# Unwanted Adult popup coming up while browsing



## rohitshakti2 (Mar 25, 2015)

I am using Windows 8 on my PC.  When I go online I am getting adult popups on my PC web pages.  Whatever I click or whatever I do, this pop up keeps on coming and mostly on every new page or site, sometimes in the middle of the website but mostly on the right side.  This virus also blocks my internet many a times a day and is making my PC extremely slow.  I was earlier using AVG antivirus but after these popup coming I switched to anti-malware and avg internet security.  But AVG was not able to detect it, but anti-malware is able to detect it sometimes and it shows it as Trojen.DNSchanger malware/virus but is not able to delete it.  It only quantries it but it is still coming up.  It is shown somewhere in registry files.

Then I installed MS antivirus and Kaspersky internet security after removing avg.  But both are not able to find it and it keeps on coming.  I also tried other anti malwares like spyboot, nortan power erazer but all in vain.

So till now I have used AVG Internet Security, Kaspersky internet security,  Anti-malwarebytes, MS antivirus and malware removal, Spyboot4, Norton  power erazer, housecall, adwcleaner, junkware removal tool but all have  failed to remove this Trojan.

I am enclosing snaps of the pop up and a copy of my installed softwares on my PC.

Pls help.


----------



## bssunilreddy (Mar 25, 2015)

Use AdBlock Plus 2.6.8 Add-on in the firefox browser.


----------



## SaiyanGoku (Mar 25, 2015)

Use adblock (and it isn't same as adblock+ ) extension in chrome. Also set all plugins to *Click to play* instead of the default *Play All*

[strike]Attachment isn't visible, reupload on 3rd party image sharing sites. [/strike] Damn BSNL slow internet


----------



## bssunilreddy (Mar 25, 2015)

SaiyanGoku said:


> Use adblock (and it isn't same as adblock+ ) extension in chrome. Also set all plugins to *Click to play* instead of the default *Play All*
> 
> *Attachment isn't visible, reupload on 3rd party image sharing sites.*



All Attachments are visible to me though...

If you are using Chrome then no attachment will be visible as I am using Waterfox 64bit browser...


----------



## rohitshakti2 (Mar 25, 2015)

Thks for your quick replies.

I have installed adblock and will update if it is stopped.  But this virus is also blocking my internet and it should be removed in order to keep my online activity safe.

So what method should be used to erase this virus from my PC.

- - - Updated - - -

I just opened my IE and after putting the site add, my www changed to adult.....info/ and an adult site opened.  SO the virus is  present in PC and I have to remove it.


----------



## Flash (Mar 25, 2015)

Install malwarebytes, and scan the system.


----------



## rohitshakti2 (Mar 25, 2015)

It has also come up in firefox too after the installation of adblock.

I already have antimalwarebytes on my pc and it is able to detect it but is unable to cure it.


----------



## SaiyanGoku (Mar 25, 2015)

Boot into safe mode and do a complete scan using 360 Total Security (lightweight and fast), Avira, avast or any other antivirus.

Post a screenshot of the programs in *startup *tab in CCleaner.


----------



## vidhubhushan (Mar 25, 2015)

attachments are not visible to me as well. it just shows clear.gif on all of them.


----------



## rohitshakti2 (Mar 25, 2015)

*i61.tinypic.com/34j6icp.png

*i60.tinypic.com/2mpzu4l.jpg

*i57.tinypic.com/63vwxc.jpg

- - - Updated - - -

I now installed avast premier and did bootup scan but it didnot revealed anything.  Then i scanned the pc with antispywarebytes and it quantried the virus.

But now my pc internet has been blocked by the virus and I know this as the another pc connected with same modem is running internet fully.

I am trying to use the system restore to start the internet again as this virus changes the DNS settings.  Is there any other method to start the internet again after malware byte removes the DNS files?


----------



## ariftwister (Mar 25, 2015)

Attachments working for me.. Using chrome here..

As for the issue, using malwarebytes can you find the source of this virus??


----------



## SaiyanGoku (Mar 25, 2015)

Did you try booting into safe mode?


----------



## whitestar_999 (Mar 25, 2015)

just format the C drive.after that reinstall windows & this time install a good AV first(i recommend avira free or 360TS),update it & then scan entire pc.do not install anything else until then.btw just for future reference preventing viruses,malwares etc is far more easier than removing them.

P.S.i don't think such sophisticated malware relies on usual startup entries.i would use sysinternal tools to(process explorer & autoruns) to look for any suspicious dll or exe file at startup.


----------



## SaiyanGoku (Mar 25, 2015)

whitestar_999 said:


> just format the C drive.after that reinstall windows & this time install a good AV first(i recommend avira free or 360TS),update it & then scan entire pc.do not install anything else until then.btw just for future reference preventing viruses,malwares etc is far more easier than removing them.
> 
> P.S.i don't think such sophisticated malware relies on usual startup entries.i would use sysinternal tools to(process explorer & autoruns) to look for any suspicious dll or exe file at startup.



Don't you think formatting and reinstalling should be the last option? I've removed similar kinds of viruses and trojans from friends' laptops by booting into safe mode only.


----------



## whitestar_999 (Mar 25, 2015)

it depends on the person.i always recommend a format if good AVs can not remove something in normal mode because i don't want to take chances.


----------



## dashing.sujay (Mar 25, 2015)

Try hitman pro, and it's always recommended to run such a tool in safe mode for best results.


----------



## rohitshakti2 (Mar 26, 2015)

I did a system restore & chkdsk and now my internet is working.  I will now check with antivirus in safe mode & reply back.

- - - Updated - - -

If i remove the virus in safe mode will my internet settings change or not as when I remove this virus in normal mode is shutting down my internet.

*i58.tinypic.com/xmlrev.png


----------



## SaiyanGoku (Mar 26, 2015)

Just remove it in safe mode. It'll not change anything else. Safe mode is built for that purpose.


----------



## rohitshakti2 (Mar 26, 2015)

SaiyanGoku said:


> Just remove it in safe mode. It'll not change anything else. Safe mode is built for that purpose.



I removed it by going to safe mode but now after scanning in safe mode again and also in normal mode, no virus could be detected but popup are still there.

DOn't know what to do to remove it?


----------



## SaiyanGoku (Mar 26, 2015)

rohitshakti2 said:


> I removed it by going to safe mode but now after scanning in safe mode again and also in normal mode, no virus could be detected but popup are still there.
> 
> DOn't know what to do to remove it?



If the popup is coming in browsers, uninstall it and then reinstall again while resetting everything to default.
Give a screenshot of the *processes* and *services* tabs in Task manager.


----------



## rohitshakti2 (Mar 26, 2015)

SaiyanGoku said:


> If the popup is coming in browsers, uninstall it and then reinstall again while resetting everything to default.
> Give a screenshot of the *processes* and *services* tabs in Task manager.



I have uninstalled and installed many browsers since this virus has infected my PC, but it automatically finds the new browser and infects it too.

I tried to use combofix software for removing the virus and its report is given below:

ComboFix 15-03-25.01 - acer 03/26/2015  15:21:40.2.8 - x64
Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.3892.2625 [GMT 5.5:30]
Running from: c:\users\acer\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
.
---- Previous Run -------
.
c:\windows\BACKUP.35305634.inst_tsp.exe
c:\windows\BACKUP.91894146.killproc.exe
c:\windows\BACKUP.99389272.inst_tspx.exe
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected 
Restored copy from - c:\windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe 
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-26 to 2015-03-26  )))))))))))))))))))))))))))))))
.
.
2015-03-26 09:54 . 2015-03-26 09:57	--------	d-----w-	c:\users\acer\AppData\Local\temp
2015-03-26 09:54 . 2015-03-26 09:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-03-26 09:54 . 2015-03-26 09:54	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2015-03-26 09:14 . 2015-03-26 09:15	47493120	----a-w-	c:\program files (x86)\GUTB6EC.tmp
2015-03-26 09:14 . 2015-03-26 09:14	--------	d-----w-	c:\program files (x86)\GUMB6DB.tmp
2015-03-26 08:17 . 2015-03-26 08:35	--------	d-----w-	C:\FRST
2015-03-26 06:33 . 2015-03-26 09:49	--------	d-----w-	c:\users\acer\AppData\Local\ElevatedDiagnostics
2015-03-26 05:47 . 2015-03-26 05:47	--------	d-----w-	c:\programdata\McAfee Security Scan
2015-03-26 05:47 . 2015-03-26 05:47	--------	d-----w-	c:\programdata\McAfee
2015-03-26 05:47 . 2015-03-26 05:47	--------	d-----w-	c:\program files (x86)\McAfee Security Scan
2015-03-26 05:39 . 2015-03-26 07:32	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-26 05:38 . 2015-03-17 00:45	64216	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-03-26 05:38 . 2015-03-17 00:45	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-03-26 05:38 . 2015-03-17 00:45	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-03-26 05:23 . 2015-03-26 05:23	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2015-03-26 04:55 . 2015-03-26 04:55	--------	d-----w-	c:\program files\CCleaner
2015-03-26 03:34 . 2015-03-26 03:34	269992	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin
2015-03-26 03:28 . 2015-03-26 03:28	1050432	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2015-03-26 03:24 . 2015-02-05 05:00	364512	----a-w-	c:\windows\system32\aswBoot.exe
2015-03-26 03:20 . 2015-03-26 03:20	--------	d-----w-	c:\windows\ServiceProfiles\LocalService\winhttp
2015-03-25 08:34 . 2015-03-25 08:34	--------	d-----w-	c:\users\acer\AppData\Roaming\AVAST Software
2015-03-25 07:25 . 2015-03-25 07:25	--------	d-----w-	c:\users\acer\AppData\Roaming\Nero
2015-03-25 03:40 . 2015-03-26 05:00	--------	d-----w-	c:\users\acer\AppData\Local\CrashDumps
2015-03-24 11:28 . 2015-03-24 11:28	--------	d-----w-	c:\program files (x86)\Kaspersky Lab
2015-03-24 11:28 . 2015-03-25 09:59	--------	d-----w-	c:\programdata\Kaspersky Lab
2015-03-24 08:55 . 2015-03-24 08:55	--------	d-----w-	c:\program files\Enigma Software Group
2015-03-24 08:43 . 2015-03-24 11:31	--------	d-----w-	c:\programdata\Kaspersky Lab Setup Files
2015-03-24 08:22 . 2015-03-24 08:22	--------	d-----w-	C:\NPE
2015-03-24 08:08 . 2015-03-25 11:22	--------	d-----w-	c:\programdata\Norton
2015-03-24 08:08 . 2015-03-25 04:31	--------	d-----w-	c:\users\acer\AppData\Local\NPE
2015-03-24 03:38 . 2015-03-24 03:38	--------	d-----w-	c:\program files\HitmanPro
2015-03-23 11:10 . 2015-03-23 11:10	--------	d-----w-	c:\users\acer\.android
2015-03-23 09:40 . 2015-03-23 09:40	--------	d-s---w-	c:\windows\SysWow64\Microsoft
2015-03-23 09:19 . 2015-03-24 08:53	--------	d-----w-	c:\programdata\HitmanPro
2015-03-23 09:00 . 2015-03-24 03:48	--------	d-----w-	C:\AdwCleaner
2015-03-23 05:23 . 2015-03-23 05:23	--------	d-----w-	c:\users\Administrator\AppData\Local\Avg2015
2015-03-23 05:23 . 2015-03-23 05:23	--------	d-----w-	c:\users\Administrator\AppData\Local\Mozilla
2015-03-23 04:14 . 2015-03-25 11:22	--------	d-----w-	c:\programdata\Avg_Update_0215pit
2015-03-20 11:33 . 2015-03-20 11:33	--------	d-----w-	c:\users\acer\AppData\Local\Mozilla
2015-03-20 10:45 . 2015-03-20 10:45	--------	d-----w-	c:\users\acer\AppData\Roaming\AVG2015
2015-03-20 10:42 . 2015-03-20 10:42	--------	d-----w-	c:\users\acer\AppData\Roaming\TuneUp Software
2015-03-20 10:41 . 2015-03-20 10:43	--------	d-----w-	c:\programdata\AVG2015
2015-03-20 10:41 . 2015-03-20 10:41	--------	d-----w-	C:\$AVG
2015-03-20 10:40 . 2015-03-24 11:09	--------	d-----w-	c:\program files (x86)\AVG
2015-03-20 10:25 . 2015-03-25 11:22	--------	d-----w-	c:\programdata\MFAData
2015-03-20 10:25 . 2015-03-20 11:42	--------	d-----w-	c:\users\acer\AppData\Local\Avg2015
2015-03-20 10:25 . 2015-03-20 10:25	--------	d--h--w-	c:\programdata\Common Files
2015-03-20 10:25 . 2015-03-20 10:25	--------	d-----w-	c:\users\acer\AppData\Local\MFAData
2015-03-19 10:19 . 2015-03-19 10:19	--------	d-----w-	c:\users\acer\AppData\Local\Deployment
2015-03-19 10:19 . 2015-03-19 10:19	--------	d-----w-	c:\users\acer\AppData\Local\Apps
2015-03-19 05:19 . 2015-03-26 05:38	--------	d-----w-	c:\program files (x86)\Malwarebytes Anti-Malware
2015-03-19 05:19 . 2015-03-26 05:23	--------	d-----w-	c:\programdata\Malwarebytes
2015-03-18 15:13 . 2015-03-18 15:13	--------	d-----w-	c:\windows\system32\Logs
2015-03-18 15:06 . 2015-03-25 11:16	--------	d-s---w-	c:\windows\system32\CompatTel
2015-03-17 07:29 . 2015-03-06 05:48	452608	------w-	c:\windows\SysWow64\SHCore.dll
2015-03-13 11:32 . 2015-03-25 11:24	--------	d-----w-	c:\program files\Everything
2015-03-05 12:02 . 2015-03-05 12:02	--------	d-----w-	C:\AVAST Software
2015-03-05 09:08 . 2015-03-05 10:32	--------	d-----w-	C:\FFOutput
2015-03-05 09:04 . 2015-03-05 09:04	--------	d-----w-	c:\program files (x86)\FreeTime
2015-03-03 05:06 . 2015-03-03 05:06	--------	d-----w-	c:\users\acer\AppData\Roaming\Foxit Software
2015-03-03 05:06 . 2015-03-03 05:06	--------	d-----w-	c:\program files (x86)\Foxit Software
2015-02-28 03:06 . 2015-02-28 03:06	--------	d-----w-	c:\users\acer\ultracopier
2015-02-28 03:05 . 2015-03-26 02:09	--------	d-----w-	c:\program files\Supercopier
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-26 03:24 . 2015-02-05 05:00	83280	----a-w-	c:\windows\system32\drivers\aswmonflt.sys
2015-02-23 03:45 . 2015-02-23 03:45	118	----a-w-	c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-02-06 02:20 . 2015-02-06 02:20	425	----a-w-	c:\windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-02-05 10:09 . 2015-02-05 10:09	454416	----a-w-	c:\windows\system32\drivers\IntcDAud.sys
2015-02-05 10:09 . 2015-02-05 10:09	2990808	----a-w-	c:\windows\system32\drivers\RTWlanU.sys
2015-02-05 10:08 . 2015-02-05 10:08	34544	----a-w-	c:\windows\system32\drivers\Smb_driver_Intel.sys
2015-02-05 09:55 . 2015-02-05 09:55	2893824	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2015-02-05 09:55 . 2015-02-05 09:55	2400256	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2015-02-05 09:45 . 2015-02-05 09:45	26528	----a-w-	c:\windows\SysWow64\drivers\HWiNFO64A.SYS
2015-02-05 05:00 . 2015-02-05 05:00	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2015-02-05 05:00 . 2015-02-05 05:00	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2015-02-05 05:00 . 2015-02-05 05:00	436624	----a-w-	c:\windows\system32\drivers\aswSP.sys
2015-02-05 05:00 . 2015-02-05 05:00	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2015-02-05 05:00 . 2015-02-05 05:00	267632	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2015-02-05 05:00 . 2015-02-05 05:00	116728	----a-w-	c:\windows\system32\drivers\aswStm.sys
2015-02-05 05:00 . 2015-02-05 05:00	43152	----a-w-	c:\windows\avastSS.scr
2015-01-30 12:57 . 2014-06-12 11:55	111016	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2015-01-30 12:57 . 2014-06-12 11:55	319912	----a-w-	c:\windows\system32\javaws.exe
2015-01-30 12:57 . 2014-06-12 11:55	191400	----a-w-	c:\windows\system32\javaw.exe
2015-01-30 12:57 . 2014-06-12 11:55	190888	----a-w-	c:\windows\system32\java.exe
2015-01-30 10:41 . 2015-01-30 10:41	283064	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2015-01-29 07:46 . 2015-01-29 06:41	3698408	----a-w-	c:\windows\SysWow64\asapsdk.dll
2015-01-29 07:46 . 2015-01-29 06:41	1651432	----a-w-	c:\windows\SysWow64\contfilt.dll
2015-01-29 07:46 . 2015-01-29 06:41	180968	----a-w-	c:\windows\SysWow64\mwnsp64.dll
2015-01-29 07:46 . 2015-01-29 06:40	1681640	----a-w-	c:\windows\SysWow64\mwtsp64.dll
2015-01-29 07:46 . 2015-01-29 06:41	173288	----a-w-	c:\windows\SysWow64\mwnsp.dll
2015-01-29 07:46 . 2015-01-29 06:40	1377512	----a-w-	c:\windows\SysWow64\mwtsp.dll
2015-01-29 07:46 . 2015-01-29 06:40	238312	----a-w-	c:\windows\inst_tspx.exe
2015-01-29 07:46 . 2015-01-29 06:40	95976	----a-w-	c:\windows\inst_tsp.exe
2015-01-29 07:46 . 2015-01-29 07:46	350160	----a-w-	c:\windows\system32\drivers\trufos.sys
2015-01-29 07:45 . 2015-01-29 07:45	158	----a-w-	c:\windows\ERS.BAT
2015-01-29 07:45 . 2015-01-29 06:41	1982184	----a-w-	c:\windows\system32\test2.exe
2015-01-29 07:44 . 2015-01-29 06:41	1891048	----a-w-	c:\windows\SysWow64\contf64.dll
2015-01-29 07:44 . 2015-01-29 06:41	80616	----a-w-	c:\windows\killproc.exe
2015-01-29 06:42 . 2015-01-29 06:42	632064	----a-w-	c:\windows\SysWow64\msvcr80.dll
2015-01-29 06:42 . 2015-01-29 06:42	554240	----a-w-	c:\windows\SysWow64\msvcp80.dll
2015-01-29 06:42 . 2015-01-29 06:42	572928	----a-w-	c:\windows\SysWow64\msvcp90.dll
2015-01-29 06:42 . 2015-01-29 06:42	655872	----a-w-	c:\windows\SysWow64\msvcr90.dll
2015-01-29 06:41 . 2015-01-29 06:41	3800	----a-w-	c:\windows\winsbak.reg
2015-01-29 06:41 . 2015-01-29 06:41	139004	----a-w-	c:\windows\winsbak2.reg
2015-01-29 06:40 . 2015-01-29 06:40	50784	----a-w-	c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2015-01-29 06:40 . 2015-01-29 06:40	17536	----a-w-	c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2015-01-29 06:32 . 2012-07-26 08:13	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-12-31 07:42 . 2015-02-05 07:48	113365784	----a-w-	c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"ultracopier"="c:\program files\Supercopier\supercopier.exe" [2014-02-19 1089024]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-02-19 7416088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2014-04-03 134616]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-26 5227648]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2015-02-03 847576]
.
c:\users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
eyecare_0.8.lnk - c:\program files (x86)\Eyecare\eyecare_0.8.exe [2009-11-5 878563]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
TP-LINK Wireless Configuration Utility.lnk - c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe -nogui [2015-1-30 848384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
R2 IMFservice;IMF Service; [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 StartMenuService;StartMenu8 Service; [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe;c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WPS\jswpsapi.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [x]
R3 RegFilter;RegFilter; [x]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 UrlFilter;UrlFilter; [x]
R4 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R4 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
R4 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe;c:\program files (x86)\BlueStacks\HD-UpdaterService.exe [x]
R4 FileMonitor;FileMonitor; [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d63x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d63x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-26 09:14	1061704	----a-w-	c:\program files (x86)\Google\Chrome\Application\41.0.2272.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-29 07:19]
.
2015-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-01-29 07:19]
.
2015-03-26 c:\windows\Tasks\Uninstaller_SkipUac_acer.job
- c:\program files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-02-05 09:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2015-02-05 09:42	2471744	----a-w-	c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-02-05 05:00	860984	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-05-09 13672152]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2014-08-04 36352]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://acer13.msn.com
mStart Page = *www.google.com/?trackid=sp-006
mSearch Bar = *www.google.com/?trackid=sp-006
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: dataservice.net.in
Trusted Zone: mastermarts.com\direct
TCP: DhcpNameServer = 91.194.254.105 8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-Advanced SystemCare 8 - c:\program files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
c:\program files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
c:\program files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
**************************************************************************
.
Completion time: 2015-03-26  15:31:32 - machine was rebooted
ComboFix-quarantined-files.txt  2015-03-26 10:01
.
Pre-Run: 191,225,864,192 bytes free
Post-Run: 191,250,915,328 bytes free
.
- - End Of File - - E9225FCF471C72A146121DC7C001947E
A36C5E4F47E84449FF07ED3517B43A31


----------



## SaiyanGoku (Mar 26, 2015)

Download Teamviewer and configure it. And give it full admin access too. I'll try to remotely diagnose your PC.

You do have a stable 512 kbps unlimited connection right?


----------



## rohitshakti2 (Mar 26, 2015)

yes i hv team viewer.  I have 512 kbps broadband mtnl Delhi.  Pls send me yr no. through pm.


----------



## SaiyanGoku (Mar 26, 2015)

rohitshakti2 said:


> yes i hv team viewer.  I have 512 kbps broadband mtnl Delhi.  Pls send me yr no. through pm.


Just PM me your partner id. I don't see how my contact number is needed for teamviewer.


----------



## rohitshakti2 (Mar 26, 2015)

Thanks to SaiyanGoku for helping me solve my problem.  

Thanks again.


----------



## amit.tiger12 (Mar 26, 2015)

rohitshakti2 said:


> I am using Windows 8 on my PC.  When I go online I am getting adult popups on my PC web pages.  Whatever I click or whatever I do, this pop up keeps on coming and mostly on every new page or site, sometimes in the middle of the website but mostly on the right side.  This virus also blocks my internet many a times a day and is making my PC extremely slow.  I was earlier using AVG antivirus but after these popup coming I switched to anti-malware and avg internet security.  But AVG was not able to detect it, but anti-malware is able to detect it sometimes and it shows it as Trojen.DNSchanger malware/virus but is not able to delete it.  It only quantries it but it is still coming up.  It is shown somewhere in registry files.
> 
> Then I installed MS antivirus and Kaspersky internet security after removing avg.  But both are not able to find it and it keeps on coming.  I also tried other anti malwares like spyboot, nortan power erazer but all in vain.
> 
> ...



Okay. So all problem is with virus...
I think that virus came from those pop-ups and infected everything on your computer...

now one thing..
uninstall every security/antivirus software you have already installed... and install this 360 Total Security free version... from here.. link below..

*free.360totalsecurity.com/totalsecurity/360TS_Setup_6.0.0.1154.exe

After installation do these things...
1. Click on "Virus Scan". Enable antivirus engine, image circled below. Avira and Bitdefender antivirus engine download and enable it.
*www.360totalsecurity.com/images/22eea003567563214fa1dccf8b5b68db4d436f73/features/ts/virus_scan-en.png

2. Now click on "Protection", then on "Configure", then select protection mode "Custom" and enable Every available protection, like "Privacy, Internet and System Protection"
*www.360totalsecurity.com/images/289a5b2c5f41e3c33e00cf1f57834e83c4e89ac6/features/ts/protection-en.png

3. After these settings done. click on "Virus Scan". Run "Full Scan". After full scan remove those virus. (but remember that step 1 of enabling antivirus engines of Avira & Bitdefender).

4. After this you can download & install "ublock" addon/extention for firefox/chrome browser..
Link below. According to your browser select link...
*addons.mozilla.org/en-US/firefox/addon/ublock/
*chrome.google.com/webstore/detail/ublock/cjpalhdlnbpafiamejdnhcphjbkeiagm

If you find everything difficult just message me. for more help. I can solve your problem remotely using TeamViewer etc etc


----------



## SaiyanGoku (Mar 26, 2015)

amit.tiger12 said:


> ~snip~



You're late buddy, his problem has been solved.


----------



## amit.tiger12 (Mar 26, 2015)

SaiyanGoku said:


> You're late buddy, his problem has been solved. *www.digit.in/forum/images/smilies/tongue.gif



yep read that late..


----------



## geek_rocker (Mar 26, 2015)

SaiyanGoku said:


> You're late buddy, his problem has been solved.



So what did you do? And why was Avast not detecting this?


----------



## SaiyanGoku (Mar 26, 2015)

geek_rocker said:


> So what did you do? And why was Avast not detecting this?



Most probably a browser extension which was a fake adblock. Removed every fake and updated the actual one. Then did cleanup using CCleaner.
I didn't find anything else wrong with his system.


----------



## spxx (Mar 26, 2015)

which why you should install trusted add on and install no script , disable java [ mother of all exploits], i have addblock edge, no script , request policy   , ghostry, ublock, and disconnect and no anti virus installed for last 7 years on windows , you yourself are best AV , have a good hardware firewall and never ever just click on links you don't trust.


----------



## amit.tiger12 (Mar 26, 2015)

^ put all this in understandable words... well said... there are people who never use antivirus/security like "me"  and remove viruses by themselves like me


----------



## nikhilsharma007nikx (Mar 27, 2015)

^same


----------



## rohitshakti2 (Mar 30, 2015)

amit.tiger12 said:


> Okay. So all problem is with virus...
> I think that virus came from those pop-ups and infected everything on your computer...
> 
> now one thing..
> ...



Currently I am using Avast antivirus Free version, is the above antivirus better than that and is there any software / application like adblock for Internet Explorer too ?


----------



## amit.tiger12 (Mar 30, 2015)

rohitshakti2 said:


> Currently I am using Avast antivirus Free version, is the above antivirus better than that and is there any software / application like adblock for Internet Explorer too ?



360 is better than any free software available.. and gives protection like paid software like (bitdefender, avira, kaspersky...)
more guidance/info can be asked here...
*www.digit.in/forum/software-q/138653-antivirus-guide-user-reviews.html

No for internet explorer there is nothing.. I don't use internet explorer.. You can get adblock plus or ublock on firefox, Chrome... they are really good browser..
or try new best of all browser... Vivaldi
*vivaldi.com/

HTML5test - How well does your browser support HTML5?


----------



## SaiyanGoku (Mar 30, 2015)

Stick to only a single adblock for chrome which I updated on your PC. Don't use multiple adblocks for a single browser.


----------



## Flash (Mar 30, 2015)

There was an adblock for IE too. I used it for IE, before i switch to Chrome.
Adblock Plus for Internet Explorer - Free download and software reviews - CNET Download.com


----------



## dashing.sujay (Mar 31, 2015)

rohitshakti2 said:


> Currently I am using Avast antivirus Free version, is the above antivirus better than that and is there any software / application like adblock for Internet Explorer too ?





amit.tiger12 said:


> No for internet explorer there is nothing.. I don't use internet explorer.. You can get adblock plus or ublock on firefox, Chrome... they are really good browser..
> or try new best of all browser...



adblockplus.org

Open this in IE.

- - - Updated - - -

All this "PUP" stuff can't be avoided by ad blockers in 99% of the case but your "sensible browsing" would surely do.

Plus no AV can protect against it because they grow much faster than AVs' update process. AdwCleaner + Mbam + Hitman pro (on demand scan) should be your best bet.

Have been dealing with it on daily basis as part of my job; damn nasty internet marketing.

PS: Find more info regarding PUPs' removal on bleepingcomputers.com.


----------



## rohitshakti2 (Apr 9, 2015)

Can anyone help here to as it seems to be error generated due to malware (above)

*www.digit.in/forum/networking/190884-getting-very-slow-internet-speed-mtnl-delhi.html


----------



## Lenny (Apr 25, 2015)

Currently using Dr Safety to block those annoying pop ups.


----------

