Very Slow Browser (FFox) And Won't Load Videos - Help Please

Hi,

 

Over the past few weeks, I was prompted to update Firefox two times. I went to a v18 then v19. When I updated to the v18, I was prompted several times to update Adobe Flash. I repeatedly got a message that a plug-in for Flash was vulnerable. I tried several times to update, but the uploads failed for some reason. After a week or so, my computer started running slow as I was on line. I kept getting persistent prompts to chat with someone in Google Chat even though I've never used that program and have always had my identity hidden. Now, videos will not load. If I click on any link or page refresh it takes several seconds to load.

 

I downgraded Flash to the generation 10 version.

 

I've run Malwarebytes and Microsoft Security Essentials and they show nothing.

 

Any help would be very much appreciated.

 

Thank you.

Hello holidaydarin

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

• 
  
• Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

• Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

• Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

• Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
• Gringo
• 
  

Hello

48 Hour bump

It has been more than 48 hours since my last post.

• do you still need help with this?
• do you need more time?
• are you having problems following my instructions?
• if after 48hrs you have not replied to this thread then it will have to be closed!
• 
  
• Gringo
• 
  

Hi,

 

Here are the first two logs you requested. I'll post the Rogue Killer log next.

 

Security Check:

 

 Results of screen317's Security Check version 0.99.60  
 Windows XP Service Pack 3 x86   
 Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.70.0.1100  
 CCleaner     
 Java 7 Update 15  
 Adobe Flash Player 10 Flash Player out of Date!
  Adobe Flash Player     10.3.183.63 Flash Player out of Date!  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (19.0)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 3%
````````````````````End of Log``````````````````````
 

 

 

 

ADW Cleaner:

 

 

# AdwCleaner v2.114 - Logfile created 03/05/2013 at 06:52:38
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : new user - DELL-DAF6199A7D
# Boot Mode : Normal
# Running from : C:\Documents and Settings\new user\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.17117

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Documents and Settings\new user\Application Data\Mozilla\Firefox\Profiles\bkfv6qww.default-1361669665718\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wircjwmw.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\new user\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2638 octets] - [06/12/2012 06:20:43]
AdwCleaner[R2].txt - [2698 octets] - [06/12/2012 06:25:01]
AdwCleaner[R3].txt - [1485 octets] - [24/02/2013 14:28:25]
AdwCleaner[R4].txt - [1545 octets] - [24/02/2013 14:29:44]
AdwCleaner[S1].txt - [2786 octets] - [06/12/2012 06:25:24]
AdwCleaner[S2].txt - [1611 octets] - [24/02/2013 14:32:57]
AdwCleaner[S3].txt - [1422 octets] - [05/03/2013 06:52:38]

########## EOF - C:\AdwCleaner[S3].txt - [1482 octets] ##########
 

And here is the RogueKiller log:

 

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : new user [Admin rights]
Mode : Remove -- Date : 03/05/2013 07:13:30
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500410AS +++++
--- User ---
[MBR] 06455a654bd8e5d67f964d1a6a07d2f3
[BSP] 9db90ef42d70f843d2656a4733f0ad5c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_03052013_02d0713.txt >>
RKreport[1]_S_03052013_02d0712.txt ; RKreport[2]_D_03052013_02d0712.txt ; RKreport[3]_D_03052013_02d0713.txt

Hello holidaydarin

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

• Link 1
  Link 2
  Link 3
• 
  

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
• Log from Combofix
• let me know of any problems you may have had
• How is the computer doing now?
• 
  
• Gringo
• 
  
• 
  
• 
  

Below is the Combofix log. 

 

So far my computer is still running slowly. Pages often take several seconds to re-load. Videos on load, then stop often hanging for many minutes.

 

Thanks.

 

 

ComboFix 13-03-05.01 - new user 03/05/2013  10:09:23.5.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1222 [GMT -8:00]
Running from: c:\documents and settings\new user\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\_ctypes.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\_elementtree.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\_hashlib.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\_socket.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\_ssl.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\pyexpat.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\pysqlite2._sqlite.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\python26.dll
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\pythoncom26.dll
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\PyWinTypes26.dll
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\select.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\unicodedata.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\win32api.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\win32com.shell.shell.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\win32crypt.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\win32event.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\win32file.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\win32inet.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\win32pdh.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\win32process.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\win32profile.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\win32security.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\win32ts.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\windows._cacheinvalidation.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\wx._controls_.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\wx._core_.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\wx._gdi_.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\wx._html2.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\wx._misc_.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\wx._windows_.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\wx._wizard.pyd
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\wxbase293u_net_vc.dll
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\wxbase293u_vc.dll
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\wxmsw293u_adv_vc.dll
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\wxmsw293u_core_vc.dll
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\wxmsw293u_html_vc.dll
c:\docume~1\NEWUSE~1\LOCALS~1\Temp\_MEI29522\wxmsw293u_webview_vc.dll
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\_ctypes.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\_elementtree.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\_hashlib.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\_socket.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\_ssl.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\pyexpat.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\pysqlite2._sqlite.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\python26.dll
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\pythoncom26.dll
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\PyWinTypes26.dll
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\select.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\unicodedata.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\win32api.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\win32com.shell.shell.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\win32crypt.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\win32event.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\win32file.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\win32inet.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\win32pdh.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\win32process.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\win32profile.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\win32security.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\win32ts.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\windows._cacheinvalidation.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\wx._controls_.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\wx._core_.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\wx._gdi_.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\wx._html2.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\wx._misc_.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\wx._windows_.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\wx._wizard.pyd
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\wxbase293u_net_vc.dll
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\wxbase293u_vc.dll
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\wxmsw293u_adv_vc.dll
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\wxmsw293u_core_vc.dll
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\wxmsw293u_html_vc.dll
c:\documents and settings\new user\Local Settings\Temp\_MEI29522\wxmsw293u_webview_vc.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-05 to 2013-03-05  )))))))))))))))))))))))))))))))
.
.
2013-03-05 14:00 . 2013-02-08 00:45    6954968    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F3DC34E-4C11-4380-8528-14D326E2949C}\mpengine.dll
2013-03-05 09:12 . 2013-03-05 09:12    --------    d-----w-    c:\documents and settings\new user\Local Settings\Application Data\Adobe_Systems_Incorporate
2013-03-04 01:04 . 2013-02-08 00:45    6954968    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-27 21:52 . 2012-12-15 00:49    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-02-27 21:52 . 2013-02-27 21:52    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-02-24 02:37 . 2013-02-24 02:37    405360    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-22 18:52 . 2013-02-22 18:52    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2013-02-22 18:52 . 2013-02-22 18:52    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2013-02-22 18:52 . 2013-02-22 18:52    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-02-22 18:52 . 2013-02-22 18:52    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-02-22 18:52 . 2013-02-22 18:52    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-02-22 18:52 . 2013-02-22 18:52    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-02-22 18:52 . 2013-02-22 18:52    159744    ----a-w-    c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-02-22 18:51 . 2013-02-22 18:52    --------    d-----w-    c:\program files\QuickTime
2013-02-22 18:48 . 2013-02-22 18:48    --------    d-----w-    c:\program files\Apple Software Update
2013-02-22 14:52 . 2013-02-22 14:52    143872    ----a-w-    c:\windows\system32\javacpl.cpl
2013-02-22 14:52 . 2013-02-22 14:52    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-02-18 22:16 . 2013-02-18 22:16    --------    d-----w-    c:\documents and settings\new user\Application Data\Free-PDF-to-Word.com
2013-02-18 22:16 . 2013-02-18 22:26    --------    d-----w-    c:\program files\Free PDF to Word Converter
2013-02-18 22:16 . 2013-02-18 22:28    --------    d-sh--w-    c:\windows\system32\AI_RecycleBin
2013-02-18 22:15 . 2013-02-18 22:28    --------    d-----w-    C:\AI_RecycleBin
2013-02-18 22:09 . 2013-02-18 22:09    --------    d-----w-    c:\documents and settings\new user\Local Settings\Application Data\Updater21804
2013-02-16 03:58 . 2013-02-16 03:58    106088    ----a-w-    c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-02-11 05:59 . 2013-02-11 07:22    --------    d-----w-    c:\documents and settings\All Users\AdobeTemp
2013-02-08 04:53 . 2013-02-08 04:53    16365936    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2013-02-08 00:37 . 2013-02-08 01:37    --------    d-----w-    c:\documents and settings\new user\Application Data\Skype
2013-02-08 00:37 . 2013-02-08 00:37    --------    d-----w-    c:\program files\Common Files\Skype
2013-02-08 00:37 . 2013-02-08 00:37    --------    d-----r-    c:\program files\Skype
2013-02-08 00:37 . 2013-02-08 00:37    --------    d-----w-    c:\documents and settings\All Users\Application Data\Skype
2013-02-07 23:03 . 2013-02-07 23:03    --------    d-----w-    c:\program files\TeamViewer
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-22 14:52 . 2012-12-11 02:52    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-02-22 14:52 . 2010-12-02 06:03    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-01-30 10:53 . 2012-12-06 01:38    232336    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-26 03:55 . 2006-02-28 12:00    552448    ----a-w-    c:\windows\system32\oleaut32.dll
2013-01-20 23:59 . 2012-08-31 06:03    195296    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-01-07 01:19 . 2006-02-28 12:00    2148864    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2004-08-03 22:59    2027520    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2006-02-28 12:00    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2006-02-28 12:00    148992    ----a-w-    c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2006-02-28 12:00    1292288    ----a-w-    c:\windows\system32\quartz.dll
2012-12-26 20:43 . 2006-02-28 12:00    832512    ----a-w-    c:\windows\system32\wininet.dll
2012-12-26 20:43 . 2006-02-28 12:00    1830912    ------w-    c:\windows\system32\inetcpl.cpl
2012-12-26 20:43 . 2006-02-28 12:00    78336    ----a-w-    c:\windows\system32\ieencode.dll
2012-12-26 20:43 . 2006-02-28 12:00    17408    ----a-w-    c:\windows\system32\corpol.dll
2012-12-16 12:23 . 2006-02-28 12:00    290560    ----a-w-    c:\windows\system32\atmfd.dll
2013-02-21 22:19 . 2013-02-21 22:18    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-18 03:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-18 03:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-18 03:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-18 03:50    556648    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2013-01-07 2909640]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-12-18 16328976]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-01 1036288]
"Broadcom Wireless Manager"="c:\windows\system32\wltray.exe" [2007-06-14 1282048]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\documents and settings\new user\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dynex Wireless Networking Utility.lnk - c:\program files\Dynex Enhanced G USB Network Adapter\DynexWCUI.exe [2009-1-27 1458176]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-9-11 972064]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\new user\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [3/27/2009 2:54 PM 165160]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2/6/2012 3:25 PM 13672]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2/27/2013 1:52 PM 398184]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/27/2013 1:52 PM 682344]
R2 ReplicaSysMon;Seagate Replica System Monitor;c:\program files\Seagate Replica\bin\ReplicaSysMon.exe [2/21/2012 10:38 PM 416208]
R2 Seagate-Replica-Svc;Seagate Replica Service;c:\program files\Seagate Replica\bin\Seagate-Replica-Svc.exe [2/21/2012 10:38 PM 1947600]
R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2/7/2013 3:03 PM 3467768]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [6/19/2012 11:33 PM 66944]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [1/22/2009 8:20 PM 2521880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/27/2013 1:52 PM 21104]
R3 NdisWDM;Dynex Enhanced Wireless G USB Network Adapter Service;c:\windows\system32\drivers\NdisWDM.sys [1/27/2009 2:21 PM 198528]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/22/2009 8:28 PM 47360]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-11 17:25]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-11 17:25]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1383384898-725345543-1003Core.job
- c:\documents and settings\new user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 17:20]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1383384898-725345543-1003UA.job
- c:\documents and settings\new user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 17:20]
.
2013-03-05 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 19:11]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1 68.94.157.1
FF - ProfilePath - c:\documents and settings\new user\Application Data\Mozilla\Firefox\Profiles\bkfv6qww.default-1361669665718\
FF - ExtSQL: 2013-02-23 17:46; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\new user\Application Data\Mozilla\Firefox\Profiles\bkfv6qww.default-1361669665718\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-05 10:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Seagate-Replica-Svc]
"ImagePath"="c:\program files\Seagate Replica\bin\Seagate-Replica-Svc.exe /startedbyscm:FE2355B7-40E2EE35-RebitSvcModule"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1417001333-1383384898-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2A9F2178-EA4A-BD24-5CC8-73B0410FC935}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oaibfkkmjogmcngfmgdoigbdngjdep"=hex:64,61,69,64,66,61,6d,69,00,90
"oamecmaoognmoigfcpfibafjagmeon"=hex:6a,61,69,64,69,61,67,6e,6e,6e,65,6d,6e,6c,
   70,63,70,69,62,6a,00,fd
"nacfelhmipcfckeenmhilhmfanij"=hex:6a,61,69,64,69,61,67,6e,6e,6e,65,6d,6e,6c,
   70,63,70,69,62,6a,00,fd
"eaefckhgpk"=hex:64,62,6b,68,68,70,67,6f,6d,6a,65,65,62,6e,70,64,64,68,6f,63,
   67,6f,6f,6d,6b,6a,6e,63,64,62,70,6e,6e,67,65,61,66,6d,6a,6e,00,3d
"cahbhi"=hex:64,62,6e,65,6a,63,68,66,66,6a,6f,67,6d,63,6f,6f,62,69,6f,6e,6e,70,
   6f,70,6d,6b,68,66,63,6c,62,6a,69,6d,6a,63,6e,6f,70,6b,00,3d
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(832)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(540)
c:\windows\system32\WININET.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Seagate Replica\bin\Seagate-Replica-Autoplay.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Seagate Replica\bin\Seagate-Replica-Tray.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Completion time: 2013-03-05  10:34:53 - machine was rebooted
ComboFix-quarantined-files.txt  2013-03-05 18:34
.
Pre-Run: 197,979,377,664 bytes free
Post-Run: 198,554,103,808 bytes free
.
- - End Of File - - 7E6E9C767CDF3DB3AFB7C837603EC87D
 

In which browser does this happen?



gringo

Firefox, which I use. I've also tried in IE and the situation is the same, but I don't use IE.

Hello holidaydarin

I want you to try this for firefox and give me a quick update to how things are.

I want you to reset firefox back to defaults, to do this I need you to do this

• At the top of the Firefox window, click the "Firefox" button,
• go over to the "Help" sub-menu
  • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
• Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
• click "Reset Firefox" in the confirmation window that opens.
• Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.
• restart the computer and check firefox for me now
  
  Gringo
• 
  
• 
  

Gringo,

 

Last week I reset Firefox exactly as you directed. It made no difference in performance of the computer. 

 

Thx.

OK then lets try running firefox in what they call safe mode and see how it goes - http://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode

I've been running in safe mode for a couple hours. No change. Everything running SLOWLY.

 

Thanks.

Hello holidaydarin


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
• Put a checkmark beside loaded modules.
• A reboot will be needed to apply the changes. Do it.
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
• Then click on Change parameters in TDSSKiller.
• Check all boxes then click OK.
• Click the Start Scan button.
• The scan should take no longer than 2 minutes.
• If a suspicious object is detected, the default action will be Skip, click on Continue.
• If malicious objects are found, they will show in the Scan results
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  
  Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it
  
  If the forum still complains about it being to long send me everything that is at the end of the report after where it says
  
  ==================
  Scan finished
  ==================
• and I will see if I want to see the whole report
  
  Malwarebytes Anti-Rootkit
  
  1.Download Malwarebytes Anti-Rootkit
  2.Unzip the contents to a folder in a convenient location.
  3.Open the folder where the contents were unzipped and run mbar.exe
  4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  6.Wait while the system shuts down and the cleanup process is performed.
  7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
  9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
  10.Verify that your system is now functioning normally.
  
  If you have any problems running either one come back and let me know
  
  please reply with the reports from TDSSKiller and MBAR
  
  Gringo
• 
  
• 
  
• 
  
• 
  
• 
  
• 
  

The first report is attached.