Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

popup malware that dosent get detected


  • This topic is locked This topic is locked
7 replies to this topic

#1 baljit singh

baljit singh

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 26 July 2014 - 12:32 AM

hello sir,

few days back my computer got infected with some malware due to which i get poups. it also lead to the abnormal functioning of youtube,videos with adds on them wont play because the add stream bar gets hanged in between  and skip ad button wont click. if i click skip ad it would instead pop some unexpected popups.i read through net and scanned my laptop with adwcleaner there were some problems in registry and browser . the registry problem got fixed once i used adwcleaner but the browser one keeps coming back

 

 

-\\ Mozilla Firefox v30.0 (en-US)
 
[ File : C:\Users\Baljit\AppData\Roaming\Mozilla\Firefox\Profiles\ttp73rb8.default\prefs.js ]
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Baljit\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
then i used jrt.exe . it did not show any problem .after that i scanned with malwarebytes and it also showed that everything was ok but i still get popups. so after this i also did windows restore to a previous date but that did'nt solved my problem.
 
any help would be appreciated . thanks in advance
 
 
 
 
 
 


BC AdBot (Login to Remove)

 


m

#2 polskamachina

polskamachina

  • Malware Response Team
  • 3,848 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 PM

Posted 30 July 2014 - 07:32 PM

Hi baljit singh :)
 
Welcome! My name is polskamachina and I will be assisting you with your malware problems. What follows below are some ground rules for this forum.

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 Hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Let's get started:
 
In order to give you the best possible support, we ask that you take a few preliminary steps which are outlined here. All the steps listed are important but step #6 will explain how to download and run the DDS program which will provide us a detailed analysis of your system. In your next reply to me, you will need to copy and paste the two logs that the DDS software will provide at the end of the scan.
 
Let me know if you have any questions.
 
polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#3 baljit singh

baljit singh
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 31 July 2014 - 04:10 AM

hello sir,

few days back my computer got infected with some malware due to which i get poups. it also lead to the abnormal functioning of youtube,videos with adds on them wont play because the add stream bar gets hanged in between  and skip ad button wont click. if i click skip ad it would instead pop some unexpected popups. Two days back i started getting blue screen with message "dumping physical memory to disk" and my laptop would restart. i don't know whether this is also due to malware but i got blue screen 3 times inn continuation

Contents of dds.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7601.17514
Run by Baljit at 14:10:17 on 2014-07-31
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3997.2205 [GMT 5.5:30]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [uTorrent] "C:\Users\Baljit\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F7BDEE8E-22EE-4DDE-A3D4-D8DCC2915657} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F7BDEE8E-22EE-4DDE-A3D4-D8DCC2915657}\57269602E65647 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Adobe Acrobat Create PDF Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2014-6-12 36520]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-6-13 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-6-13 224896]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-6-12 20024]
R0 LHDmgr;LHDmgr;C:\Windows\System32\drivers\LhdX64.sys [2014-6-12 39008]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-6-13 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-6-13 427360]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-6-12 241152]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-6-13 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-6-13 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-6-13 92008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-2 50344]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2014-6-12 166720]
R2 MySQL55;MySQL55;"C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" MySQL55 --> C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-6-12 365344]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\System32\drivers\AcpiVpc.sys [2011-12-15 30816]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-6-12 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-6-12 358456]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-6-12 791608]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2014-6-12 117912]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-7-25 25816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-25 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-25 860472]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-25 122584]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-25 63704]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2014-6-12 327240]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-6-12 1255736]
.
=============== Created Last 30 ================
.
2014-07-30 14:58:30 -------- d-----w- C:\Users\Baljit\AppData\Roaming\ParetoLogic
2014-07-30 14:58:30 -------- d-----w- C:\Users\Baljit\AppData\Roaming\DriverCure
2014-07-30 14:57:54 -------- d-----w- C:\ProgramData\ParetoLogic
2014-07-29 10:27:14 -------- d-----w- C:\Users\Baljit\AppData\Local\Adobe
2014-07-29 05:19:36 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2014-07-29 05:18:44 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-07-29 05:15:59 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2014-07-25 18:29:40 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-25 18:29:15 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-25 18:29:15 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-07-25 18:29:15 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-07-25 17:51:13 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-07-25 14:11:54 110080 ----a-r- C:\Users\Baljit\AppData\Roaming\Microsoft\Installer\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}\IconF7A21AF7.exe
2014-07-25 14:11:53 -------- d-----w- C:\sh4ldr
2014-07-25 14:11:04 -------- d-----w- C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-07-25 12:26:38 -------- d-----w- C:\Users\Baljit\AppData\Roaming\Opera Software
2014-07-25 12:26:38 -------- d-----w- C:\Users\Baljit\AppData\Local\Opera Software
2014-07-25 08:39:47 -------- d-----w- C:\Program Files (x86)\Enigma Software Group
2014-07-25 07:34:18 -------- d-----w- C:\Program Files\Enigma Software Group
2014-07-25 07:03:02 -------- d-----w- C:\Users\Baljit\AppData\Local\Macromedia
2014-07-25 06:21:16 -------- d-----w- C:\ProgramData\HitmanPro
2014-07-23 17:36:33 -------- d-----w- C:\ProgramData\Malwarebytes
2014-07-23 17:36:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-23 17:20:08 -------- d-----w- C:\Windows\ERUNT
2014-07-22 18:44:10 -------- d-----w- C:\AdwCleaner
2014-07-12 03:16:40 -------- d-----w- C:\project
2014-07-11 15:35:26 -------- d-----w- C:\NetspyProj
2014-07-09 03:49:08 -------- d-----w- C:\Users\Baljit\.netbeans-derby
2014-07-06 16:01:58 -------- d-----w- C:\ProgramData\Orbit
2014-07-06 15:54:26 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2014-07-06 15:54:26 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2014-07-06 15:54:25 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2014-07-06 15:54:23 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2014-07-06 15:54:22 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2014-07-06 15:54:21 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2014-07-06 13:42:37 -------- d-----w- C:\Program Files (x86)\Splinter Cell Blacklist
2014-07-02 16:26:30 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-02 16:26:30 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-02 16:18:26 43152 ----a-w- C:\Windows\avastSS.scr
.
==================== Find3M  ====================
.
2014-07-02 16:18:28 92008 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-07-02 16:18:28 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-07-02 16:18:28 1041168 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-07-02 16:18:27 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-07-02 16:18:27 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-07-02 16:18:27 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-07-02 16:18:27 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-06-16 16:08:03 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-06-12 13:18:53 19872 ----a-w- C:\Windows\System32\LenovoSDKEmSubSystem.dll
2014-06-12 13:18:52 39008 ----a-w- C:\Windows\System32\drivers\LhdX64.sys
2014-06-12 13:11:28 30816 ----a-w- C:\Windows\System32\drivers\AcpiVpc.sys
2014-05-20 05:10:11 1024 ---h--w- C:\AMTAG.BIN
.
============= FINISH: 14:10:45.81 ===============
 

Attached Files



#4 polskamachina

polskamachina

  • Malware Response Team
  • 3,848 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 PM

Posted 01 August 2014 - 11:32 AM

Hi baljit singh :)

 

Let's investigate your blue screen issues.
 
Please download BlueScreenView
No installation required.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

 

Let me know if you have any questions. Are you still getting popups that are interfering with your ability to watch videos?
 
polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#5 baljit singh

baljit singh
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 04 August 2014 - 03:25 AM

when i run BlueScreenView.exe, it did'nt showed anything and i am not facing that bluescreen problem anymore. my main problem is the popups which keep coming  and one more thing i wanted to tell you that may be related to popup malware, that some google ads on websites are not shown properly ,it is like the ads have crashed while loading.my main problem is popups



#6 polskamachina

polskamachina

  • Malware Response Team
  • 3,848 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 PM

Posted 06 August 2014 - 10:09 AM

Hi baljit singh :)
 
Please run the Malwarebytes Anti-malware program.  From the main window, click on the Scan option (between the dashboard and settings choices). Then check the box for C: Next, click on the Start Scan button. Since the entire drive will be scanned, it make take several hours for the process to complete. When the scan has completed, quarantine any found objects. Make sure you check the boxes that say PUP's or they will not be removed. From the final summary screen, click on the button that will copy the contents to the clipboard. Then paste those contents into your next reply to me.
 
Let me know if you have any questions. Are you still getting popups?
 
polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#7 polskamachina

polskamachina

  • Malware Response Team
  • 3,848 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 PM

Posted 09 August 2014 - 11:33 PM

Hi baljit singh :)

 

It's been several days since you've checked in. Do you still need help with this? If not, this topic will be closed in 48 hours.
 
Let me know if you have any questions.
 
polskamachina


Member of the Bleeping Computer A.I.I. early response team!

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,620 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:03 PM

Posted 12 August 2014 - 01:46 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users