Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with something slowing down my computer!


  • This topic is locked This topic is locked
4 replies to this topic

#1 mattrm86

mattrm86

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 13 May 2013 - 04:10 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16447  BrowserJavaVersion: 10.17.2
Run by Woodbury at 17:00:25 on 2013-05-13
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3241.1171 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Windows\system32\taskhost.exe
C:\Users\Woodbury\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Kodak\KODAK Share Button App\Kodak_ShareButton_App.exe
C:\Windows\Explorer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\program files\searchqu toolbar\datamngr\toolbar\searchqudtx.dll
BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - c:\program files\searchqu toolbar\datamngr\BrowserConnection.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\program files\searchqu toolbar\datamngr\toolbar\searchqudtx.dll
uRun: [KGShareApp] c:\program files\kodak\kodak share button app\KGShare_App.exe
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [Spotify Web Helper] "c:\users\woodbury\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [Google Update] "c:\users\woodbury\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Spotify] "c:\users\woodbury\appdata\roaming\spotify\spotify.exe" /uri spotify:autostart
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\oem\12.0\sharedcom\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio\oem\roxio burn\RoxioBurnLauncher.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Memeo AutoSync] c:\program files\memeo\autosync\MemeoLauncher2.exe --silent
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [DATAMNGR] c:\progra~1\search~1\datamngr\DATAMN~1.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.1.121\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
uPolicies-System: NoDispSettingsPage = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DisableCAD = dword:1
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: Interfaces\{B1EA15BF-CF64-4DF8-8A48-B8D2D6ADC77D} : NameServer = 192.168.1.4,192.168.1.5
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: spba - c:\program files\common files\spba\homefus2.dll
AppInit_DLLs= c:\progra~1\search~1\datamngr\datamngr.dll c:\progra~1\search~1\datamngr\IEBHO.dll
LSA: Authentication Packages =  msv1_0 wvauth
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\woodbury\appdata\roaming\mozilla\firefox\profiles\ttv17soi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=401&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\woodbury\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\users\woodbury\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2012-08-18 17:53; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files\searchqu toolbar\datamngr\FirefoxExtension
.
============= SERVICES / DRIVERS ===============
.
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-7-13 265088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSIb.sys [2009-7-13 11904]
.
=============== Created Last 30 ================
.
2013-05-13 20:40:00    29904    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{8a1a42ef-d4e0-4a28-98dd-885a558eb225}\MpKsl4dfaf306.sys
2013-05-13 20:39:54    60872    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{8a1a42ef-d4e0-4a28-98dd-885a558eb225}\offreg.dll
2013-05-13 20:19:57    --------    d-----w-    c:\program files\CCleaner
2013-05-13 20:08:09    --------    d-----w-    c:\users\woodbury\appdata\local\{4DBC7330-E82F-4BA0-958B-A4875BCA81A4}
2013-05-09 13:19:23    6906960    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{8a1a42ef-d4e0-4a28-98dd-885a558eb225}\mpengine.dll
2013-05-08 00:04:51    --------    d-----w-    c:\users\woodbury\appdata\local\{AD5D631E-17B0-4093-B8BC-E65F5E80E524}
2013-05-03 13:18:55    6906960    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-04-27 16:45:11    --------    d-----w-    c:\users\woodbury\appdata\local\{42BAD8A7-4339-4A01-8DB5-70C0666224D2}
2013-04-16 13:13:50    --------    d-----w-    c:\windows\system32\appmgmt
2013-04-16 13:03:16    --------    d-----w-    c:\programdata\BlueStacksSetup
.
==================== Find3M  ====================
.
2013-04-04 18:50:32    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-20 14:18:48    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-03-20 14:18:40    861088    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-03-20 14:18:40    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-13 02:19:04    73432    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 02:19:04    693976    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 17:05:42.16 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 CStew23

CStew23

  • Members
  • 1,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:55 PM

Posted 13 May 2013 - 06:29 PM

Hello and Welcome to BleepingComputer Forums :welcome: 

My name is Chris and and I will be helping you with your computer problems. 

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only! If you are not the original poster of this thread DO NOT run the fixes provided here.
  • Please do not run any tools until requested by myself or another member of Staff! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • If you stay with me, follow my instructions and ask questions when confused you'll be back up and running in no time smile.gif
With that out of the way, please hold on a bit while I get the first set of fixes approved
Please don't send help request via PM, unless I am already helping you. Use the forums!
If you have not heard from me in 48 hours please use this and send me a PM reminder.

#3 CStew23

CStew23

  • Members
  • 1,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:55 PM

Posted 15 May 2013 - 05:41 PM

Hi,

Could you shed a little more light on when the slowness occurs? Is it during a specific task? When the PC boots? When it shuts down?
Please don't send help request via PM, unless I am already helping you. Use the forums!
If you have not heard from me in 48 hours please use this and send me a PM reminder.

#4 CStew23

CStew23

  • Members
  • 1,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:55 PM

Posted 19 May 2013 - 12:29 PM

Hi,

Still with us?
Please don't send help request via PM, unless I am already helping you. Use the forums!
If you have not heard from me in 48 hours please use this and send me a PM reminder.

#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:55 PM

Posted 21 May 2013 - 07:17 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users