Unwanted Adult popup coming up while browsing

OP
rohitshakti2

rohitshakti2

In the zone
If the popup is coming in browsers, uninstall it and then reinstall again while resetting everything to default.
Give a screenshot of the processes and services tabs in Task manager.

I have uninstalled and installed many browsers since this virus has infected my PC, but it automatically finds the new browser and infects it too.

I tried to use combofix software for removing the virus and its report is given below:

ComboFix 15-03-25.01 - acer 03/26/2015 15:21:40.2.8 - x64
Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.3892.2625 [GMT 5.5:30]
Running from: c:\users\acer\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
.
---- Previous Run -------
.
c:\windows\BACKUP.35305634.inst_tsp.exe
c:\windows\BACKUP.91894146.killproc.exe
c:\windows\BACKUP.99389272.inst_tspx.exe
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-02-26 to 2015-03-26 )))))))))))))))))))))))))))))))
.
.
2015-03-26 09:54 . 2015-03-26 09:57 -------- d-----w- c:\users\acer\AppData\Local\temp
2015-03-26 09:54 . 2015-03-26 09:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-26 09:54 . 2015-03-26 09:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-03-26 09:14 . 2015-03-26 09:15 47493120 ----a-w- c:\program files (x86)\GUTB6EC.tmp
2015-03-26 09:14 . 2015-03-26 09:14 -------- d-----w- c:\program files (x86)\GUMB6DB.tmp
2015-03-26 08:17 . 2015-03-26 08:35 -------- d-----w- C:\FRST
2015-03-26 06:33 . 2015-03-26 09:49 -------- d-----w- c:\users\acer\AppData\Local\ElevatedDiagnostics
2015-03-26 05:47 . 2015-03-26 05:47 -------- d-----w- c:\programdata\McAfee Security Scan
2015-03-26 05:47 . 2015-03-26 05:47 -------- d-----w- c:\programdata\McAfee
2015-03-26 05:47 . 2015-03-26 05:47 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2015-03-26 05:39 . 2015-03-26 07:32 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-26 05:38 . 2015-03-17 00:45 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-26 05:38 . 2015-03-17 00:45 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-26 05:38 . 2015-03-17 00:45 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-26 05:23 . 2015-03-26 05:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2015-03-26 04:55 . 2015-03-26 04:55 -------- d-----w- c:\program files\CCleaner
2015-03-26 03:34 . 2015-03-26 03:34 269992 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin
2015-03-26 03:28 . 2015-03-26 03:28 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-03-26 03:24 . 2015-02-05 05:00 364512 ----a-w- c:\windows\system32\aswBoot.exe
2015-03-26 03:20 . 2015-03-26 03:20 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2015-03-25 08:34 . 2015-03-25 08:34 -------- d-----w- c:\users\acer\AppData\Roaming\AVAST Software
2015-03-25 07:25 . 2015-03-25 07:25 -------- d-----w- c:\users\acer\AppData\Roaming\Nero
2015-03-25 03:40 . 2015-03-26 05:00 -------- d-----w- c:\users\acer\AppData\Local\CrashDumps
2015-03-24 11:28 . 2015-03-24 11:28 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2015-03-24 11:28 . 2015-03-25 09:59 -------- d-----w- c:\programdata\Kaspersky Lab
2015-03-24 08:55 . 2015-03-24 08:55 -------- d-----w- c:\program files\Enigma Software Group
2015-03-24 08:43 . 2015-03-24 11:31 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2015-03-24 08:22 . 2015-03-24 08:22 -------- d-----w- C:\NPE
2015-03-24 08:08 . 2015-03-25 11:22 -------- d-----w- c:\programdata\Norton
2015-03-24 08:08 . 2015-03-25 04:31 -------- d-----w- c:\users\acer\AppData\Local\NPE
2015-03-24 03:38 . 2015-03-24 03:38 -------- d-----w- c:\program files\HitmanPro
2015-03-23 11:10 . 2015-03-23 11:10 -------- d-----w- c:\users\acer\.android
2015-03-23 09:40 . 2015-03-23 09:40 -------- d-s---w- c:\windows\SysWow64\Microsoft
2015-03-23 09:19 . 2015-03-24 08:53 -------- d-----w- c:\programdata\HitmanPro
2015-03-23 09:00 . 2015-03-24 03:48 -------- d-----w- C:\AdwCleaner
2015-03-23 05:23 . 2015-03-23 05:23 -------- d-----w- c:\users\Administrator\AppData\Local\Avg2015
2015-03-23 05:23 . 2015-03-23 05:23 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
2015-03-23 04:14 . 2015-03-25 11:22 -------- d-----w- c:\programdata\Avg_Update_0215pit
2015-03-20 11:33 . 2015-03-20 11:33 -------- d-----w- c:\users\acer\AppData\Local\Mozilla
2015-03-20 10:45 . 2015-03-20 10:45 -------- d-----w- c:\users\acer\AppData\Roaming\AVG2015
2015-03-20 10:42 . 2015-03-20 10:42 -------- d-----w- c:\users\acer\AppData\Roaming\TuneUp Software
2015-03-20 10:41 . 2015-03-20 10:43 -------- d-----w- c:\programdata\AVG2015
2015-03-20 10:41 . 2015-03-20 10:41 -------- d-----w- C:\$AVG
2015-03-20 10:40 . 2015-03-24 11:09 -------- d-----w- c:\program files (x86)\AVG
2015-03-20 10:25 . 2015-03-25 11:22 -------- d-----w- c:\programdata\MFAData
2015-03-20 10:25 . 2015-03-20 11:42 -------- d-----w- c:\users\acer\AppData\Local\Avg2015
2015-03-20 10:25 . 2015-03-20 10:25 -------- d--h--w- c:\programdata\Common Files
2015-03-20 10:25 . 2015-03-20 10:25 -------- d-----w- c:\users\acer\AppData\Local\MFAData
2015-03-19 10:19 . 2015-03-19 10:19 -------- d-----w- c:\users\acer\AppData\Local\Deployment
2015-03-19 10:19 . 2015-03-19 10:19 -------- d-----w- c:\users\acer\AppData\Local\Apps
2015-03-19 05:19 . 2015-03-26 05:38 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-03-19 05:19 . 2015-03-26 05:23 -------- d-----w- c:\programdata\Malwarebytes
2015-03-18 15:13 . 2015-03-18 15:13 -------- d-----w- c:\windows\system32\Logs
2015-03-18 15:06 . 2015-03-25 11:16 -------- d-s---w- c:\windows\system32\CompatTel
2015-03-17 07:29 . 2015-03-06 05:48 452608 ------w- c:\windows\SysWow64\SHCore.dll
2015-03-13 11:32 . 2015-03-25 11:24 -------- d-----w- c:\program files\Everything
2015-03-05 12:02 . 2015-03-05 12:02 -------- d-----w- C:\AVAST Software
2015-03-05 09:08 . 2015-03-05 10:32 -------- d-----w- C:\FFOutput
2015-03-05 09:04 . 2015-03-05 09:04 -------- d-----w- c:\program files (x86)\FreeTime
2015-03-03 05:06 . 2015-03-03 05:06 -------- d-----w- c:\users\acer\AppData\Roaming\Foxit Software
2015-03-03 05:06 . 2015-03-03 05:06 -------- d-----w- c:\program files (x86)\Foxit Software
2015-02-28 03:06 . 2015-02-28 03:06 -------- d-----w- c:\users\acer\ultracopier
2015-02-28 03:05 . 2015-03-26 02:09 -------- d-----w- c:\program files\Supercopier
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-26 03:24 . 2015-02-05 05:00 83280 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2015-02-23 03:45 . 2015-02-23 03:45 118 ----a-w- c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-02-06 02:20 . 2015-02-06 02:20 425 ----a-w- c:\windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-02-05 10:09 . 2015-02-05 10:09 454416 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2015-02-05 10:09 . 2015-02-05 10:09 2990808 ----a-w- c:\windows\system32\drivers\RTWlanU.sys
2015-02-05 10:08 . 2015-02-05 10:08 34544 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys
2015-02-05 09:55 . 2015-02-05 09:55 2893824 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-02-05 09:55 . 2015-02-05 09:55 2400256 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2015-02-05 09:45 . 2015-02-05 09:45 26528 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS
2015-02-05 05:00 . 2015-02-05 05:00 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-02-05 05:00 . 2015-02-05 05:00 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-02-05 05:00 . 2015-02-05 05:00 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-02-05 05:00 . 2015-02-05 05:00 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-02-05 05:00 . 2015-02-05 05:00 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-02-05 05:00 . 2015-02-05 05:00 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-02-05 05:00 . 2015-02-05 05:00 43152 ----a-w- c:\windows\avastSS.scr
2015-01-30 12:57 . 2014-06-12 11:55 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-01-30 12:57 . 2014-06-12 11:55 319912 ----a-w- c:\windows\system32\javaws.exe
2015-01-30 12:57 . 2014-06-12 11:55 191400 ----a-w- c:\windows\system32\javaw.exe
2015-01-30 12:57 . 2014-06-12 11:55 190888 ----a-w- c:\windows\system32\java.exe
2015-01-30 10:41 . 2015-01-30 10:41 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2015-01-29 07:46 . 2015-01-29 06:41 3698408 ----a-w- c:\windows\SysWow64\asapsdk.dll
2015-01-29 07:46 . 2015-01-29 06:41 1651432 ----a-w- c:\windows\SysWow64\contfilt.dll
2015-01-29 07:46 . 2015-01-29 06:41 180968 ----a-w- c:\windows\SysWow64\mwnsp64.dll
2015-01-29 07:46 . 2015-01-29 06:40 1681640 ----a-w- c:\windows\SysWow64\mwtsp64.dll
2015-01-29 07:46 . 2015-01-29 06:41 173288 ----a-w- c:\windows\SysWow64\mwnsp.dll
2015-01-29 07:46 . 2015-01-29 06:40 1377512 ----a-w- c:\windows\SysWow64\mwtsp.dll
2015-01-29 07:46 . 2015-01-29 06:40 238312 ----a-w- c:\windows\inst_tspx.exe
2015-01-29 07:46 . 2015-01-29 06:40 95976 ----a-w- c:\windows\inst_tsp.exe
2015-01-29 07:46 . 2015-01-29 07:46 350160 ----a-w- c:\windows\system32\drivers\trufos.sys
2015-01-29 07:45 . 2015-01-29 07:45 158 ----a-w- c:\windows\ERS.BAT
2015-01-29 07:45 . 2015-01-29 06:41 1982184 ----a-w- c:\windows\system32\test2.exe
2015-01-29 07:44 . 2015-01-29 06:41 1891048 ----a-w- c:\windows\SysWow64\contf64.dll
2015-01-29 07:44 . 2015-01-29 06:41 80616 ----a-w- c:\windows\killproc.exe
2015-01-29 06:42 . 2015-01-29 06:42 632064 ----a-w- c:\windows\SysWow64\msvcr80.dll
2015-01-29 06:42 . 2015-01-29 06:42 554240 ----a-w- c:\windows\SysWow64\msvcp80.dll
2015-01-29 06:42 . 2015-01-29 06:42 572928 ----a-w- c:\windows\SysWow64\msvcp90.dll
2015-01-29 06:42 . 2015-01-29 06:42 655872 ----a-w- c:\windows\SysWow64\msvcr90.dll
2015-01-29 06:41 . 2015-01-29 06:41 3800 ----a-w- c:\windows\winsbak.reg
2015-01-29 06:41 . 2015-01-29 06:41 139004 ----a-w- c:\windows\winsbak2.reg
2015-01-29 06:40 . 2015-01-29 06:40 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2015-01-29 06:40 . 2015-01-29 06:40 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2015-01-29 06:32 . 2012-07-26 08:13 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-12-31 07:42 . 2015-02-05 07:48 113365784 ----a-w- c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"ultracopier"="c:\program files\Supercopier\supercopier.exe" [2014-02-19 1089024]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-02-19 7416088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2014-04-03 134616]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-26 5227648]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2015-02-03 847576]
.
c:\users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
eyecare_0.8.lnk - c:\program files (x86)\Eyecare\eyecare_0.8.exe [2009-11-5 878563]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
TP-LINK Wireless Configuration Utility.lnk - c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe -nogui [2015-1-30 848384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 IMFservice;IMF Service; [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 StartMenuService;StartMenu8 Service; [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe;c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [x]
R3 RegFilter;RegFilter; [x]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 UrlFilter;UrlFilter; [x]
R4 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R4 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
R4 FileMonitor;FileMonitor; [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d63x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d63x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-26 09:14 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-29 07:19]
.
2015-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-29 07:19]
.
2015-03-26 c:\windows\Tasks\Uninstaller_SkipUac_acer.job
- c:\program files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-02-05 09:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2015-02-05 09:42 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-02-05 05:00 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-09 13672152]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2014-08-04 36352]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://acer13.msn.com
mStart Page = *www.google.com/?trackid=sp-006
mSearch Bar = *www.google.com/?trackid=sp-006
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: dataservice.net.in
Trusted Zone: mastermarts.com\direct
TCP: DhcpNameServer = 91.194.254.105 8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-Advanced SystemCare 8 - c:\program files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
c:\program files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
**************************************************************************
.
Completion time: 2015-03-26 15:31:32 - machine was rebooted
ComboFix-quarantined-files.txt 2015-03-26 10:01
.
Pre-Run: 191,225,864,192 bytes free
Post-Run: 191,250,915,328 bytes free
.
- - End Of File - - E9225FCF471C72A146121DC7C001947E
A36C5E4F47E84449FF07ED3517B43A31
 

SaiyanGoku

kamehameha!!
Download Teamviewer and configure it. And give it full admin access too. I'll try to remotely diagnose your PC.

You do have a stable 512 kbps unlimited connection right?
 
A

amit.tiger12

Guest
I am using Windows 8 on my PC. When I go online I am getting adult popups on my PC web pages. Whatever I click or whatever I do, this pop up keeps on coming and mostly on every new page or site, sometimes in the middle of the website but mostly on the right side. This virus also blocks my internet many a times a day and is making my PC extremely slow. I was earlier using AVG antivirus but after these popup coming I switched to anti-malware and avg internet security. But AVG was not able to detect it, but anti-malware is able to detect it sometimes and it shows it as Trojen.DNSchanger malware/virus but is not able to delete it. It only quantries it but it is still coming up. It is shown somewhere in registry files.

Then I installed MS antivirus and Kaspersky internet security after removing avg. But both are not able to find it and it keeps on coming. I also tried other anti malwares like spyboot, nortan power erazer but all in vain.

So till now I have used AVG Internet Security, Kaspersky internet security, Anti-malwarebytes, MS antivirus and malware removal, Spyboot4, Norton power erazer, housecall, adwcleaner, junkware removal tool but all have failed to remove this Trojan.

I am enclosing snaps of the pop up and a copy of my installed softwares on my PC.

Pls help.

Okay. So all problem is with virus...
I think that virus came from those pop-ups and infected everything on your computer...

now one thing..
uninstall every security/antivirus software you have already installed... and install this 360 Total Security free version... from here.. link below..

*free.360totalsecurity.com/totalsecurity/360TS_Setup_6.0.0.1154.exe

After installation do these things...
1. Click on "Virus Scan". Enable antivirus engine, image circled below. Avira and Bitdefender antivirus engine download and enable it.
*www.360totalsecurity.com/images/22eea003567563214fa1dccf8b5b68db4d436f73/features/ts/virus_scan-en.png

2. Now click on "Protection", then on "Configure", then select protection mode "Custom" and enable Every available protection, like "Privacy, Internet and System Protection"
*www.360totalsecurity.com/images/289a5b2c5f41e3c33e00cf1f57834e83c4e89ac6/features/ts/protection-en.png

3. After these settings done. click on "Virus Scan". Run "Full Scan". After full scan remove those virus. (but remember that step 1 of enabling antivirus engines of Avira & Bitdefender).

4. After this you can download & install "ublock" addon/extention for firefox/chrome browser..
Link below. According to your browser select link...
*addons.mozilla.org/en-US/firefox/addon/ublock/
*chrome.google.com/webstore/detail/ublock/cjpalhdlnbpafiamejdnhcphjbkeiagm

If you find everything difficult just message me. for more help. I can solve your problem remotely using TeamViewer etc etc :)
 

spxx

Broken In
which why you should install trusted add on and install no script , disable java [ mother of all exploits], i have addblock edge, no script , request policy , ghostry, ublock, and disconnect and no anti virus installed for last 7 years on windows , you yourself are best AV , have a good hardware firewall and never ever just click on links you don't trust.
 
A

amit.tiger12

Guest
^ put all this in understandable words... well said... there are people who never use antivirus/security like "me" :p and remove viruses by themselves like me :p
:)
 
OP
rohitshakti2

rohitshakti2

In the zone
Okay. So all problem is with virus...
I think that virus came from those pop-ups and infected everything on your computer...

now one thing..
uninstall every security/antivirus software you have already installed... and install this 360 Total Security free version... from here.. link below..

*free.360totalsecurity.com/totalsecurity/360TS_Setup_6.0.0.1154.exe

After installation do these things...
1. Click on "Virus Scan". Enable antivirus engine, image circled below. Avira and Bitdefender antivirus engine download and enable it.
*www.360totalsecurity.com/images/22eea003567563214fa1dccf8b5b68db4d436f73/features/ts/virus_scan-en.png

2. Now click on "Protection", then on "Configure", then select protection mode "Custom" and enable Every available protection, like "Privacy, Internet and System Protection"
*www.360totalsecurity.com/images/289a5b2c5f41e3c33e00cf1f57834e83c4e89ac6/features/ts/protection-en.png

3. After these settings done. click on "Virus Scan". Run "Full Scan". After full scan remove those virus. (but remember that step 1 of enabling antivirus engines of Avira & Bitdefender).

4. After this you can download & install "ublock" addon/extention for firefox/chrome browser..
Link below. According to your browser select link...
*addons.mozilla.org/en-US/firefox/addon/ublock/
*chrome.google.com/webstore/detail/ublock/cjpalhdlnbpafiamejdnhcphjbkeiagm

If you find everything difficult just message me. for more help. I can solve your problem remotely using TeamViewer etc etc :)

Currently I am using Avast antivirus Free version, is the above antivirus better than that and is there any software / application like adblock for Internet Explorer too ?
 
A

amit.tiger12

Guest
Currently I am using Avast antivirus Free version, is the above antivirus better than that and is there any software / application like adblock for Internet Explorer too ?

360 is better than any free software available.. and gives protection like paid software like (bitdefender, avira, kaspersky...)
more guidance/info can be asked here...
*www.digit.in/forum/software-q/138653-antivirus-guide-user-reviews.html

No for internet explorer there is nothing.. I don't use internet explorer.. You can get adblock plus or ublock on firefox, Chrome... they are really good browser..
or try new best of all browser... Vivaldi
*vivaldi.com/

HTML5test - How well does your browser support HTML5?
 

Flash

Lost in speed
There was an adblock for IE too. I used it for IE, before i switch to Chrome.
Adblock Plus for Internet Explorer - Free download and software reviews - CNET Download.com
 

dashing.sujay

Moving
Staff member
Currently I am using Avast antivirus Free version, is the above antivirus better than that and is there any software / application like adblock for Internet Explorer too ?

No for internet explorer there is nothing.. I don't use internet explorer.. You can get adblock plus or ublock on firefox, Chrome... they are really good browser..
or try new best of all browser...

adblockplus.org

Open this in IE.

- - - Updated - - -

All this "PUP" stuff can't be avoided by ad blockers in 99% of the case but your "sensible browsing" would surely do.

Plus no AV can protect against it because they grow much faster than AVs' update process. AdwCleaner + Mbam + Hitman pro (on demand scan) should be your best bet.

Have been dealing with it on daily basis as part of my job; damn nasty internet marketing.

PS: Find more info regarding PUPs' removal on bleepingcomputers.com.
 
OP
rohitshakti2

rohitshakti2

In the zone
Can anyone help here to as it seems to be error generated due to malware (above)

*www.digit.in/forum/networking/190884-getting-very-slow-internet-speed-mtnl-delhi.html
 
Top Bottom