Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Renewed Flash update popup and browser service denial


  • This topic is locked This topic is locked
5 replies to this topic

#1 heathcroft

heathcroft

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:42 AM

Posted 28 June 2014 - 04:24 AM

About 15 weeks ago I found that I had the Flash pop-up update malware and redirect in my computer.

I got help from a local firm whose specialist came and spent more than 2 hours trying to clean the machine. He used several of the programs available on the BC site, including ComboFix. It seemed that he was successful at the time.

More recently, after being away for 3 weeks, I find that browsing is still badly affected by this same malware/virus.

I have a home network with TP-Link 8817 ADSL2+ modem router connected through an Ethernet link to another TP-Link Wireless N Router (to provide WiFi for a tablet) which is in turn connected through TP powerline adaptors to the computer. The tablet also appears to be somewhat affected by the browser infection. I wonder if the routers could be infected in some way.

While reading the BC website in Chrome popups occur that I can delete.

Are you able to help me solve my problem?

 

If I try the following in my default Mozilla Firefox browser

 

https://login.yahoo.com/config/mail?&.src=ym&.intl=uk

 

I get the following alert:

 

Secure Connection Failed

 

An error occurred during a connection to login.yahoo.com. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)

 

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

    Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.

 

 

If I put it into Chrome I get the message:

SSL connection error

Less

Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.

Error code: ERR_SSL_PROTOCOL_ERROR

 

-----------------------------------

 

In Internet Explorer (medium –high security setting) I immediately get the boxed warning message:

 

Your Flash Player may be out of date. Please update to continue

 

On closing the box it switches to:

 

Home / Downloads / Flash Player Pro /

Update Your Flash Player

Please Update Your Flash Player(RECOMMENDED)

  • Download any Movie, Video, TV shows From Any Website
  • Watch any Video in Full 1080i HD
  • Faster Playback and Streaming in Firefox, Chrome and Internet Explorer
  • Total Privacy - Prevent Others From Tracking What You are Watching

InstallRemind me later

Flash Player Pro is distributing custom installers which are different from the originally available distribution. These new installers comply with the original software manufacturers' policies and terms & conditions. Optimum Installer is an install manager, which manages the installation of your chosen software. In addition to managing your download and installation, Optimum Installer will offer free popular software that you may be interested in. Additional software may include toolbars, browser add-ons, game applications, anti-virus applications, and other types of applications. You are not required to install any additional software to complete your installation of your selected software. You can always completely remove the programs at any time in Windows' Add/Remove Programs.

Privacy Policy  l  Terms & Conditions  l  Unistall  l  Contact Us

 

---------------------------------------------------

I then have to close the browser.

All of which I know is part of this malware/ virus.

 

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 PM

Posted 03 July 2014 - 04:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/539279 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 heathcroft

heathcroft
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:42 AM

Posted 03 July 2014 - 08:56 AM

Thanks for responding. I do have a Medion recovery disc that came with my computer.

I am pasting in the DDS.text and Attach.text. I hope to hear further from you.

  

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17126
Run by Malcolm at 14:16:57 on 2014-07-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2871.1892 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Malcolm\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [EasyTether] "c:\program files\mobile stream\easytether\easytthr.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [btbb_McciTrayApp] "c:\program files\plusnet assist\btbb\PlusnetHelpNotifier.exe"
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
StartupFolder: c:\users\malcolm\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\malcolm\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{6821715A-3D95-4E42-8492-FE11F9FF24F1} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{F4157173-9C92-4186-AF0A-4A9086130851} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\malcolm\appdata\roaming\mozilla\firefox\profiles\1onf3yjc.default-1404222773998\
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_125.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\drivers\aswNdisFlt.sys [2014-6-30 270752]
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-8-18 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-8-18 192352]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-6-30 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2013-8-18 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-8-18 414392]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-4 37664]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-27 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-8-18 67824]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-1-2 71944]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-6-30 50344]
R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2014-6-30 106488]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\foxit software\foxit reader\foxit cloud\FCUpdateService.exe [2014-5-7 241728]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-2-17 13336]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2014-6-30 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2014-6-30 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2014-6-30 171416]
R3 easytether;easytether;c:\windows\system32\drivers\easytthr.sys [2014-5-11 18248]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-2-17 209920]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-2-17 2314240]
S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.5.0\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\15.5.0\ToolbarUpdater.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-6-21 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-3-21 14848]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-2-6 597536]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2012-1-26 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2012-1-26 12672]
S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [2012-1-26 32000]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-3-21 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-2-2 1343400]
.
=============== File Associations ===============
.
FileExt: .txt: textfile="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-07-01 14:03:52 -------- d-----w- C:\AdwCleaner
2014-07-01 13:14:08 8140904 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7560fc02-91e3-4508-b90f-8d18e718b41e}\mpengine.dll
2014-06-30 20:41:41 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-06-30 15:29:57 26136 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-06-30 15:29:52 43152 ----a-w- c:\windows\avastSS.scr
2014-06-30 15:29:34 270752 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-06-27 11:39:16 -------- d-----w- c:\users\malcolm\appdata\local\CrashDumps
2014-06-26 18:00:39 35152 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-06-26 18:00:37 -------- d-----w- c:\programdata\RogueKiller
2014-06-24 08:02:41 -------- d-----w- c:\users\malcolm\appdata\local\Skype
2014-06-24 08:02:31 -------- d-----r- c:\program files\Skype
2014-06-21 05:01:32 626688 ----a-w- c:\windows\system32\usp10.dll
2014-06-20 21:45:08 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-06-20 21:45:08 1389056 ----a-w- c:\windows\system32\msxml6.dll
2014-06-20 21:45:08 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-06-20 21:45:07 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-06-20 21:44:45 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-20 21:44:45 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-20 21:44:37 391680 ----a-w- c:\windows\system32\aepdu.dll
2014-06-20 21:44:36 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-06-20 21:26:12 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
2014-06-20 21:26:12 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
.
==================== Find3M  ====================
.
2014-07-02 11:26:07 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-02 09:01:23 60 ----a-w- c:\windows\wpd99.drv
2014-06-30 15:29:53 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-06-30 15:29:53 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-06-30 15:29:53 71944 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-06-30 15:29:53 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-06-30 15:29:53 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-06-30 15:29:53 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-06-30 15:29:53 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-06-21 09:50:39 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-21 09:50:39 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-30 09:02:39 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-30 09:02:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-05-30 08:44:28 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-05-30 08:43:06 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-05-30 08:42:16 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-05-30 08:28:33 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-05-30 08:28:30 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-05-30 08:27:56 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-05-30 08:21:36 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-05-30 08:10:46 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 07:56:50 4244992 ----a-w- c:\windows\system32\jscript9.dll
2014-05-30 07:50:09 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-05-30 07:49:38 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-05-30 07:21:10 1790976 ----a-w- c:\windows\system32\wininet.dll
2014-05-12 06:26:08 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 06:25:58 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 06:25:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-27 12:06:40 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1400156867529
2014-04-27 12:06:40 411552 ----a-w- c:\windows\system32\drivers\aswsp.sys.1400156867529
2014-04-12 02:15:13 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15:13 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12:09 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12:09 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12:06 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11:58 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11:22 22528 ----a-w- c:\windows\system32\lsass.exe
2014-04-10 07:49:40 18248 ----a-w- c:\windows\system32\drivers\easytthr.sys
2014-02-06 09:00:08 50063360 ----a-w- c:\program files\GUTB1C2.tmp
2014-01-03 09:00:31 50063360 ----a-w- c:\program files\GUTE4F2.tmp
2012-07-12 13:24:57 6524 ----a-w- c:\program files\F32I.BIN
2012-07-09 13:29:42 72748 ----a-w- c:\program files\unins000.exe
2004-11-21 00:50:02 172032 ----a-w- c:\program files\bbwdll10.dll
2004-11-20 00:19:02 1248768 ----a-w- c:\program files\gp4.dll
2004-11-11 16:42:06 933989 ----a-w- c:\program files\bbhf_dynamic2.dll
2004-06-07 11:18:28 170496 ----a-w- c:\program files\bbwdll9.dll
2003-11-22 15:59:58 880740 ----a-w- c:\program files\BBHF_Dynamic.dll
2003-07-21 14:18:20 527360 ----a-w- c:\program files\gp3.dll
2003-02-10 22:12:54 729600 ----a-w- c:\program files\g32.exe
2002-11-27 13:15:04 717824 ----a-w- c:\program files\f32.exe
2002-11-05 22:50:10 468992 ----a-w- c:\program files\MIDIConv.exe
2002-10-25 03:39:50 516096 ----a-w- c:\program files\CDWriterXP.ocx
2001-11-21 14:27:44 2108928 ----a-w- c:\program files\$Drums.exe
2001-05-03 15:45:10 399872 ----a-w- c:\program files\TitleGen.exe
2000-11-18 23:41:28 355584 ----a-w- c:\program files\XBMPCONV.EXE
2000-10-27 12:44:36 696238 ----a-w- c:\program files\CHORDSUB.BIN
1999-11-24 14:52:12 36864 ----a-w- c:\program files\opsndvol.exe
1999-08-13 04:20:00 317952 ----a-w- c:\program files\Roboex32.dll
1999-06-23 12:11:16 462080 ----a-w- c:\program files\$Aweedit.exe
1999-01-17 16:18:22 619008 ----a-w- c:\program files\Listed.exe
1996-11-14 06:42:48 356928 ----a-w- c:\program files\SKY16V3C.DLL
.
============= FINISH: 14:18:07.90 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 26/01/2012 14:11:52
System Uptime: 03/07/2014 07:53:20 (7 hours ago)
.
Motherboard: MEDIONPC |  | MS-7616
Processor: Intel® Core™ i3 CPU         530  @ 2.93GHz | CPU 1 | 1466/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 277 GiB total, 204.462 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 12.582 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VirtualBox Host-Only Ethernet Adapter
Device ID: ROOT\NET\0000
Manufacturer: Oracle Corporation
Name: VirtualBox Host-Only Ethernet Adapter
PNP Device ID: ROOT\NET\0000
Service: VBoxNetAdp
.
==== System Restore Points ===================
.
RP277: 13/05/2014 10:08:20 - Windows Update
RP278: 14/05/2014 09:02:19 - Windows Update
RP279: 21/05/2014 08:02:36 - Windows Update
RP280: 23/05/2014 10:58:31 - Windows Backup
RP281: 20/06/2014 22:29:52 - Windows Update
RP282: 20/06/2014 22:47:05 - Windows Update
RP283: 21/06/2014 06:01:49 - Windows Update
RP284: 24/06/2014 09:00:12 - Windows Update
RP285: 27/06/2014 09:39:59 - Windows Update
RP286: 27/06/2014 21:28:17 - Removed SlimCleaner
RP287: 27/06/2014 21:28:55 - Removed SlimComputer
RP289: 30/06/2014 16:22:59 - avast! antivirus system restore point
RP290: 30/06/2014 16:30:08 - Device Driver Package Install: Avast Network Service
RP291: 01/07/2014 14:13:30 - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 14 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV and Media Player 3.1.1.12
Audacity 2.0.5
avast! Internet Security
Avid License Control
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDVD Copy
DC-Bass Source 1.3.0
DivX Setup
Dropbox
EasyTether
Families Sync
ffdshow v1.1.4399 [2012-03-22]
Finale 2003
Finale 2008
Foxit Cloud
Foxit Reader
FreeFileSync 6.1
Garmin Communicator Plugin
Garmin USB Drivers
GedStar Pro V4.4.3
Google Chrome
Google Update Helper
Haali Media Splitter
HP Deskjet 2050 J510 series Basic Device Software
HP Deskjet 2050 J510 series Help
HP Deskjet 2050 J510 series Product Improvement Study
HP Update
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® TV Wizard
Junk Mail filter update
Legacy 8.0
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Live Add-in 1.5
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mozilla Firefox 30.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.6.0 (x86 en-GB)
MSVCRT
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MuseScore 1.1 MuseScore score typesetter
Native Instruments Sibelius Player
OpenOffice 4.0.0
OpenSource Flash Video Splitter 1.0.0.5
Oracle VM VirtualBox 4.1.12
Paint Shop Pro 7
Pdf995
PG Music DirectX Plugins 1.3.4.1
Picasa 3
Plusnet Assist
Polaroid Dust and Scratch Removal v1.0.0.15.2e
Readiris Pro 8
RealDrums Video
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Safe Backup 2.4
Scratch
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Sibelius 7 OpenType Fonts
Sibelius 7.1.2.46
Skype™ 6.16
Spybot - Search & Destroy
System Requirements Lab for Intel
Transcribe! 8.10
VC80CRTRedist - 8.0.50727.6195
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
xplorer² lite 32 bit
YTD Video Downloader 4.8.1
.
==== Event Viewer Messages From Past Week ========
.
30/06/2014 13:51:47, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology service to connect.
30/06/2014 13:51:47, Error: Service Control Manager [7000]  - The Intel® Rapid Storage Technology service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
28/06/2014 21:02:30, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
27/06/2014 12:33:52, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
27/06/2014 12:30:45, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
27/06/2014 12:30:44, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
27/06/2014 12:30:44, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
27/06/2014 12:30:39, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
27/06/2014 12:30:32, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
27/06/2014 12:30:31, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswRvrt aswSnx aswSP aswVmm discache spldr VBoxDrv VBoxUSBMon Wanarpv6
26/06/2014 11:37:35, Error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
03/07/2014 07:56:41, Error: Service Control Manager [7001]  - The Intel® Management & Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
03/07/2014 07:53:59, Error: Service Control Manager [7000]  - The vToolbarUpdater15.5.0 service failed to start due to the following error:  The system cannot find the file specified.
02/07/2014 12:04:53, Error: Schannel [36888]  - The following fatal alert was generated: 10. The internal error state is 10.
01/07/2014 15:11:17, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
01/07/2014 07:36:37, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.
01/07/2014 07:36:37, Error: Service Control Manager [7000]  - The Spybot-S&D 2 Updating Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
01/07/2014 07:36:00, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
01/07/2014 07:36:00, Error: Service Control Manager [7000]  - The Spybot-S&D 2 Scanner Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 


#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 PM

Posted 08 July 2014 - 04:30 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,980 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:42 AM

Posted 09 July 2014 - 10:13 AM

Hi, I have reopened this topic for you. Lets start with an adware scan.

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • When the scan is done click on Report, a logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,980 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:42 AM

Posted 11 July 2014 - 08:15 AM

This topic has been closed as requested. If you need it reopened, please send me a PM.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users