Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome is slow to start and I'm getting random popups


  • This topic is locked This topic is locked
8 replies to this topic

#1 McZombie

McZombie

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 22 September 2013 - 01:00 PM

The other day a random website popped up javasafeupdate.com and wanted me to "update my Java"..  It didn't look trust worthy so I tried to close out, but it wouldn't let me.  Eventually I had to end task on Chrome.  For the next couple of days I kept getting popups from several different websites including Vube.com and a few others.  I have Malwarebytes Pro installed, but it's not finding anything.  I installed HiJack this which found a few things, but I'm still having an issue with Chrome.  When it opens it takes longer to go to my homepage (google.com).  Also, before I opened this thread I opened Chrome and javasafeupdate.com opened again.  I've been using bleepingcomputers for years and I'll admit I already ran a few of the tools in hopes of resolving this issue on my own.  I'll NOT run anything else until directed.  Thanks..

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16688  BrowserJavaVersion: 10.40.2
Run by Ken at 12:47:32 on 2013-09-22
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.10029.7984 [GMT -5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\atieclxx.exe
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\dashost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhostex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\Explorer.EXE
C:\Program Files\IDT\WDM\Beats64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uSearch Bar = Preserve
uProxyOverride = <-loopback>;<local>
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
uRun: [Akamai NetSession Interface] "C:\Users\Ken\AppData\Local\Akamai\netsession_win.exe"
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [BtTray] "c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
mRun: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [SpeetItUpFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxp://outsideapps.us.dell.com/InternalSite/WhlCompMgr.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{70FFF1D8-B4C9-41E2-BB0F-10C137579098} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C4CB268F-1D52-4297-A74C-69A093BD1BD2} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2012-9-21 92536]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-9-21 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-7-5 239616]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-15 85504]
R2 HPConnectedRemote;HP Connected Remote Service;C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [2012-8-29 35232]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-27 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-27 701512]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-9-20 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-9-20 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-9-20 171928]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2013-3-22 169200]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\Drivers\AtihdW86.sys [2012-7-3 98472]
R3 BtAudioBusSrv;IVT Bluetooth Audio Bus Service;C:\windows\System32\Drivers\BtAudioBus.sys [2012-6-15 23136]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;C:\windows\System32\Drivers\BtL2caScoIf.sys [2012-7-19 56904]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;C:\windows\System32\Drivers\IvtUrbBtFlt.sys [2012-7-11 48352]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2012-11-27 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\System32\Drivers\netr28x.sys [2013-4-15 2482960]
R3 rtbth;RTBTH Bluetooth Device Driver;C:\windows\System32\Drivers\rtbth.sys [2012-7-27 693856]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-6-20 683664]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\Drivers\usbfilter.sys [2012-7-16 57000]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-8-7 49152]
S3 DMService;Microsoft Forefront UAG Endpoint Component Manager;C:\Windows\DOWNLO~1\DMService.exe [2013-3-22 517360]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WSDScan;WSD Scan Support;C:\windows\System32\Drivers\WSDScan.sys [2012-11-27 23552]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== File Associations ===============
.
FileExt: .scr: DWGTrueViewScriptFile=C:\windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-09-22 17:26:18 -------- d-----w- C:\ProgramData\Oracle
2013-09-22 17:25:34 790440 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-09-22 17:25:33 868264 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-09-22 17:25:31 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-22 16:05:46 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8426FD7F-F91C-40DD-8A6D-61B26456550E}\mpengine.dll
2013-09-22 07:24:34 -------- d-----w- C:\Program Files (x86)\ESET
2013-09-22 07:15:54 -------- d-----w- C:\AdwCleaner
2013-09-21 19:00:32 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-09-21 00:55:08 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-09-21 00:55:02 17272 ----a-w- C:\windows\System32\sdnclean64.exe
2013-09-21 00:54:52 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-20 02:21:42 144896 ----a-w- C:\windows\System32\tssdisai.dll
2013-09-19 03:14:39 -------- d-----w- C:\Program Files\iPod
2013-09-19 03:14:38 -------- d-----w- C:\Program Files\iTunes
2013-09-19 03:14:38 -------- d-----w- C:\Program Files (x86)\iTunes
2013-09-13 03:31:54 265392 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin
2013-09-11 03:30:17 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-09-11 03:30:17 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-09-11 03:30:17 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-09-11 03:30:17 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-09-11 03:30:17 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-09-11 02:16:32 965008 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80400078-F0B0-4DC7-A5B5-635CF26BD68F}\gapaengine.dll
2013-09-10 01:22:35 -------- d-----w- C:\Users\Ken\AppData\Local\{0EF6B0C9-AE92-4C43-9490-78C049C931AB}
2013-09-09 13:22:29 -------- d-----w- C:\Users\Ken\AppData\Local\{2BE75FDE-FBE6-4ACF-A6E6-63CFCBC7AE75}
2013-09-09 01:22:23 -------- d-----w- C:\Users\Ken\AppData\Local\{9EE23E7C-0844-479B-9E3C-33564B3E38E3}
2013-09-09 01:22:23 -------- d-----w- C:\Users\Ken\AppData\Local\{1F935ED4-1061-44F5-BAC4-9BF012204B1F}
.
==================== Find3M  ====================
.
2013-09-05 20:09:17 78296 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 20:09:17 694232 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-08-21 04:12:06 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-08-21 04:11:59 915968 ----a-w- C:\windows\System32\uxtheme.dll
2013-08-21 04:11:59 53760 ----a-w- C:\windows\System32\UXInit.dll
2013-08-21 04:11:07 3959296 ----a-w- C:\windows\System32\jscript9.dll
2013-08-21 04:11:04 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-08-21 04:11:04 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-08-21 02:34:51 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-08-21 02:06:11 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-08-21 02:06:06 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2013-08-21 02:05:28 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-08-21 02:05:25 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-08-21 02:05:25 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-08-21 01:43:54 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-08-20 23:52:56 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2013-08-16 05:41:13 58200 ----a-w- C:\windows\System32\drivers\dam.sys
2013-08-16 05:39:26 2371728 ----a-w- C:\windows\System32\WSService.dll
2013-08-16 05:32:48 209200 ----a-w- C:\windows\System32\NotificationUI.exe
2013-08-16 05:22:22 40448 ----a-w- C:\windows\System32\wuapp.exe
2013-08-16 05:22:11 4917760 ----a-w- C:\windows\System32\sppsvc.exe
2013-08-16 05:20:30 105984 ----a-w- C:\windows\System32\WinSetupUI.dll
2013-08-15 22:43:21 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-08-15 22:43:07 84992 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-08-15 22:43:07 126976 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-08-15 22:43:03 562688 ----a-w- C:\windows\SysWow64\WSShared.dll
2013-08-15 22:43:03 159232 ----a-w- C:\windows\SysWow64\WSSync.dll
2013-08-15 22:43:02 83968 ----a-w- C:\windows\SysWow64\OEMLicense.dll
2013-08-15 22:43:02 167424 ----a-w- C:\windows\SysWow64\WSClient.dll
2013-08-15 22:43:02 143872 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52 76800 ----a-w- C:\windows\SysWow64\setupcln.dll
2013-08-15 22:42:47 91648 ----a-w- C:\windows\SysWow64\sppc.dll
2013-08-03 04:30:14 4038144 ----a-w- C:\windows\System32\win32k.sys
2013-07-13 06:18:21 337408 ----a-w- C:\windows\System32\wintrust.dll
2013-07-13 06:16:06 68096 ----a-w- C:\windows\System32\cryptsvc.dll
2013-07-13 06:16:06 1889280 ----a-w- C:\windows\System32\crypt32.dll
2013-07-13 06:15:53 98304 ----a-w- C:\windows\System32\apprepsync.dll
2013-07-13 06:15:53 124416 ----a-w- C:\windows\System32\apprepapi.dll
2013-07-13 04:24:58 261120 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-07-13 04:23:11 1568256 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-07-13 04:23:03 87040 ----a-w- C:\windows\SysWow64\apprepapi.dll
2013-07-13 04:23:03 74240 ----a-w- C:\windows\SysWow64\apprepsync.dll
2013-07-09 08:04:07 120144 ----a-w- C:\windows\System32\drivers\msgpioclx.sys
2013-07-09 06:18:21 439488 ----a-w- C:\windows\System32\WerFault.exe
2013-07-09 06:07:17 2233168 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-07-09 04:25:45 385768 ----a-w- C:\windows\SysWow64\WerFault.exe
2013-07-09 03:57:19 245760 ----a-w- C:\windows\SysWow64\LocationApi.dll
2013-07-08 22:46:00 543744 ----a-w- C:\windows\System32\wwanmm.dll
2013-07-08 22:46:00 414208 ----a-w- C:\windows\System32\wwanconn.dll
2013-07-08 22:46:00 370688 ----a-w- C:\windows\System32\Wwanadvui.dll
2013-07-08 22:45:16 312832 ----a-w- C:\windows\System32\LocationApi.dll
2013-07-06 00:16:17 1025024 ----a-w- C:\windows\System32\localspl.dll
2013-07-03 00:23:43 391168 ----a-w- C:\windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:23:12 778752 ----a-w- C:\windows\System32\oleaut32.dll
2013-07-03 00:22:26 1300480 ----a-w- C:\windows\System32\gdi32.dll
2013-07-03 00:11:23 268800 ----a-w- C:\windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:11:02 551424 ----a-w- C:\windows\SysWow64\oleaut32.dll
2013-07-02 00:44:14 36288 ----a-w- C:\windows\System32\drivers\WdBoot.sys
2013-07-01 22:08:49 247216 ----a-w- C:\windows\System32\drivers\WdFilter.sys
2013-06-30 22:30:14 67072 ----a-w- C:\windows\SysWow64\openfiles.exe
2013-06-30 22:29:22 77312 ----a-w- C:\windows\System32\openfiles.exe
2013-06-29 06:15:54 195416 ----a-w- C:\windows\System32\drivers\sdbus.sys
2013-06-29 06:15:47 125784 ----a-w- C:\windows\System32\drivers\dumpsd.sys
2013-06-29 05:43:16 327512 ----a-w- C:\windows\System32\drivers\Classpnp.sys
2013-06-29 01:12:01 1022464 ----a-w- C:\windows\SysWow64\gdi32.dll
2013-06-26 03:01:38 321536 ----a-w- C:\windows\System32\drivers\udfs.sys
2013-06-26 02:59:34 341504 ----a-w- C:\windows\System32\drivers\HdAudio.sys
2013-06-24 22:54:52 447488 ----a-w- C:\windows\System32\wwansvc.dll
2013-06-24 22:54:45 74240 ----a-w- C:\windows\System32\wcmcsp.dll
2013-06-24 22:54:45 263680 ----a-w- C:\windows\System32\wcmsvc.dll
.
============= FINISH: 12:47:52.97 ===============
 

 

 



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:38 AM

Posted 22 September 2013 - 02:34 PM

Good evening. :)

When you ran DDS it should have created a second log, Attach.txt - will you post the contents in your next reply.


So long, and thanks for all the fish.

 

 


#3 McZombie

McZombie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 22 September 2013 - 02:39 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 11/26/2012 3:02:16 PM
System Uptime: 9/22/2013 2:25:59 AM (10 hours ago)
.
Motherboard: Gigabyte |  | 2AC8
Processor: AMD FX™-6120 Six-Core Processor              | CPU 1 | 3500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 910 GiB total, 249.844 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 2.412 GiB free.
E: is Removable
F: is CDROM (UDF)
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP52: 9/3/2013 11:34:41 PM - Scheduled Checkpoint
RP53: 9/10/2013 10:29:38 PM - Installed QuickTime
RP54: 9/18/2013 8:52:39 PM - Removed Apple Software Update
RP55: 9/22/2013 1:07:23 AM - Removed Apple Mobile Device Support
.
==== Installed Programs ======================
.
3DMark05
4 Elements II
7-Zip 9.20 (x64 edition)
Adobe AIR
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARMA 2
ARMA 2: Operation Arrowhead
Bejeweled 3
Bonjour
Build-a-lot 4 - Power Source
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Desktop
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
CyberLink LabelPrint
CyberLink Media Suite 10
CyberLink PhotoDirector
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD
D3DX10
DWG TrueView 2013
Farm Frenzy
FATE: The Cursed King
Final Drive Fury
FlatOut 2
Futuremark SystemInfo
Google Chrome
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.0.0
Hoyle Card Games
HP Connected Backup
HP Connected Music (Meridian - installer)
HP Connected Remote
HP Customer Experience Enhancements
HP Games
HP MyRoom
HP Postscript Converter
HP Registration Service
HP Support Assistant
HP Support Information
HydraVision
IDT Audio
iTunes
Java 7 Update 10 (64-bit)
Java 7 Update 40
Java Auto Updater
Java SE Development Kit 7 Update 10 (64-bit)
Jewel Match 3
John Deere Drive Green
LIMBO
Luxor Evolved
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Forefront UAG endpoint components v4.0.0
Microsoft Office
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mortimer Beckett and the Crimson Thief Premium Edition
MSVCRT
Mystery P.I. - Curious Case of Counterfeit Cove
Peggle Nights
Penguins!
Play withSIX
Polar Bowler
Polar Golfer
QuickTime
Ralink Bluetooth Stack64
Ralink RT3290 802.11bgn Wi-Fi Adapter
Recovery Manager
Roads of Rome 3
Six Updater
Spybot - Search & Destroy
Steam
Tales of Lagoona
Unity Web Player
Update Installer for WildTangent Games App
Vacation Quest™ - Australia
VBA (2627.01)
Ventrilo Client for Windows x64
VLC media player 2.0.4
Vuze
WildTangent Games
WildTangent Games App
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
9/22/2013 9:46:21 AM, Error: Schannel [36870]  - A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001.
9/22/2013 12:11:46 PM, Error: Microsoft-Windows-Kernel-Power [137]  - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.
9/19/2013 5:16:51 AM, Error: Service Control Manager [7034]  - The Autodesk Moldflow Inventor Tool Suite Integration 2013 Job Manager service terminated unexpectedly.  It has done this 1 time(s).
9/17/2013 7:31:35 PM, Error: Service Control Manager [7031]  - The HP Connected Remote Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
.
==== End Of File ===========================


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:38 AM

Posted 22 September 2013 - 04:45 PM

Good evening. :)

Can you tell me what anti-virus program you are using?


So long, and thanks for all the fish.

 

 


#5 McZombie

McZombie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 22 September 2013 - 05:21 PM

I don't have anything other than Malwarebytes Pro



#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:38 AM

Posted 23 September 2013 - 02:33 PM

Good evening. :)

My bad, on Windows 8 Windows Defender is both anti-spyware and anti-virus rolled into one. Do you have any other browsers installed and if so, do they have the same issue?


Edited by Noviciate, 23 September 2013 - 02:33 PM.

So long, and thanks for all the fish.

 

 


#7 McZombie

McZombie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 23 September 2013 - 05:39 PM

Windows comes prepacked with IE, but I rarely use it.  I just now opened it several times and it's opening very quickly.  Chrome, on the other hand, takes a moment.  There is definitely something going on there.  Chrome was always much faster than IE.  I haven't seen the vube.com poppups lately, but the  javasafeupdate.com page popped up right before I started this thread.  The javasafeupdate page is  a very large pop up that wants me to download a newer version of java, which I don't do.  I have to End Task on Chrome to get it to go away.



#8 McZombie

McZombie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:38 PM

Posted 23 September 2013 - 08:09 PM

After testing I found javasafeupdate.com was a malicious popup from a website I went to.  I can recreate the popup by going to that site.  The tools I ran before cleaned up the vube.com pop ups, so I guess the only issue left is Chrome opening slower than usual.  I guess I'm not 100% sure it's a real issue, so I'll wait to see if any of these tools find anything later.

 

You can close this thread & thanks for your time..



#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:03:38 AM

Posted 24 September 2013 - 01:44 PM

Good evening :).

 

Thanks for letting me know.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users