Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Erratic Malware-like behavior: StartUp Repair, glitchy VLC player, shutdowns


  • This topic is locked This topic is locked
57 replies to this topic

#1 dryates

dryates

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 10 June 2013 - 03:17 AM

Hi there!

 

I wish I had more info to offer, but I don't have many specifics to go on myself, or else I would put more research into them before posting here. However, I'm stumped and not sure where to look for help.

 

My Acer Aspire laptop (5742-6798 - Intel Core i5-430M, 15.6 HD LED, 4 GB DDR3) with Windows 7 Home Premium is suffering some very erratic behavior.

 

First I was experiencing random shutdowns, usually when using music software like Winamp or MixMeister Fusion. I thought perhaps overheating was the problem. I've since blown out the vents and the computer doesn't seem overly dusty.

 

Lately VLC Player is running in a very glitchy way - 10 s-1 min of video and then freezing, then starting, stopping, etc.

 

Sometimes other software is quite slow when it wasn't before. I'm decent at basic computer maintenance like defragging so I don't imagine this is the problem.

 

I see that MsMpEng.exe is often using a lot of resources, but when I look up info about turning it off, I get a message saying I've already disabled Defender. I can't end the process through task manager.

 

And now sometimes during a reboot, my computer goes into a Startup Repair loop and just sits there doing nothing.

 

I tried running TDDSKiller and it seemed to find at least one issue, but then I ran into the reboot problem.

 

Anyway, here is DDS.txt below and attach.txt is attached.

 

Thanks!

David

 

_____________________________________________________________________

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 1.6.0_24
Run by David at 1:03:50 on 2013-06-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.3767.2230 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&m=aspire_5742&r=27361210l365l0464z1j5v57j2130r
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [SoftAuto.exe] "C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe"
uRun: [AdobeBridge] <no file>
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [KORG USB-MIDI Driver] C:\Program Files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe /s
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 64.59.144.93 64.59.150.139 192.168.1.1
TCP: Interfaces\{1557848B-5D37-4218-B515-5838724E3A75} : DHCPNameServer = 64.71.255.198 64.71.255.253
TCP: Interfaces\{91A85C2D-225C-4F17-8519-674E3FE07B58} : DHCPNameServer = 64.59.144.93 64.59.150.139 192.168.1.1
TCP: Interfaces\{91A85C2D-225C-4F17-8519-674E3FE07B58}\C6F66756275667F6C6574796F6E6 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{91A85C2D-225C-4F17-8519-674E3FE07B58}\E4F4B4941402C457D6961602731303F503931393 : DHCPNameServer = 192.168.33.1
TCP: Interfaces\{91A85C2D-225C-4F17-8519-674E3FE07B58}\F42716E676562416C6C6 : DHCPNameServer = 192.168.1.254 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\r173qfzu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\r173qfzu.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\r173qfzu.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\r173qfzu.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\David\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\r173qfzu.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll
FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\r173qfzu.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\r173qfzu.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\David\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-7-24 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-9-25 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-20 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-7-20 243232]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-7-20 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-7-20 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-7-20 271872]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-5-15 384040]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 a2djavs;Audio 2 DJ WDM Audio;C:\Windows\System32\drivers\a2djavs.sys [2010-10-20 353360]
S3 a2djavs_x64;a2djavs_x64;C:\Windows\System32\drivers\a2djavs_x64.sys [2009-4-21 44560]
S3 a2djusb_svc;Audio 2 DJ;C:\Windows\System32\drivers\a2djusb.sys [2010-10-20 92240]
S3 a2djusb_x64;a2djusb_x64;C:\Windows\System32\drivers\a2djusb_x64.sys [2009-4-21 249872]
S3 CTUPnPSv;Creative Centrale Media Server;C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-5-21 64000]
S3 DGUSBAP;Service for Digidesign Mbox2 (WDM);C:\Windows\System32\drivers\dgmbx2.sys [2011-2-13 194864]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2011-12-8 13352]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;C:\Windows\System32\drivers\KORGUM64.SYS [2011-3-30 33656]
S3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;C:\Windows\System32\drivers\dgmbx2fu.sys [2011-2-13 32944]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-8-2 22528]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-20 246376]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-12-8 155344]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-30 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S3 ysusb64;Yamaha Steinberg USB Audio;C:\Windows\System32\drivers\ysusb64.sys [2011-11-15 103752]
.
=============== Created Last 30 ================
.
2013-06-07 02:10:18    9460464    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EB7F0378-3393-4DBB-91BF-C250ADD1CDF1}\mpengine.dll
2013-06-06 00:53:02    9460464    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-04 00:35:12    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-27 06:36:36    262552    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-15 00:38:46    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 00:38:46    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 00:38:46    144384    ----a-w-    C:\Windows\System32\cdd.dll
2013-05-15 00:38:43    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-05-15 00:38:42    70144    ----a-w-    C:\Windows\System32\appinfo.dll
2013-05-15 00:38:42    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-05-15 00:38:42    111448    ----a-w-    C:\Windows\System32\consent.exe
2013-05-15 00:38:39    3153920    ----a-w-    C:\Windows\System32\win32k.sys
.
==================== Find3M  ====================
.
2013-06-10 07:47:44    17920    ----a-w-    C:\Windows\System32\rpcnetp.exe
2013-06-10 07:47:41    58288    ----a-w-    C:\Windows\SysWow64\rpcnet.dll
2013-06-04 02:31:30    1054720    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-04 00:35:12    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-10 16:39:07    39936    ----a-w-    C:\Windows\SysWow64\identprv.dll
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-03-19 06:04:06    5550424    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13    3968856    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-03-15 18:32:56    73432    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-15 18:32:56    693976    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH:  1:04:27.02 ===============
 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 PM

Posted 10 June 2013 - 03:37 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.

Pleae attach the gmer.txt to your reply:
  • Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, browse to where you saved the file, and
  • Click Upload.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 dryates

dryates
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 10 June 2013 - 01:05 PM

Thank you SO much! I've attached the file.

Attached Files



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 PM

Posted 10 June 2013 - 01:11 PM

Uninstall the Vuze Remote Toolbar.

 

 

Combofix


Combofix should only be run when adviced by a team member!


Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 dryates

dryates
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 10 June 2013 - 03:15 PM

ComboFix 13-06-08.02 - David 10/06/2013  11:17:06.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.3767.2468 [GMT -7:00]
Running from: c:\users\David\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\es.exe
c:\windows\SysWow64\conhost.exe
c:\windows\SysWow64\dwm.exe
c:\windows\SysWow64\hkcmd.exe
c:\windows\SysWow64\igfxext.exe
c:\windows\SysWow64\igfxpers.exe
c:\windows\SysWow64\igfxsrvc.exe
c:\windows\SysWow64\lsm.exe
c:\windows\SysWow64\spoolsv.exe
c:\windows\SysWow64\taskhost.exe
c:\windows\SysWow64\VSSVC.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-10 to 2013-06-10  )))))))))))))))))))))))))))))))
.
.
2013-06-10 18:23 . 2013-06-10 18:23    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-10 17:28 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB020858-86D2-4D69-A833-8FA4A6E4E8B6}\mpengine.dll
2013-06-10 06:51 . 2013-06-10 06:51    0    ----a-w-    c:\windows\SysWow64\wbem\unsecapp.exe
2013-06-10 06:51 . 2013-06-10 06:51    0    ----a-w-    c:\windows\SysWow64\winlogon.exe
2013-06-10 06:51 . 2013-06-10 06:51    0    ----a-w-    c:\windows\SysWow64\smss.exe
2013-06-10 06:51 . 2013-06-10 06:51    0    ----a-w-    c:\windows\SysWow64\services.exe
2013-06-10 06:51 . 2013-06-10 06:51    0    ----a-w-    c:\windows\SysWow64\lsass.exe
2013-06-07 02:10 . 2013-05-13 06:37    9460464    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-04 00:35 . 2013-06-04 00:35    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-15 16:24 . 2013-05-16 00:47    --------    d-----w-    c:\program files (x86)\Mozilla Thunderbird
2013-05-15 00:38 . 2013-04-10 06:01    265064    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 00:38 . 2013-04-10 06:01    983400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 00:38 . 2011-02-03 11:25    144384    ----a-w-    c:\windows\system32\cdd.dll
2013-05-15 00:38 . 2013-02-27 05:52    14172672    ----a-w-    c:\windows\system32\shell32.dll
2013-05-15 00:38 . 2013-02-27 05:52    197120    ----a-w-    c:\windows\system32\shdocvw.dll
2013-05-15 00:38 . 2013-02-27 05:48    1930752    ----a-w-    c:\windows\system32\authui.dll
2013-05-15 00:38 . 2013-02-27 06:02    111448    ----a-w-    c:\windows\system32\consent.exe
2013-05-15 00:38 . 2013-02-27 05:47    70144    ----a-w-    c:\windows\system32\appinfo.dll
2013-05-15 00:38 . 2013-02-27 04:49    1796096    ----a-w-    c:\windows\SysWow64\authui.dll
2013-05-15 00:38 . 2013-04-10 03:30    3153920    ----a-w-    c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-10 17:17 . 2010-07-20 08:23    17920    ----a-w-    c:\windows\system32\rpcnetp.exe
2013-06-10 17:17 . 2010-12-01 23:50    58288    ----a-w-    c:\windows\SysWow64\rpcnet.dll
2013-05-15 07:06 . 2011-03-22 21:55    75016696    ----a-w-    c:\windows\system32\MRT.exe
2013-05-10 16:39 . 2012-10-01 21:10    39936    ----a-w-    c:\windows\SysWow64\identprv.dll
2013-05-02 15:29 . 2010-12-02 09:07    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-12 14:45 . 2013-04-23 22:21    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-03-19 06:04 . 2013-04-10 16:38    5550424    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 16:38    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 16:38    3968856    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 16:38    3913560    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 16:38    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 16:38    112640    ----a-w-    c:\windows\system32\smss.exe
2013-03-15 18:32 . 2012-08-15 17:28    693976    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-15 18:32 . 2011-11-11 23:44    73432    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoftAuto.exe"="c:\program files (x86)\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"KORG USB-MIDI Driver"="c:\program files (x86)\KORG\KORG USB-MIDI Driver\EsHelper2.exe" [2011-03-30 393616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-12-26 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 a2djavs;Audio 2 DJ WDM Audio;c:\windows\system32\Drivers\a2djavs.sys;c:\windows\SYSNATIVE\Drivers\a2djavs.sys [x]
R3 a2djavs_x64;a2djavs_x64;c:\windows\system32\Drivers\a2djavs_x64.sys;c:\windows\SYSNATIVE\Drivers\a2djavs_x64.sys [x]
R3 a2djusb_svc;Audio 2 DJ;c:\windows\system32\Drivers\a2djusb.sys;c:\windows\SYSNATIVE\Drivers\a2djusb.sys [x]
R3 a2djusb_x64;a2djusb_x64;c:\windows\system32\Drivers\a2djusb_x64.sys;c:\windows\SYSNATIVE\Drivers\a2djusb_x64.sys [x]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files (x86)\Creative\Creative Centrale\CTUPnPSv.exe;c:\program files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [x]
R3 DGUSBAP;Service for Digidesign Mbox2 (WDM);c:\windows\system32\DRIVERS\dgmbx2.sys;c:\windows\SYSNATIVE\DRIVERS\dgmbx2.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUM64.SYS;c:\windows\SYSNATIVE\Drivers\KORGUM64.SYS [x]
R3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;c:\windows\system32\DRIVERS\dgmbx2fu.sys;c:\windows\SYSNATIVE\DRIVERS\dgmbx2fu.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 ysusb64;Yamaha Steinberg USB Audio;c:\windows\system32\drivers\ysusb64.sys;c:\windows\SYSNATIVE\drivers\ysusb64.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PWLOAPOD
*Deregistered* - pwloapod
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 10:49]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 10:49]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3269623533-775648555-1130474954-1001Core.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-25 20:25]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3269623533-775648555-1130474954-1001UA.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-25 20:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    162552    ----a-w-    c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-22 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-22 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-22 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
TCP: DhcpNameServer = 64.59.144.93 64.59.150.139 192.168.1.1
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\r173qfzu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-mwlDaemon - c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Native Instruments Audio 2 DJ - c:\programdata\{09E0C01F-3E52-43FD-9043-3A75BA69A3D0}\Audio 2 DJ Setup PC.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\06\16\13*5n"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-10  11:25:29
ComboFix-quarantined-files.txt  2013-06-10 18:25
.
Pre-Run: 171,377,541,120 bytes free
Post-Run: 172,095,873,024 bytes free
.
- - End Of File - - 0005EA014A8E1C7F94148FE5039775DB
A36C5E4F47E84449FF07ED3517B43A31
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 PM

Posted 10 June 2013 - 03:25 PM

Are the issues gone?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 dryates

dryates
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 11 June 2013 - 12:26 AM

They appear to be resolved at the moment! Wonderful! Thank you so much!

 

Is there anything I should be doing to avoid this kind of problem in the future? What should I be doing to protect my computer or to improve its performance?

 

The fan intermittently runs very hard and then stops. Not sure if this is a heat issue or something else.

 

But yes, otherwise things seem to be fixed!



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 PM

Posted 11 June 2013 - 01:26 AM

We´re not finished yet!

 

 

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 dryates

dryates
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 11 June 2013 - 07:34 PM

Great, I'm running this now.



#10 dryates

dryates
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 11 June 2013 - 09:12 PM

Wow, it turned up more than I expected!

 

Eset scan results:

 

C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll    a variant of Win32/Bunndle application
C:\Users\David\AppData\Local\TempImages\AskInstallChecker-1.5.0.0.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\David\AppData\Local\TempImages\askToolbarInstaller-1.9.1.0.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\David\AppData\Local\TempImages\InstallerRegVer.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\David\AppData\Local\TempImages\UpdateInstaller.exe    a variant of Win32/Agent.SZW trojan
C:\Users\David\Downloads\cnet2_SiteMapGenerator_exe.exe    a variant of Win32/InstallCore.D application
C:\Users\David\Downloads\cnet_UWT_zip.exe    a variant of Win32/InstallCore.D application
C:\Users\David\Downloads\FreeWAVToMP3ConverterSetup.exe    multiple threats
C:\Users\David\Downloads\m4a-to-mp3-converter.exe    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\David\Downloads\winamp5623_full_emusic-7plus_all.exe    Win32/OpenCandy application



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:33 PM

Posted 12 June 2013 - 01:39 AM

C:\Users\David\AppData\Local\TempImages\UpdateInstaller.exe

Delete this file without opening before.

 

 

C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll
C:\Users\David\AppData\Local\TempImages\AskInstallChecker-1.5.0.0.exe
C:\Users\David\AppData\Local\TempImages\askToolbarInstaller-1.9.1.0.exe
C:\Users\David\AppData\Local\TempImages\InstallerRegVer.exe
C:\Users\David\Downloads\cnet2_SiteMapGenerator_exe.exe
C:\Users\David\Downloads\cnet_UWT_zip.exe
C:\Users\David\Downloads\FreeWAVToMP3ConverterSetup.exe
C:\Users\David\Downloads\m4a-to-mp3-converter.exe
C:\Users\David\Downloads\winamp5623_full_emusic-7plus_all.exe

 

These files aren´t malware but contain security risks. I would delete them immediately. Your choice...

 

 

Scan with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[S1].txt also.

 

 

 

 

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 dryates

dryates
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 12 June 2013 - 07:57 PM

I was away from my computer while adwcleaner was running. When I came back, my computer was stuck on the windows startup screen.

 

I turned it off, then back on, and then it froze on a blank screen while trying to start up.

 

I am trying one more time. Again, the "starting windows" message and logo are on the screen and nothing else seems to be happening.



#13 dryates

dryates
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 12 June 2013 - 08:06 PM

There was a "loading files" screen with a progress bar, and then when I looked again, back to the blank screen. I'm waiting to see if more happens.



#14 dryates

dryates
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 12 June 2013 - 08:30 PM

Now there is a screen that looks like the windows lock screen, but the cursor is large and I can't see the password section. It looks like safe mode resolution. Nothing is working  yet.

 

Was I really supposed to click "delete" when I opened adwcleaner, or just scan? 



#15 dryates

dryates
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 12 June 2013 - 08:59 PM

Here's what the screen looks like now.

Attached Files


Edited by dryates, 12 June 2013 - 09:12 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users