Browser constantly opens Outlook.com and Mail

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by mcfmullen, Dec 7, 2013.

  1. mcfmullen

    mcfmullen Private E-2

    I have a brand new PC running Windows 8 and I have two very annoying problems that make my PC unusable.

    1) In desktop mode, my default browser constantly opens Outlook.com with an error page saying the request url cannot be found. This happens no matter what browser is my default. Originally, this occurred in IE but after installing Chrome as my default browser in hopes this was a problem unique to IE, I can confirm this problem persists, now opening Chrome to fetch Outlook.com. Every so many seconds, a new tab opens trying to open that same page. This happens non-stop, even if I have no other programs running.

    2) In tablet mode, the Mail app constantly opens, asking me to log into my windows live account. This happens every so many seconds as well, regardless of whether I have running apps or not.

    I have run virus scans, spyware bots, and anything else I can think of and NOTHING has been found.

    Advice strongly needed. Thank you.

    Malware Bytes Log
    Code:
    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org
    Database version: v2013.11.30.04
    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.16736
    Jonathan :: FAMIGAMI [administrator]
    11/30/2013 10:11:12 PM
    mbam-log-2013-11-30 (22-11-12).txt
    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 349160
    Time elapsed: 24 minute(s), 43 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
    DDS log
    Code:
    DDS (Ver_2012-11-20.01) - NTFS_AMD64 
    Internet Explorer: 10.0.9200.16537
    Run by Jonathan at 23:05:23 on 2013-11-30
    Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.8157.6934 [GMT -8:00]
    .
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\dwm.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    D:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Windows\system32\dashost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wbem\wmiprvse.exe
    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    C:\Windows\system32\taskhostex.exe
    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    D:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe
    uRun: [Steam] "D:\Program Files (x86)\Steam\Steam.exe" -silent
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223}
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
       If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 208.122.23.22 208.122.23.23 184.106.242.193 192.168.1.1
    TCP: Interfaces\{74D96DAC-6FC9-4B48-AFAD-8537AA017AC9} : DHCPNameServer = 208.122.23.22 208.122.23.23 184.106.242.193 192.168.1.1
    SSODL: WebCheck - <orphaned>
    .
    INFO: x64-HKLM has more than 50 listed domains.
       If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1    www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2013-4-23 98744]
    R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
    R3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\Drivers\UsbFltr.sys [2007-4-9 12288]
    S3 amdkmafd;AMD Audio Bus Lower Filter;C:\Windows\System32\Drivers\amdkmafd.sys [2012-9-22 21160]
    S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
    .
    =============== Created Last 30 ================
    .
    2013-12-01 06:57:43 --------    d-----w-    C:\Users\Jonathan\AppData\Local\Apple
    2013-12-01 06:54:38 --------    d-----w-    C:\Users\Jonathan\AppData\Local\ElevatedDiagnostics
    2013-12-01 06:42:19 10285968    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D45A4A81-ACE3-4070-A30B-171153B90102}\mpengine.dll
    2013-12-01 06:10:08 --------    d-----w-    C:\Users\Jonathan\AppData\Roaming\Malwarebytes
    2013-12-01 06:10:03 --------    d-----w-    C:\ProgramData\Malwarebytes
    2013-12-01 06:10:02 25928   ----a-w-    C:\Windows\System32\drivers\mbam.sys
    2013-12-01 06:10:02 --------    d-----w-    D:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-12-01 06:09:32 --------    d-----w-    C:\Users\Jonathan\AppData\Local\Programs
    2013-12-01 05:58:12 --------    d-----w-    D:\Program Files (x86)\TeaTimer (Spybot - Search & Destroy)
    2013-12-01 05:58:12 --------    d-----w-    D:\Program Files (x86)\SDHelper (Spybot - Search & Destroy)
    2013-12-01 05:58:12 --------    d-----w-    D:\Program Files (x86)\Misc. Support Library (Spybot - Search & Destroy)
    2013-12-01 05:58:12 --------    d-----w-    D:\Program Files (x86)\File Scanner Library (Spybot - Search & Destroy)
    2013-12-01 05:58:12 --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
    2013-11-30 05:21:41 10285968    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2013-11-14 16:03:23 257536  ----a-w-    D:\Program Files (x86)\Internet Explorer\ieproxy.dll
    .
    ==================== Find3M  ====================
    .
    2013-11-19 10:21:41 267936  ------w-    C:\Windows\System32\MpSigStub.exe
    2013-11-05 22:58:57 78296   ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-11-05 22:58:57 694232  ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-10-12 08:45:20 2241536 ----a-w-    C:\Windows\System32\wininet.dll
    2013-10-12 08:43:37 3959808 ----a-w-    C:\Windows\System32\jscript9.dll
    2013-10-12 07:03:50 1767936 ----a-w-    C:\Windows\SysWow64\wininet.dll
    2013-10-12 07:02:33 2877952 ----a-w-    C:\Windows\SysWow64\jscript9.dll
    2013-10-10 11:53:35 96600   ----a-w-    C:\Windows\System32\drivers\wfplwfs.sys
    2013-10-10 09:21:20 1160192 ----a-w-    C:\Windows\System32\IKEEXT.DLL
    2013-10-10 09:20:43 723968  ----a-w-    C:\Windows\System32\BFE.DLL
    2013-10-02 23:25:41 1300992 ----a-w-    C:\Windows\System32\gdi32.dll
    2013-10-01 23:37:57 1569280 ----a-w-    C:\Windows\SysWow64\crypt32.dll
    2013-10-01 23:37:53 2035712 ----a-w-    C:\Windows\SysWow64\authui.dll
    2013-10-01 23:26:49 1890816 ----a-w-    C:\Windows\System32\crypt32.dll
    2013-10-01 23:26:45 2304512 ----a-w-    C:\Windows\System32\authui.dll
    2013-10-01 22:22:19 1022976 ----a-w-    C:\Windows\SysWow64\gdi32.dll
    2013-09-23 22:30:14 419328  ----a-w-    C:\Windows\System32\schannel.dll
    2013-09-23 22:30:03 323072  ----a-w-    C:\Windows\SysWow64\schannel.dll
    2013-09-13 22:36:37 35328   ----a-w-    C:\Windows\SysWow64\wuapp.exe
    2013-09-13 22:36:23 84992   ----a-w-    C:\Windows\SysWow64\wudriver.dll
    2013-09-13 22:36:23 126976  ----a-w-    C:\Windows\SysWow64\wuwebv.dll
    2013-09-13 22:36:14 247296  ----a-w-    C:\Windows\SysWow64\ubpm.dll
    2013-09-13 22:34:14 40448   ----a-w-    C:\Windows\System32\wuapp.exe
    2013-09-13 22:33:55 252928  ----a-w-    C:\Windows\System32\WUSettingsProvider.dll
    2013-09-13 22:33:55 142848  ----a-w-    C:\Windows\System32\wuwebv.dll
    2013-09-13 22:33:54 99328   ----a-w-    C:\Windows\System32\wudriver.dll
    2013-09-13 22:33:54 1622016 ----a-w-    C:\Windows\System32\wucltux.dll
    2013-09-13 22:33:42 328192  ----a-w-    C:\Windows\System32\ubpm.dll
    2013-09-13 22:33:39 175104  ----a-w-    C:\Windows\System32\storewuauth.dll
    2013-09-04 03:11:23 576512  ----a-w-    C:\Windows\System32\drivers\afd.sys
    .
    ============= FINISH: 23:05:28.85 ===============
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please observe the sticky/pinned threads in the forum. In particular, these:

    Forum Rules and Guidelines - Do not post HijackThis logs

    READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker)

    The first informs you about not posting inline logs. Code boxes are still inline logs and we want attachments. The second link is the proper procedure to follow in order to get help related to malware problems.

    All that being said, I don't think your problems are malware related, but the only way to know for sure is if you run the READ & RUN ME FIRST and attach the requested logs.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds