URL Malware / svchost.exe

Viruses and worms
1

Hello everyone,

My avast keeps giving me the message :

Object : http://skegnessasc.org/accounts/stylesheets.css
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe
(added a jpg)

I have run SEVERAL anti malware softwares and non can find the culprit.
This even happens when I am not using a browser and I am just on the desktop.

Malwarebytes Anti-Malware
Search & Destroy
Hitman Pro
Rogue Killer
Adware Cleaner

(an no not all at the same time one by one)

I can’t add the aswMBR log as it keeps crashing when it reaches C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.

Any help would very much be appreciated

2

Possibly fixed it myself with ComboFix

Have not gotten a message since I have ran it

3

Please post new Farbar logs and let us have a look.

4

hey also attach the logs from combofix. combofix should not be run without an expert instruction it can make your computer unbootable.

5

Here you go!

I normally am able to fix all of my own computer problems but seeing as this was a very stealthy bug i decided to get some help but then fixed it right after asking it.
I do hope I fixed and if so that these can help someone else in case they get the same problem!

6

I see several things that still need to be fixed.

Did you set/use a proxy server?

7

Not using any proxies

did use VPN for a while but secureline is currently uninstalled

uhh… Hamachi is installed and I recently uninstalled Tunngle if that helps

8

Combofix clears the BIT’s job the same as I would do and that is where the adware resides

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1776179238-3159533700-1341010490-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION CHR Extension: (No Name) - C:\Users\Timmeh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-13] CHR Extension: (No Name) - C:\Users\Timmeh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-13] CHR Extension: (No Name) - C:\Users\Timmeh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-13] CHR Extension: (No Name) - C:\Users\Timmeh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-13] CHR Extension: (No Name) - C:\Users\Timmeh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-13] CHR Extension: (No Name) - C:\Users\Timmeh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-13] CHR Extension: (No Name) - C:\Users\Timmeh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-13] EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.