Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

USB loss, Firefox Freezing & In-game Ping Spikes/Lag


  • This topic is locked This topic is locked
31 replies to this topic

#1 booombie

booombie

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 28 June 2013 - 12:27 AM

Attached File  dds.txt   21.54KB   3 downloads

Attached File  Kerr Combo Log.txt   22.24KB   0 downloads

 

Windows 7 Home Premium, SP1 64-OS

AMD Phenom 2 X6 3.2 GHz  12GB RAM

Nvidia GeForce GTX 460

 

USB loss - Sporadic USB connectivity loss. Sometimes it comes back after a minute or two, sometimes it does not. Affects all USB ports: mouse, keyboard and tried phone charger for Iphone in from ports to no avail as well. Thought it was power loss and just bought a new power supply, that was not it. Mouse and keyboard lights go out during the computer's fit: optic mouse and num/scroll/cap lock lights on keyboard. As my wife and I discuss this, it seems this issue only happens along with Firefox Freezing, while Firefox is open.

 

Firefox Freezing - Sporadic browser freeze. This seems to be related to the USB loss we have been experiencing and it alway seems to happen while using Firefox. Firefox may not actually freeze but we are unable to verify since the mouse and alt+ctrl+del do not work on keyboard. This does not happen everyday, but may occur several times in an hour. There are usually no other user initiated programs running other than Windows Explorer - to organize and post pictures for our business.

 

In-game Ping Spikes/Lag - This is Counter-Strike specific since I play no other bandwidth intensive or FPS online games. I have owned this game since it's release and have had no issues until the beginning of this May. Right around then I began experiencing latency that was well above what I had experienced before. In game I do not see the this connectivity issue, on my end the game is running fine but others say I am jumping around the screen and claim I am hacking, etc. I do notice the issue when my ping spikes as high as 350-400ms for brief periods. At this time, I notice the jumping and loss on my end. When I play Counter-Strike there is nothing else open or running in background that doesn't start on start up.

 

All of these issues seem to be related as far as timeframe goes. There were no USB, browser or gaming issues before May. I have also installed nothing new except for a few games I have purchased off of Steam. No new hardware or software. I have read on other threads that torrent programs were potential routes for infection, I have removed Vuze completely as of today. I want you guys to have the whole picture.

 

I have ran SUPERAntiSpyWare, Malwarebytes, Spybot and they are not turning up anything. I have defragged recently, so my diseased hard drive is tidy but nothing has fixed this.

 

If anyone has any questions please don't hesitate to ask.

 

Thanks,

 

Brian


Edited by booombie, 28 June 2013 - 12:28 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 AM

Posted 02 July 2013 - 08:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 AM

Posted 08 July 2013 - 07:13 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 AM

Posted 09 July 2013 - 08:43 AM

This topic has been re-opened at the request of the person who originally posted.

#5 booombie

booombie
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 09 July 2013 - 11:44 AM

Here are the logs pasted as requested in this order: AdwCleaner, JRT, Combofix.

 

AdwCleaner:

 

# AdwCleaner v2.304 - Logfile created 07/08/2013 at 23:22:16
# Updated 03/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : TKS-04 - TKS-04-PC
# Boot Mode : Normal
# Running from : C:\Users\TKS-04\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\TKS-04\AppData\Roaming\Mozilla\Firefox\Profiles\vj5rc6na.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3826 octets] - [08/07/2013 22:57:48]
AdwCleaner[R2].txt - [3886 octets] - [08/07/2013 23:01:02]
AdwCleaner[R3].txt - [792 octets] - [08/07/2013 23:22:16]
AdwCleaner[S1].txt - [3811 octets] - [08/07/2013 23:01:35]

########## EOF - C:\AdwCleaner[R3].txt - [911 octets] ##########
 

 

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.1 (07.08.2013:5)
OS: Windows 7 Home Premium x64
Ran by TKS-04 on Mon 07/08/2013 at 23:24:00.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/08/2013 at 23:26:22.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

Combofix:

 

ComboFix 13-07-08.04 - TKS-04 07/08/2013  23:27:49.5.6 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12286.10163 [GMT -7:00]
Running from: d:\bk files\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-09 to 2013-07-09  )))))))))))))))))))))))))))))))
.
.
2013-07-09 06:31 . 2013-07-09 06:31    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-07-09 06:31 . 2013-07-09 06:31    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-07-09 06:31 . 2013-07-09 06:31    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2013-07-09 06:31 . 2013-07-09 06:31    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-09 06:31 . 2013-07-09 06:31    --------    d-----w-    c:\users\booombie\AppData\Local\temp
2013-07-09 06:04 . 2013-07-09 06:04    --------    d-----w-    c:\windows\ERUNT
2013-07-06 04:24 . 2013-07-06 04:24    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-07-05 21:00 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{17FBB9AA-AE29-462D-9AE2-787DA6C86081}\mpengine.dll
2013-06-21 12:16 . 2013-06-21 12:16    566048    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2013-06-20 17:28 . 2013-06-21 20:49    --------    d-----w-    c:\users\TKS-04\AppData\Roaming\PlayFirst
2013-06-20 17:28 . 2013-06-21 20:49    --------    d-----w-    c:\programdata\PlayFirst
2013-06-12 04:50 . 2013-05-17 01:25    61440    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-06-12 03:08 . 2013-05-08 06:39    1910632    ----a-w-    c:\windows\system32\drivers\tcpip.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-07 05:05 . 2009-08-18 19:49    564632    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2013-07-07 05:05 . 2009-08-18 18:24    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-21 12:06 . 2013-05-31 12:26    2597856    ----a-w-    c:\windows\SysWow64\nvapi.dll
2013-06-21 12:06 . 2013-05-31 12:26    13411896    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2013-06-21 12:06 . 2013-02-26 07:32    12427240    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2013-06-21 12:06 . 2013-02-26 07:32    2936208    ----a-w-    c:\windows\system32\nvapi64.dll
2013-06-21 12:06 . 2013-02-26 07:32    1059560    ----a-w-    c:\windows\system32\nvumdshimx.dll
2013-06-21 12:06 . 2013-02-26 07:32    15920536    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2013-06-21 10:23 . 2011-04-08 06:19    6496544    ----a-w-    c:\windows\system32\nvcpl.dll
2013-06-21 10:23 . 2011-04-08 06:19    3514656    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-06-21 10:23 . 2011-04-08 06:19    884512    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-06-21 10:23 . 2011-04-08 06:19    237856    ----a-w-    c:\windows\system32\nvmctray.dll
2013-06-21 10:23 . 2010-07-09 23:27    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-06-20 04:17 . 2012-11-18 06:35    3253909    ----a-w-    c:\windows\system32\nvcoproc.bin
2013-06-12 19:16 . 2012-05-11 21:32    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 19:16 . 2011-09-06 20:14    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 04:50 . 2010-12-30 17:48    75825640    ----a-w-    c:\windows\system32\MRT.exe
2013-05-31 12:16 . 2013-05-31 12:16    95648    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-31 12:16 . 2011-06-09 14:34    788896    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-05-12 21:42 . 2013-05-31 12:26    1832224    ----a-w-    c:\windows\system32\nvdispco6432018.dll
2013-05-12 21:42 . 2013-05-31 12:26    1511712    ----a-w-    c:\windows\system32\nvdispgenco6432018.dll
2013-05-02 09:06 . 2010-12-03 20:30    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-14 21:44    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-14 21:44    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-14 21:44    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-14 21:44    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-14 21:44    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-14 21:44    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 20:14    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"LELA"="c:\program files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LinksysUpdater;Linksys Updater;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe;c:\program files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SetupARService;SetupARService;c:\program files (x86)\Realtek\Audio\SetupAfterRebootService.exe;c:\program files (x86)\Realtek\Audio\SetupAfterRebootService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO;c:\users\TKS-04\AppData\Local\Temp\ALSysIO64.sys;c:\users\TKS-04\AppData\Local\Temp\ALSysIO64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys;c:\windows\SYSNATIVE\DRIVERS\FlyUsb.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 LGELTEBus;LGE Composite Device;c:\windows\system32\DRIVERS\LGELTEBus.sys;c:\windows\SYSNATIVE\DRIVERS\LGELTEBus.sys [x]
R3 LGELTEmdm;LGE LTE USB Device for Modem Communication;c:\windows\system32\DRIVERS\LGELTEmdm.sys;c:\windows\SYSNATIVE\DRIVERS\LGELTEmdm.sys [x]
R3 LGELTEMux;LGE LTE Mux Enumerator ;c:\windows\system32\DRIVERS\LGELTEMux.sys;c:\windows\SYSNATIVE\DRIVERS\LGELTEMux.sys [x]
R3 LGELTENdis;LGE USB NDIS Miniport Ethernet Adapter Service;c:\windows\system32\DRIVERS\LGELTENdis.sys;c:\windows\SYSNATIVE\DRIVERS\LGELTENdis.sys [x]
R3 LGELTEprt;LGE USB Device for Serial Communication;c:\windows\system32\DRIVERS\LGELTEprt.sys;c:\windows\SYSNATIVE\DRIVERS\LGELTEprt.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 LGE NDIS Connection Service;LGE NDIS Connection Service;c:\program files (x86)\LG Electronics\LGE LTE Driver\vmsvc.exe;c:\program files (x86)\LG Electronics\LGE LTE Driver\vmsvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 19:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = localhost:8080
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 24.116.0.53 24.116.2.50 192.168.1.1 24.116.0.53 24.116.2.50
FF - ProfilePath - c:\users\TKS-04\AppData\Roaming\Mozilla\Firefox\Profiles\vj5rc6na.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - ExtSQL: !HIDDEN! 2010-01-01 12:01; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\06\04\09\0e#\1d\1e"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-08  23:32:37
ComboFix-quarantined-files.txt  2013-07-09 06:32
ComboFix2.txt  2013-06-27 04:56
ComboFix3.txt  2012-04-05 03:06
ComboFix4.txt  2012-04-05 03:06
.
Pre-Run: 28,600,393,728 bytes free
Post-Run: 28,532,039,680 bytes free
.
- - End Of File - - 09DE4F1F67D20E5F4B717283CF43F749
A36C5E4F47E84449FF07ED3517B43A31
 

 

 

The problem does persist after running these tools and I hope the logs will help. If there is anything else I need to do please let me know. As stated I will be sure to check back more frequently than before.

 

Thank you for your time,

 

Booombie



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 AM

Posted 09 July 2013 - 12:28 PM

How to enable or disable the CTRL+ALT+DELETE sequence for logging on to Windows XP, to Windows Vista, and to Windows 7
http://support.microsoft.com/kb/308226

Try the Fix me button on this page.
===

If Firefox is still giving your problems I suggest your remove it using the Add/Remove Programs appet.
Restart the Computer and reinstall the application.
===

Check also the integrity of your System files. Run the SFC.EXe. Post the log if available.

How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833

Keep me posted as to what problem persists.

#7 booombie

booombie
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 09 July 2013 - 05:11 PM

I have ran the fix it to require a log in for windows.

 

I have ran the integrity check and it came back negative. No breeches found and no log generated.

 

I will be taking note of my bookmarks and re-installing Firefox shortly.

 

I will be sure to keep you appraised of any issues that persist.

 

Will this thread remain open for a set period before closing? I was just wondering in the event something comes up in a week or two.

 

Thank you for your assistance; I hope all runs well with those security holes plugged up.

 

- Booombie



#8 booombie

booombie
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 10 July 2013 - 12:29 AM

The latency on Counter Strike: GO is still running much higher than it used to and accompanied with intermittent lag spikes.

 

Since reinstalling Firefox the browser has yet to freeze with USB loss, hope that holds.

 

Just an update.

 

Thanks.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 AM

Posted 10 July 2013 - 08:40 AM

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


#10 booombie

booombie
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 11 July 2013 - 05:31 PM

Ran ESET and it came back with this:

C:\Windows\Installer\98bb77.msi    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined

 

Just the one file, but it is one less to worry about.

 

Hope this helps the lag situation. The cable guy checked out connection from the street to PC and found no issues, it all checked out on their end.

 

Is there a recommended utility to check connection speed online? Maybe that would narrow it down to a brower/PC issue to a strictly in-game issue.

 

I will be sure to keep you posted.

 

Thank you,

 

-Booombie


Edited by booombie, 11 July 2013 - 05:34 PM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 AM

Posted 12 July 2013 - 07:44 AM

I suggest you start a new topic in on of the Gaming Forums.
http://www.bleepingcomputer.com/forums/f/203/gaming/

You may be able to get help there better than I can provide on this problem.

I will keep this topic open and if you still feel that the problem is caused by some malware you can return.

#12 booombie

booombie
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 13 July 2013 - 10:30 PM

Thank you for the suggestion with the latency issue.

Regarding the malware, my wife was online today, Firefox, the browser froze and the mouse/keyboard went dead. This is the first I've heard of this since we ran the scans and re-initiated security on our OS.

 

Did the logs come back clean?

 

Thank you for everything,

 

- Booombie



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 AM

Posted 14 July 2013 - 07:35 AM

Check the integrity of the Operating system files.

How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833

Keep me posted.

#14 booombie

booombie
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 14 July 2013 - 10:28 PM

Ran SFC as admin. When you said integrity check I thought I'd check steam. All games purchased through steam have an integrity check as well. Counter Strike came back with 1 missing file.

 

Not sure if that will help my ping/spikes but it can't hurt right?

 

Thank you for everything,

 

-Booombie



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 AM

Posted 15 July 2013 - 07:44 AM

SFC will only check the Windows Operating files.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users