PDA

View Full Version : Download/Streaming/Pop-up Problems



grandadis64
2014-06-30, 09:03
Hi
Please can anyone help. I am using Windows 8 and Internet Explorer 10

I find that when I am streaming or downloading with Internet Explorer, the task always stops half way through.
I tried to down load Firefox - but only let me get half way.
Affects Youtube as well. I think it may also be stopping Windows updates from running (I have set for them to run automatically).

Also (maybe connected maybe not) I am getting lots of pop-ups even though pop-up blocker is on.

I tried to revert to a previous restore point, but there is only one there (last week), is this correct?

Any advice gratefully received. I yesterday posted on the wrong forum and Tashi advised posting here.

I hope replies can be in simple language as I am generally quite smart - except with IT!!

Malcolm

Hi

Have attached DDS & attach. DDS wouldn't copy & paste so attached same way as "attach".
Windows wouldn't run aswMBR. " The aswMBR.exe download was interrupted"

Thanks
Malcolm

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Owner at 6:41:35 on 2014-06-30
Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.5317.3334 [GMT 1:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\windows\system32\dashost.exe
C:\Program Files (x86)\Knowhow Cloud\VSSService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe
C:\Program Files (x86)\LinkSwift\bin\utilLinkSwift.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LinkSwift\bin\LinkSwift.PurBrowse64.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\msiexec.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\taskhostex.exe
C:\windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files\IDT\WDM\Beats64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Users\Owner\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
C:\Program Files (x86)\Knowhow Cloud\KnowhowCloud.exe
C:\Program Files (x86)\LinkSwift\bin\LinkSwift.BrowserAdapter.exe
C:\Users\Owner\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\taskeng.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://dub113.mail.live.com/default.aspx?n=1527885565&fid=5#fid=flinbox
uSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mWinlogon: Userinit = userinit.exe
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [AmazonMP3DownloaderHelper] C:\Users\Owner\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
uRun: [SanDiskSecureAccess_Manager.exe] C:\Users\Owner\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [Livedrive] "C:\Program Files (x86)\Knowhow Cloud\KnowhowCloud.exe"
uRun: [Amazon Cloud Player] "C:\Users\Owner\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
uRun: [MyDriveConnect.exe] "C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe"
uRun: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6CC60F6A-BA2E-4D5F-87CC-9ADD2452CC5B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6CC60F6A-BA2E-4D5F-87CC-9ADD2452CC5B}\B4E4F47584F475 : DHCPNameServer = 208.67.222.222 8.8.8.8
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~2\optimi~1\optpro~1.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll
x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=tightmsd&cd=2XzuyEtN2Y1L1Qzu0E0CtC0AyDzyyCtAyD0DyC0Ezy0B0B0EtN0D0Tzu0CyCyDyEtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu2Z1L1N1M2Z1H1B1Q&cr=1167309586&ir=
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\System32\CbFsMntNtf3.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;C:\windows\System32\Drivers\aswndisflt.sys [2014-4-20 447888]
R0 aswRvrt;avast! Revert;C:\windows\System32\Drivers\aswRvrt.sys [2013-10-15 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\Drivers\aswVmm.sys [2013-10-15 208416]
R1 {25d71abf-7776-46f5-a269-9951331f9030}w64;{25d71abf-7776-46f5-a269-9951331f9030}w64;C:\windows\System32\Drivers\{25d71abf-7776-46f5-a269-9951331f9030}w64.sys [2014-6-22 61112]
R1 aswKbd;aswKbd;C:\windows\System32\Drivers\aswKbd.sys [2013-11-1 28184]
R1 aswSnx;aswSnx;C:\windows\System32\Drivers\aswsnx.sys [2013-10-15 1039096]
R1 aswSP;aswSP;C:\windows\System32\Drivers\aswsp.sys [2013-10-15 423240]
R1 cbfs3;cbfs3;C:\windows\System32\Drivers\cbfs3.sys [2013-11-27 352008]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2013-9-28 91712]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2013-9-28 239616]
R2 aswHwid;avast! HardwareID;C:\windows\System32\Drivers\aswHwid.sys [2014-4-20 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2013-10-15 79184]
R2 aswStm;aswStm;C:\windows\System32\Drivers\aswstm.sys [2013-12-27 85328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-4-20 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-4-20 109048]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2013-9-28 89864]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-21 2266296]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2013-9-28 77576]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2013-9-28 294664]
R2 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-10-7 227904]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-6-7 92160]
R2 LivedriveVSSService;Livedrive VSS Service;C:\Program Files (x86)\Knowhow Cloud\VSSService.exe [2013-11-21 210592]
R2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2013-9-28 84168]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-16 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-10-16 1033688]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-10-16 171928]
R2 Update LinkSwift;Update LinkSwift;C:\Program Files (x86)\LinkSwift\updateLinkSwift.exe [2013-10-4 318752]
R2 Util LinkSwift;Util LinkSwift;C:\Program Files (x86)\LinkSwift\bin\utilLinkSwift.exe [2013-10-17 318752]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\Drivers\AtihdW86.sys [2013-7-6 129536]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2012-7-30 110744]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUStor.sys [2013-3-1 259144]
R3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;C:\windows\System32\Drivers\RTWlanU.sys [2012-9-17 1576080]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\Drivers\usbfilter.sys [2012-7-17 57000]
R3 WSDScan;WSD Scan Support;C:\windows\System32\Drivers\WSDScan.sys [2013-4-9 23552]
S2 70e6ca8c;Optimizer Pro Crash Monitor;"c:\progra~2\optimi~1\OptProCrash.exe" --> c:\progra~2\optimi~1\OptProCrash.exe [?]
S3 amdkmafd;AMD Audio Bus Lower Filter;C:\windows\System32\Drivers\amdkmafd.sys [2012-9-23 21160]
S3 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\windows\System32\Drivers\amdkmpfd.sys [2013-5-22 36096]
S3 AmUStor;AM USB Stroage Driver;C:\windows\System32\Drivers\AmUStor.sys [2013-3-25 108312]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\windows\System32\Drivers\RTWlanU.sys [2012-9-17 1576080]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-06-28 06:23:03 71168 ----a-w- C:\windows\System32\drivers\hdaudbus.sys
2014-06-28 06:23:03 6974808 ----a-w- C:\windows\System32\ntoskrnl.exe
2014-06-28 06:23:03 693760 ----a-w- C:\windows\System32\WSShared.dll
2014-06-28 06:23:03 566784 ----a-w- C:\windows\SysWow64\WSShared.dll
2014-06-28 06:23:03 1824808 ----a-w- C:\windows\System32\ntdll.dll
2014-06-28 06:23:03 163840 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-28 06:23:03 1408976 ----a-w- C:\windows\SysWow64\ntdll.dll
2014-06-28 06:23:03 126464 ----a-w- C:\windows\System32\Robocopy.exe
2014-06-28 06:23:03 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-06-28 06:23:03 106496 ----a-w- C:\windows\SysWow64\Robocopy.exe
2014-06-28 06:23:03 1023488 ----a-w- C:\windows\System32\localspl.dll
2014-06-27 21:12:19 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2014-06-25 20:28:51 -------- d-----w- C:\Users\Owner\AppData\Roaming\Speedial
2014-06-25 20:28:28 -------- d-----w- C:\Program Files (x86)\Speedial
2014-06-22 06:10:23 61112 ----a-w- C:\windows\System32\drivers\{25d71abf-7776-46f5-a269-9951331f9030}w64.sys
2014-06-15 08:33:20 305152 ----a-w- C:\windows\SysWow64\wusa.exe
2014-06-15 08:33:13 619008 ----a-w- C:\windows\System32\drivers\srv2.sys
2014-06-15 08:33:13 309760 ----a-w- C:\windows\System32\wusa.exe
2014-06-15 08:33:12 328024 ----a-w- C:\windows\System32\drivers\Classpnp.sys
2014-06-14 08:51:56 1301504 ----a-w- C:\windows\System32\gdi32.dll
2014-06-14 08:51:56 1023488 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-06-14 08:51:55 3246592 ----a-w- C:\windows\System32\rdpcorets.dll
2014-06-14 08:51:55 235520 ----a-w- C:\windows\System32\rdpudd.dll
2014-06-14 08:33:25 1845760 ----a-w- C:\windows\System32\msxml3.dll
2014-06-14 08:33:25 1419264 ----a-w- C:\windows\SysWow64\msxml3.dll
2014-06-14 08:33:24 2233176 ----a-w- C:\windows\System32\drivers\tcpip.sys
2014-06-11 18:11:35 283312 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10242.bin
2014-06-10 19:28:01 -------- d-----w- C:\Users\Owner\AppData\Local\Microsoft Help
.
==================== Find3M ====================
.
2014-05-31 05:16:07 703992 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-05-31 05:16:07 105464 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-15 17:58:09 447888 ----a-w- C:\windows\System32\drivers\aswndisflt.sys
2014-05-15 17:57:58 1039096 ----a-w- C:\windows\System32\drivers\aswsnx.sys
2014-05-15 17:57:36 85328 ----a-w- C:\windows\System32\drivers\aswstm.sys
2014-05-06 03:37:50 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2014-05-06 03:26:53 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-04-20 11:23:52 79184 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-04-20 11:23:52 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-04-20 11:23:52 208416 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-04-20 11:23:51 93568 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-04-20 11:23:51 43152 ----a-w- C:\windows\avastSS.scr
2014-04-20 11:23:51 29208 ----a-w- C:\windows\System32\drivers\aswHwid.sys
2014-04-19 09:39:36 628024 ----a-w- C:\windows\System32\NotificationUI.exe
2014-04-12 09:27:03 172888 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-04-12 09:10:31 578048 ----a-w- C:\windows\System32\winlogon.exe
2014-04-12 09:09:43 208896 ----a-w- C:\windows\System32\wdigest.dll
2014-04-12 09:09:39 1043968 ----a-w- C:\windows\System32\usercpl.dll
2014-04-12 09:09:34 94720 ----a-w- C:\windows\System32\TSpkg.dll
2014-04-12 09:09:19 588288 ----a-w- C:\windows\System32\SHCore.dll
2014-04-12 09:08:37 318464 ----a-w- C:\windows\System32\msv1_0.dll
2014-04-12 09:08:17 439808 ----a-w- C:\windows\System32\lsm.dll
2014-04-12 09:08:17 1281536 ----a-w- C:\windows\System32\lsasrv.dll
2014-04-12 09:08:10 827904 ----a-w- C:\windows\System32\kerberos.dll
2014-04-12 09:07:36 20480 ----a-w- C:\windows\System32\credssp.dll
2014-04-12 07:23:59 178688 ----a-w- C:\windows\SysWow64\wdigest.dll
2014-04-12 07:23:52 961536 ----a-w- C:\windows\SysWow64\usercpl.dll
2014-04-12 07:23:49 76800 ----a-w- C:\windows\SysWow64\TSpkg.dll
2014-04-12 07:23:40 452608 ----a-w- C:\windows\SysWow64\SHCore.dll
2014-04-12 07:23:14 273920 ----a-w- C:\windows\SysWow64\msv1_0.dll
2014-04-12 07:22:58 666624 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-04-12 07:22:33 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2014-04-12 06:58:06 14848 ----a-w- C:\windows\System32\workerdd.dll
.
============= FINISH: 6:42:12.39 ===============

shelf life
2014-07-01, 03:07
hi grandadis64,

Ah, my first Windows 8 machine. Lets see what Malwarebytes (MBAM) can dig up. There is a free version that you can download and keep as a antimalware app.
These directions are a little old as there interface has changed. Basically you want to download it, install it. Update and do a scan with it and post the log. If you run into problems just post back:

Please download the free version of Malwarebytes (http://www.malwarebytes.org/products/malwarebytes_free) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

grandadis64
2014-07-01, 09:31
Hi

Thanks for post. I tried to download malwarebytes, but got the message:-

Windows protected your PC .
Windows Smartscreen prevented an unrecognized application from starting. Running this application might put your
PC at risk.
I pushed the OK button, but it wouldn't still do anything !!!

Malcolm

shelf life
2014-07-02, 00:53
Try turning that function off, then try the download again. See this Link. (http://www.intowindows.com/how-to-disable-windows-8-smartscreen-protection/)

grandadis64
2014-07-02, 09:08
Hi

It gets to 99% downloaded then says download was interrupted. If I press "retry" it says the signature is corrupt or invalid. This is a nightmare!!!

Thanks for your continued help

Malcolm

shelf life
2014-07-03, 00:34
ok. thanks for the info. Lets try two things in Internet Explorer:
Disable all addons and reset IE back to its defaults.
With IE open go to tools, or the gear looking icon then internet options> Advanced tab, then look for a Reset button under the advanced tab, This may actually disable the addons also, not sure but just to be sure you can disable them manually also somewhere in there. Not really that familiar with IE or windows 8. I will check these directions on a W8 machine and post back.
----------------------------------------------
With IE open: click on the gear looking icon or Tools>internet options>Advanced tab and click on the Reset button and check the Delete personal settings box then click the reset button. Close IE and restart it, then try the Malwarebytes download again. Using the reset button will disable the add ons also and put IE back to its default settings.

grandadis64
2014-07-03, 09:26
Hi

It downloads 99% says "try again" so I push try again button it but it says "The signature of mbam-setup-2.0.2.1012.exe is corrupt or invalid"

Malcolm

shelf life
2014-07-04, 00:07
hi,

Ok and you tried resetting IE back to its defaults?

Lets forget MBAM and try another download unless that fails also. Another alternative if its a easy one for you- would be to download MBAM to a USB flash drive on antoher machine then install it on yours. In any case see if you can get this to download:


Please download Farbar Recovery Scan Tool and save it to your Desktop.

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Note: You need to get the 64bit version.

Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
When the tool opens click Yes to disclaimer.
Press the Scan button.
When finished, it will produce a log called FRST.txt in the same directory the tool was run from. (your desktop)
Please copy and paste the log in your next reply.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

grandadis64
2014-07-04, 00:24
Hi

Yes I reset IE to defaults and add-ons were disabled.

I got the same problem with this one, Windows seems to be blocking it from downloading.
went to site via your link and clicked on 64-bit download.
Says "FRST64.exe couldn't be downloaded"
Pushed retry button says"FRST64.exe is not commonly downloaded and could harm your computer"
Clicked Actions then Run Anyway.
Big Blue band across the screen says "This APP can't run on your PC. To find a version for your PC check with the software publisher"

Malcolm

shelf life
2014-07-04, 02:34
I bet when you reset IE back to the defaults it activated Windows smart screen settings. Go back here (http://www.intowindows.com/how-to-disable-windows-8-smartscreen-protection/) disable smart screen again and then try the downloads.

grandadis64
2014-07-04, 09:02
Hi

I did as instructed, but neither program will download still

Malcolm

shelf life
2014-07-04, 15:22
hi,

Lets start over again. Look in your add/remove programs panel for these entries and uninstall them:

LinkSwift 1.0.0
Optimizer Pro Crash Monitor (Didnt see this one on your list but you might see it, if you dont see it listed let me know and we will go after it manually)

These are the cause of your popups. Most likely piggybacked in on other software. After the uninstall reboot machine. I dont think these are the cause of being unable to download software. Try one of those downloads again just to be sure after you uninstall linkswift and pro cash monitor (if its listed).

grandadis64
2014-07-05, 01:16
Hi Shelf Life

Well, you seem to have cracked it.
I removed Link swift and all the pop-ups are gone.
I couldn't find Optimiser Pro Crash Monitor, but I did find something called Optimizer Pro v3.2, which I left alone.

Malwarebytes then downloaded fine, I will try and attach the log, but I always mess up there!! Ah, it says the file is 50.9Kb which is over the 48.8Kb limit so it won't upload, please advise.
I tried streaming a couple of things which wouldn't work properly before, and they now seem to be fine.

Please let me know if you see anything in the log that needs fixing, and also is there anything you've asked me to do whilst fixing this that I now need to reset?

I can't thank you enough for your help, but a small donation will arrive.

Thanks again

Malcolm

shelf life
2014-07-05, 04:46
ok Good news. Go ahead and uninstall Optimizer Pro v3.2 from the add remove programs panel- its useless and bundled with other addons.

The MBAM log: you could copy/paste half of it in one post then the other half in another post?

If you want you can re-enable Windows SmartScreen. (http://www.7tutorials.com/what-smartscreen-filter-how-does-it-work)

grandadis64
2014-07-05, 13:39
Hi

Okay, tried to attach it as 2 files, hope it works ok

Malcolm

shelf life
2014-07-05, 15:50
Ok thanks for the logs. Since you had adware type stuff we will hit it with adwcleaner.exe, which targets this stuff, just to pick up anything MBAM didnt drag up. So one more download and we will call it quits after that.

Please download Adwcleaner.exe (http://www.bleepingcomputer.com/download/adwcleaner/) using the Download Now @Bleepingcomputer button.
Double click on AdwCleaner.exe, select OK, then Run
Click on the Scan button
Once its done click on the Report button
Copy and paste the contents of the log file in your reply
You can also find the logfile at C:\AdwCleaner[R1].txt as well
Exit AdwCleaner with the X (close) button. click ok at the final prompt.

grandadis64
2014-07-05, 21:48
Hi

Ran AdwCleaner - it found Optimiser Pro Crash Monitor!!

Log attached.

Thanks again for your invaluable help.
Do I need to run any of these programs regularly, i.e. when I do a Spybot scan?

Malcolm

shelf life
2014-07-06, 03:22
hi Malcolm,

Thanks for the info. You can keep and use MBAM, the free version must be updated manually and a scan started manually. MBAM targets much more than just adware. Always check for updates before a scan is started.

Adwcleaner is updated frequently and i think it will prompt you if theres is a updated version. It targets adware. But, do you need to keep and use it? I guess you could but all the stuff you had is avoidable. Most likely it was installed with other software. I have some info about this on my web page. There is a uninstall button if you want to remove it.
If all is good on your end we can call it quits.
Happy safe surfing out there.