"Unusual traffic from your computer network" - Google Chrome

[shelf life]

ok thanks for the info. Still not convinced this is a malware issue but we will move on to combofix and see if it digs up anything and then go from there and start removing installed google products.

There is a short guide and download link here:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

read through the guide and apply the directions on your own machine. Post the combofix log.

A question; does the message just popup randomly while your using Chrome to browse. Do you notice a pattern or anything?

 

[Davis7387]

A question; does the message just popup randomly while your using Chrome to browse. Do you notice a pattern or anything?

The message appears out of nowhere, though it's rarely happening too often right now. There's no pattern that I've noticed as far as I'm aware.

Here is what ComboFix has found:

ComboFix 14-07-29.01 - David 30/07/2014 23:12:49.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4083.1879 [GMT 10:00]
Running from: c:\users\David\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-06-28 to 2014-07-30 )))))))))))))))))))))))))))))))
.
.
2014-07-30 13:24 . 2014-07-30 13:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-07-30 13:24 . 2014-07-30 13:24 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2014-07-30 13:24 . 2014-07-30 13:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-30 02:23 . 2014-07-30 07:58 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AB0DE48-24FE-4A2A-8491-65DB33AFE02F}\offreg.dll
2014-07-30 02:15 . 2014-07-13 18:12 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AB0DE48-24FE-4A2A-8491-65DB33AFE02F}\mpengine.dll
2014-07-29 12:59 . 2014-07-29 13:00 -------- d-----w- c:\users\David\www.apowersoft.com
2014-07-27 07:22 . 2014-07-27 07:26 -------- d-----w- C:\FRST
2014-07-25 10:54 . 2014-07-25 10:58 -------- d-----w- C:\AdwCleaner
2014-07-22 12:56 . 2014-07-22 12:56 -------- d-----w- c:\program files\HitmanPro
2014-07-22 12:55 . 2014-07-22 13:21 -------- d-----w- c:\programdata\HitmanPro
2014-07-22 06:05 . 2014-07-22 06:05 -------- d-----w- c:\windows\Sun
2014-07-22 01:30 . 2014-07-22 01:30 -------- d-----w- c:\program files (x86)\ESET
2014-07-21 04:54 . 2014-07-21 05:08 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-07-20 05:34 . 2010-08-29 22:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-07-20 00:19 . 2014-07-24 06:33 -------- d-----w- c:\windows\ERUNT
2014-07-19 05:13 . 2014-07-19 05:13 -------- d-----w- c:\windows\system32\log
2014-07-16 07:49 . 2014-07-16 07:49 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-07-16 07:49 . 2014-07-10 17:02 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-12 08:03 . 2014-07-12 08:03 5659136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-07-09 14:53 . 2014-05-30 08:08 340992 ----a-w- c:\windows\system32\schannel.dll
2014-07-09 14:53 . 2014-05-30 07:52 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-07-09 14:53 . 2014-05-30 08:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-07-09 14:53 . 2014-05-30 07:52 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-07-09 14:53 . 2014-05-30 08:08 210944 ----a-w- c:\windows\system32\wdigest.dll
2014-07-09 14:53 . 2014-05-30 08:08 314880 ----a-w- c:\windows\system32\msv1_0.dll
2014-07-09 14:53 . 2014-05-30 07:52 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-07-09 14:53 . 2014-05-30 08:08 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-07-09 14:53 . 2014-05-30 08:08 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-07-09 14:53 . 2014-05-30 07:52 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-07-09 14:53 . 2014-05-30 07:52 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-07-09 14:53 . 2014-05-30 07:52 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-07-09 14:52 . 2014-05-30 08:08 22016 ----a-w- c:\windows\system32\credssp.dll
2014-07-09 14:52 . 2014-05-30 07:52 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-07-09 14:48 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 14:48 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-09 14:48 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-07-09 14:34 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-07-09 14:34 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-07-09 14:34 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-07-09 14:34 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 14:34 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 14:34 . 2014-06-30 02:09 519168 ----a-w- c:\windows\system32\aepdu.dll
2014-07-09 14:34 . 2014-06-30 02:04 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-07-09 14:07 . 2014-07-09 14:07 110080 ----a-r- c:\users\David\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconF7A21AF7.exe
2014-07-09 14:07 . 2014-07-09 14:07 110080 ----a-r- c:\users\David\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconD7F16134.exe
2014-07-09 14:07 . 2014-07-09 14:07 110080 ----a-r- c:\users\David\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\Icon1226A4C5.exe
2014-07-09 14:07 . 2014-07-09 14:07 -------- d-----w- C:\sh4ldr
2014-07-09 14:07 . 2014-07-09 14:07 -------- d-----w- c:\program files\Enigma Software Group
2014-07-09 13:55 . 2014-06-18 02:19 1247232 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-07-09 13:55 . 2014-06-18 02:19 503296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-07-09 13:55 . 2014-06-18 01:10 3157504 ----a-w- c:\windows\system32\win32k.sys
2014-07-09 13:55 . 2014-06-18 02:19 449024 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-09 13:55 . 2014-06-18 02:18 224768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2014-07-09 13:55 . 2014-06-18 01:52 348672 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-07-09 13:55 . 2014-06-18 01:51 646144 ----a-w- c:\windows\SysWow64\osk.exe
2014-07-09 13:55 . 2014-06-18 02:18 692736 ----a-w- c:\windows\system32\osk.exe
2014-07-09 13:55 . 2014-06-18 02:19 110592 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-07-09 13:55 . 2014-06-18 01:51 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2014-07-09 13:55 . 2014-06-18 02:17 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2014-07-09 13:48 . 2014-06-06 10:10 624128 ----a-w- c:\windows\system32\qedit.dll
2014-07-09 13:48 . 2014-06-06 09:44 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-07-09 13:48 . 2014-05-30 06:45 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-07-09 12:18 . 2014-07-09 12:18 43152 ----a-w- c:\windows\avastSS.scr
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-30 08:41 . 2014-05-27 06:43 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-12 08:03 . 2012-08-12 04:53 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-12 08:03 . 2011-08-15 19:13 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-10 09:38 . 2012-01-18 13:33 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-09 12:19 . 2014-02-15 03:14 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-09 12:18 . 2014-02-15 03:14 92008 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-07-09 12:18 . 2014-02-15 03:14 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-09 12:18 . 2014-02-15 03:14 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-09 12:18 . 2014-04-29 13:31 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-09 12:18 . 2014-02-15 03:14 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-09 12:18 . 2014-02-15 03:14 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-09 12:18 . 2014-02-15 03:14 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-09 12:18 . 2014-02-15 03:14 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-05-11 21:26 . 2014-05-27 06:42 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-11 21:26 . 2014-05-27 06:42 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-11 21:25 . 2013-01-12 13:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-08 09:32 . 2014-06-12 04:12 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-12 04:12 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-7 324320]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-7-29 4554752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BRDriver64;BRDriver64;c:\programdata\bitraider\BRDriver64.sys;c:\programdata\bitraider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe;c:\xampp\apache\bin\httpd.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [x]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 03:07 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-12 08:03]
.
2014-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-08 15:45]
.
2014-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-08 15:45]
.
2014-07-28 c:\windows\Tasks\HPCeeScheduleForDavid.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-14 17:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 164016 ----a-w- c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-07-22 21720]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mStart Page = about:blank
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\u8pck2fc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-AvastUI.exe - c:\program files\AVAST Software\Avast\AvastUI.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-07-30 23:28:14
ComboFix-quarantined-files.txt 2014-07-30 13:28
.
Pre-Run: 725,026,582,528 bytes free
Post-Run: 724,606,332,928 bytes free
.
- - End Of File - - A4FB3FDFCAE0D79167D8F1F058D1299F
A36C5E4F47E84449FF07ED3517B43A31

 

[shelf life]

ok thanks for the info. Not much there to worried about. Dont see any malware that I recognize. We can work backwards. Looks like you have several chrome add ons installed. Please disable them all then restart chrome and browse around.

https://support.google.com/chrome/answer/187443?hl=en

 

[Davis7387]

Well, I only had three add-ons installed: AdBlock, Block site and Skype. I had disabled all three but the annoying message still appeared.

Maybe I should get to the Google forums to figure out what's going on?

 

[shelf life]

You can try the Goggle forums if you want to.

You dont see this as an extension in chrome?

C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
If not you can navigate to C:\Programs File and delete the entire AVAST folder. May be a leftover only and not in use, looks like you had Avast at one time?

Bring up AVG's interface and try disabling AVG's Online Shield, and or LinkScanner if its installed.

You installed these two: Mysqld.exe (MySQL Server) and httpd.exe (Apache HTTP server file) Both are possible sources of tcp/ip traffic

 

[Davis7387]

Sorry I haven't replied back, I've been ill lately.

I got rid of a few AVAST folders that were left behind, the rest were already quarantined by AdwCleaner awhile ago. I've been using Chrome for two days and haven't gotten that message since. Hopefully that problem is over. Thanks a lot.:bigthumb:

 

[shelf life]

Ok no problem, thanks for the update. To remove the tools we used:

You can remove combofix by clicking on the start "orb" and in the search field type: combofix /uninstall
then click enter. Note the space after the x and before the /
This will remove combofix.

You can delete the FRST icon and associated files. There is also a FRST folder located at your root drive, usually C: that can be deleted. You can also delete the aswmbr icon. Start Adwcleaner and you will see a uninstall button.
I thinks those are all the tools we used.

Some prevention tips in link below. Happy safe surfing "out there."