero Launcher
    Nero RescueAgent
    Nero RescueAgent Help (CHM)
    Nero Update
    Nexon Game Manager
    Norton Online Backup
    Norton Online Backup ARA
    Notepad++
    Office Addin
    Pokemon Showdown
    Prerequisite installer
    Qualcomm Atheros Bluetooth Suite (64)
    Qualcomm Atheros WLAN and Bluetooth Client Installation Program
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek PCIE Card Reader
    Shared C Run-time for x64
    Skype™ 6.11
    Spotify
    Synaptics Pointing Device Driver
    TDM/MinGW
    Vindictus
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio Tools for the Office system 3.0 Runtime
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
    Windows 8 Codec Pack 2.0.1
    WinRAR 4.20 (64-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2014-01-02 6:14:15 PM, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,992   +271

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    Is Chrome the only browser affected?
     
  3. tony56

    tony56 TS Rookie Topic Starter

    So far, IE hasn't been affected by it. I've had IE open throughout the day and have yet to be redirected.
     
  4. Broni

    Broni Malware Annihilator Posts: 47,992   +271

    OK.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  5. tony56

    tony56 TS Rookie Topic Starter

    # AdwCleaner v3.016 - Report created 02/01/2014 at 20:22:18
    # Updated 23/12/2013 by Xplode
    # Operating System : Windows 8 (64 bits)
    # Username : Tony Long - TONYWIN8
    # Running from : C:\Users\Tony Long\Downloads\adwcleaner.exe
    # Option : Clean
    ***** [ Services ] *****
    ***** [ Files / Folders ] *****
    ***** [ Shortcuts ] *****
    ***** [ Registry ] *****
    ***** [ Browsers ] *****
    -\\ Internet Explorer v10.0.9200.16537
    -\\ Google Chrome v31.0.1650.63
    [ File : C:\Users\Tony Long\AppData\Local\Google\Chrome\User Data\Default\preferences ]
    *************************
    AdwCleaner[R0].txt - [1016 octets] - [26/11/2013 19:27:58]
    AdwCleaner[R1].txt - [905 octets] - [26/11/2013 19:57:16]
    AdwCleaner[R2].txt - [1023 octets] - [26/11/2013 21:46:14]
    AdwCleaner[R3].txt - [1106 octets] - [26/11/2013 21:47:51]
    AdwCleaner[R4].txt - [1226 octets] - [02/01/2014 18:12:36]
    AdwCleaner[R5].txt - [1346 octets] - [02/01/2014 20:21:41]
    AdwCleaner[S0].txt - [1038 octets] - [26/11/2013 19:29:29]
    AdwCleaner[S1].txt - [969 octets] - [26/11/2013 19:58:04]
    AdwCleaner[S2].txt - [1089 octets] - [26/11/2013 21:47:12]
    AdwCleaner[S3].txt - [1168 octets] - [26/11/2013 21:48:39]
    AdwCleaner[S4].txt - [1288 octets] - [02/01/2014 18:13:33]
    AdwCleaner[S5].txt - [1268 octets] - [02/01/2014 20:22:18]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1328 octets] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.9 (01.01.2014:1)
    OS: Windows 8 x64
    Ran by Tony Long on 2014-01-02 at 20:24:48.53
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services
    ~~~ Registry Values
    ~~~ Registry Keys
    ~~~ Files
    ~~~ Folders
    ~~~ Event Viewer Logs were cleared
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 2014-01-02 at 20:28:54.47
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  6. Broni

    Broni Malware Annihilator Posts: 47,992   +271

    Reset Chrome...
    Click on "Customize and control Google Chrome":
    [​IMG]
    Click "Settings" then "Show advanced settings" at the bottom of the screen.
    Click "Reset browser settings" button.
    Restart Chrome.

    See if it helped.
     
  7. tony56

    tony56 TS Rookie Topic Starter

    Thing's seem fine so far, but I'll wait until tomorrow morning.
     
  8. Broni

    Broni Malware Annihilator Posts: 47,992   +271

    Let me know.
     
  9. tony56

    tony56 TS Rookie Topic Starter

    Everything seems fine now. Thanks for the help!
     
  10. Broni

    Broni Malware Annihilator Posts: 47,992   +271

    Good luck and stay safe :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.