Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP!! - Computer is slow, hd not working, connection error!!


  • This topic is locked This topic is locked
6 replies to this topic

#1 crise

crise

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 03 January 2014 - 06:37 PM

Greetings!

Just ran malwarebytes and removed all bugs/malware.

 

Here is the DDS Log.. Computer is very slow. I try to open multiple tabs, and it runs slow. It also won't allow me to type in the url at times. Slow connection, and laggy.

 

 

Thank you so much in advance! Have a wonderful New Year!

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by CJ at 18:35:23 on 2014-01-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3071.1260 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\Rundll32.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRServer.exe
C:\Users\CJ\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\RunDll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRFeature.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\CJ\AppData\Local\NativeMessaging\CT3306061\1_0_0_7\TBMessagingHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uURLSearchHooks: entrusted11 Toolbar: {77beece6-3997-403a-92fa-0055bfcf88e5} - C:\Program Files (x86)\entrusted11\prxtbentr.dll
mURLSearchHooks: entrusted11 Toolbar: {77beece6-3997-403a-92fa-0055bfcf88e5} - C:\Program Files (x86)\entrusted11\prxtbentr.dll
mWinlogon: Userinit = userinit.exe,
BHO: SySaver: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - 
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: entrusted11 Toolbar: {77beece6-3997-403a-92fa-0055bfcf88e5} - C:\Program Files (x86)\entrusted11\prxtbentr.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: entrusted11 Toolbar: {77BEECE6-3997-403A-92FA-0055BFCF88E5} - C:\Program Files (x86)\entrusted11\prxtbentr.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: entrusted11 Toolbar: {77beece6-3997-403a-92fa-0055bfcf88e5} - C:\Program Files (x86)\entrusted11\prxtbentr.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
uRun: [F.lux] "C:\Users\CJ\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [HP Officejet Pro 8500 A910 (NET)] "C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe" -deviceID "CN115BK407:NW" -scfn "HP Officejet Pro 8500 A910 (NET)" -AutoStart 1
uRun: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
uRun: [ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\CJ\AppData\Local\Temp\CT3306061\plugins\TBVerifier.dll",RunConduitFloatingPlugin lipgolpfajiadodbcbljdpmbmbdmfcil
uRun: [BackgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\CJ\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
uRunOnce: [Application Restart #0] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=AppsPanel_BL --appletVersion=1.0 --mode=LBS --helperBridgeName={9D59E90D-058D-4225-86D9-8CBA92468ED6} --helperPath=C:\Users\CJ\AppData\Local\Temp\\Creative Cloud Helper.exe --inputXmlPath="C:\Users\CJ\AppData\Local\Temp\{90039169-AE73-4DF0-9ABB-DDA60E0BFBC6}"  /RestartByRestartManager:B7F7EF11-25FE-4854-AC68-40515095A6F5
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: C:\Users\CJ\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\Users\CJ\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{01D3B57E-41B2-4FE2-90F7-B4303E5B27AF} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C6FBFA9F-6C1C-46B4-9D6A-58B558CE00A7} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - 
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-14 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-5-14 189936]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-5-14 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-5-14 378944]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-12-29 46368]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-5-14 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-5-14 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-14 46808]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-14 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-14 701512]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-7-16 789856]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-8-7 609056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [2013-12-29 1771544]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-14 25928]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-15 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-31 19456]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-7-23 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-31 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-5-31 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-14 1255736]
.
=============== Created Last 30 ================
.
2014-01-03 21:57:18 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5A1E81E4-2B90-44D0-8E79-1A873FEAE004}\offreg.dll
2014-01-03 21:56:19 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5A1E81E4-2B90-44D0-8E79-1A873FEAE004}\mpengine.dll
2013-12-31 02:43:09 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar
2013-12-31 01:44:19 -------- d-----w- C:\Users\CJ\AppData\Local\AVG Secure Search
2013-12-30 04:31:15 -------- d-----w- C:\Users\CJ\AppData\Roaming\SearchProtect
2013-12-30 04:29:28 -------- d-----w- C:\Users\CJ\AppData\Local\AVG SafeGuard toolbar
2013-12-30 04:28:02 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-12-30 04:27:56 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2013-12-30 04:27:46 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar
2013-12-30 00:25:47 -------- d-----w- C:\Users\CJ\.android
2013-12-30 00:25:45 -------- d-----w- C:\Users\CJ\AppData\Local\cache
2013-12-30 00:25:43 -------- d-----w- C:\Users\CJ\AppData\Local\genienext
2013-12-30 00:25:42 -------- d-----w- C:\Users\CJ\AppData\Local\Mobogenie
2013-12-30 00:15:40 -------- d-----w- C:\Windows\SysWow64\SearchProtect
2013-12-30 00:14:51 -------- d-----w- C:\ProgramData\Conduit
2013-12-30 00:14:19 -------- d-----w- C:\Users\CJ\AppData\Local\NativeMessaging
2013-12-18 20:07:38 -------- d-----w- C:\Program Files\iPod
2013-12-18 20:07:36 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-18 20:07:36 -------- d-----w- C:\Program Files\iTunes
2013-12-18 20:07:36 -------- d-----w- C:\Program Files (x86)\iTunes
2013-12-15 05:35:01 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-15 05:35:01 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-15 05:34:59 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-15 05:34:58 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-13 00:42:19 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-13 00:42:18 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-13 00:42:13 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-13 00:42:12 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-12-13 00:42:08 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-12-13 00:42:05 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-13 00:42:05 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-13 00:42:00 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-12-13 00:41:59 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-12-13 00:41:53 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-12-13 00:41:53 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-12-13 00:41:41 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-12-13 00:41:41 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-12-13 00:41:41 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-12-13 00:41:40 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-12-13 00:41:40 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-12-13 00:41:40 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-12-13 00:41:39 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-13 00:41:39 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-12-12 02:24:58 -------- d-----w- C:\Users\CJ\AppData\Roaming\NVIDIA
2013-12-12 02:24:46 -------- d-----w- C:\Users\CJ\AppData\Roaming\PDAppFlex
2013-12-12 02:24:29 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2013-12-09 05:05:55 -------- d-----w- C:\Users\CJ\AppData\Roaming\cef-cache
2013-12-09 05:05:36 -------- d-----w- C:\Users\CJ\AppData\Roaming\theBorgata
2013-12-09 05:04:36 -------- d-----w- C:\Programs
.
==================== Find3M  ====================
.
2013-12-11 10:06:35 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 10:06:35 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-24 04:18:18 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-19 08:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
.
============= FINISH: 18:36:37.76 ===============

Edited by crise, 03 January 2014 - 06:53 PM.


BC AdBot (Login to Remove)

 


#2 crise

crise
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 03 January 2014 - 08:31 PM

Btw, is a dds log ok? Or do I need to use hijackthislog as well?



#3 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:10:05 AM

Posted 04 January 2014 - 09:01 AM

Hello crise  :).

I will be helping with your computer problems.

Before starting please note the following:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know
  • Do not make any changes on your own to the computer (installing/uninstall programs, deleting files, modifying the registry, running scanners or other tools, etc.) without instructions to do it
  • Please read every post completely and perform all steps in the specified order. If you can't understand something or you encounter problems please stop and let me know
  • Do not attach logs, use code or quote boxes. Just copy and paste the text unless directed otherwise
  • Even if things appear to be better, it does not mean we have finished. Follow my instructions and reply back until I tell you that your computer is clean.
  • Please reply using the Add Reply button in the lower right hand corner of your screen
  • Please track this topic by clicking on the Follow this Topic button on the top right on this tread => select Receive Notification => Instantly => click on the black Follow this Topic button

About the logs, there is no need to use HijackThis, but you also have to attach the Attach.txt file from DDS as explained here.


Regards


Edited by Clairvoyant, 04 January 2014 - 09:04 AM.


#4 crise

crise
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:05 PM

Posted 05 January 2014 - 10:32 PM

Greetings!

Unfortunately nothing has changed. Here is the attach log

 

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 5/14/2013 1:50:56 AM
System Uptime: 1/5/2014 12:34:59 PM (10 hours ago)
.
Motherboard: alienware |  | Area-51 m9750
Processor: Intel® Core™2 CPU         T7200  @ 2.00GHz | CPU 1 | 1992/668mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 103 GiB total, 58.99 GiB free.
D: is Removable
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Device (Personal Area Network)
Device ID: BTH\MS_BTHPAN\6&1EDF6AE3&0&2
Manufacturer: Microsoft
Name: Bluetooth Device (Personal Area Network)
PNP Device ID: BTH\MS_BTHPAN\6&1EDF6AE3&0&2
Service: BthPan
.
Class GUID: 
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_2052161F&REV_12\4&12016CA2&0&3BF0
Manufacturer: 
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_2052161F&REV_12\4&12016CA2&0&3BF0
Service: 
.
Class GUID: 
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_2052161F&REV_12\4&12016CA2&0&3AF0
Manufacturer: 
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_2052161F&REV_12\4&12016CA2&0&3AF0
Service: 
.
Class GUID: 
Description: USB2.0 Camera
Device ID: USB\VID_0402&PID_5602\5&1C80B6&0&8
Manufacturer: 
Name: USB2.0 Camera
PNP Device ID: USB\VID_0402&PID_5602\5&1C80B6&0&8
Service: 
.
==== System Restore Points ===================
.
RP113: 12/31/2013 9:37:12 PM - Windows Update
RP114: 1/3/2014 11:25:53 PM - Removed Google Drive
.
==== Installed Programs ======================
.
7-Zip 9.22beta
Adobe Creative Cloud
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Adobe Touch App Plugins
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bing Bar
Bonjour
f.lux
Free AVI Video Converter version 5.0.26.628
Free YouTube Download version 3.2.12.827
Free YouTube to MP3 Converter version 3.12.19.1219
GOM Player
Google Chrome
Google Update Helper
HP Officejet Pro 8500 A910 Basic Device Software
HP Officejet Pro 8500 A910 Help
HP Officejet Pro 8500 A910 Product Improvement Study
HP Update
I.R.I.S. OCR
iTunes
Java 7 Update 45
Java Auto Updater
League of Legends
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
NVIDIA 3D Vision Driver 314.22
NVIDIA Control Panel 314.22
NVIDIA Graphics Driver 314.22
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.12.12
NVIDIA Update Components
OpenOffice.org 3.4.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Skype Click to Call
Skype™ 6.11
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
VLC media player 2.1.1
.
==== Event Viewer Messages From Past Week ========
.
12/29/2013 11:25:39 PM, Error: Service Control Manager [7030]  - The OutfoxTvService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
1/5/2014 7:16:46 PM, Error: ACPI [10]  - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x5), Please contact your system vendor for technical assistance.
1/5/2014 7:16:46 PM, Error: ACPI [10]  - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
1/3/2014 9:22:28 PM, Error: Service Control Manager [7000]  - The vToolbarUpdater17.2.0 service failed to start due to the following error:  The system cannot find the file specified.
.
==== End Of File ===========================
 

 

 

 

 

 



#5 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:10:05 AM

Posted 07 January 2014 - 03:27 PM

Hello crise  :)
 
Before to start please remember to track this topic.
You can do it by clicking on the Follow this Topic button on the top right on this tread => select Receive Notification => Instantly => click on the black Follow this Topic button.
 
Next please download ComboFix and AdwCleaner to your desktop then:
 
1- Run ComboFix

  • Close/disable all anti-virus and anti-malware programs. Refer to this page if you are not sure how
  • Close any open windows
  • Double click on ComboFix.exe and follow the prompts
  • During the scan leave your sick computer alone and do not mouseclick combofix's window, it may cause it to stall
  • If ComboFix asks to restart your computer, allow it to do so
  • When finished, it will produce and display a report; close it

 

2- Run AdwCleaner

  • Close all open programs and internet browsers
  • Right click on the AdwCleaner icon and select Run As Administrator to run the tool
  • Click on the Scan button
  • Once the scan has finished, click on the Report button: AdwCleaner will show the log
  • Close AdwCleaner

 

In your next reply please post the contents of these files:

  • C:\ComboFix.txt
  • C:\AdwCleaner[R0].txt

 

Regards



#6 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:10:05 AM

Posted 09 January 2014 - 07:47 PM

Hello crise,

 

are you still with us?

If you will not reply in the next two days, the topic will be closed.

 

 

Regards



#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:05 AM

Posted 13 January 2014 - 02:34 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users