Jump to content

Sluggish and ads coming out of the attic!


Recommended Posts

Hi!, My laptop started running very sluggish last week after someone else had used it and have been seeing all kind of odd ads showing up in FF and in IE.   I did an uninstall and then reinstall of clean FF program after running malwarebytes and Spybot.   I still have some of the issues now so reran Malwarebytes and it comes up clean. Ran the DDS and below are it's results. Please help me clean this up..I have kept a clean computer since I got this and just Hate the popups I  am getting and how slow eveything is running. Many thanks! jojo

-------------------------------------------------------------------------------------------------------------------------

DS LOG:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.25.2
Run by Jolene at 21:58:15 on 2013-06-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3002.1472 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\ASTSRV.EXE
C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\MysticCoder\MysticThumbs\MysticThumbsTray.exe
C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\wkcalrem.exe
C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\WksCal.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\nlsInterface.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\SysWOW64\PSIService.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\igfxext.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\WksCal.exe
C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\WksCal.exe
C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\WksCal.exe
C:\Program Files (x86)\Common Files\microsoft shared\Works Shared\WksCal.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.






uProxyOverride = <local>


BHO: AutorunsDisabled - <orphaned>
BHO: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Jolene\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [MysticThumbs] C:\Program Files\MysticCoder\MysticThumbs\MysticThumbsTray.exe
uRun: [AdobeBridge] <no file>
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRun: [MysticThumbs] C:\Program Files\MysticCoder\MysticThumbs\MysticThumbsTray.exe
StartupFolder: C:\Users\Jolene\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\Jolene\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\JUSTCL~1.LNK - C:\Program Files (x86)\JustCloud\JustCloud.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Windows\Installer\{0CD3BB5C-BBCA-11D2-8C20-00C04FBBCFF9}\A94AAB13.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download All By FlashGet3 - C:\Users\Jolene\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - C:\Users\Jolene\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Save with Download Manager... - C:\Program Files (x86)\TOTALmusic\DMDownload.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: 4shared.com





TCP: NameServer = 207.255.0.43 207.255.0.45
TCP: Interfaces\{B47D013B-CB0A-40B6-B94B-25EF2F501AA8} : DHCPNameServer = 207.255.0.43 207.255.0.45
TCP: Interfaces\{B47D013B-CB0A-40B6-B94B-25EF2F501AA8}\2456C6B696E6F5534656535336 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{B47D013B-CB0A-40B6-B94B-25EF2F501AA8}\742716E646563586F627563755E69647 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{B47D013B-CB0A-40B6-B94B-25EF2F501AA8}\742716E646563586F6275637F4365616E6255637F6274705842323 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B47D013B-CB0A-40B6-B94B-25EF2F501AA8}\742716E646563586F6275637F4365616E6255637F6274705842333 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B47D013B-CB0A-40B6-B94B-25EF2F501AA8}\A6F6A6F626F6E6D27657563747 : DHCPNameServer = 207.255.0.43 207.255.0.45
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=  
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jolene\AppData\Roaming\Mozilla\Firefox\Profiles\pwlv0oxb.default\

FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - www.google.com

FF - component: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\components\TmFFExt.dll
FF - component: C:\Users\Jolene\AppData\Roaming\Mozilla\Firefox\Profiles\pwlv0oxb.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-13 11:04; facepaste.firefox.addon@azabani.com; C:\Users\Jolene\AppData\Roaming\Mozilla\Firefox\Profiles\pwlv0oxb.default\extensions\facepaste.firefox.addon@azabani.com.xpi
FF - ExtSQL: 2013-05-28 12:09; ftdownloader4@ftdownloader.com; C:\Users\Jolene\AppData\Roaming\Mozilla\Firefox\Profiles\pwlv0oxb.default\extensions\ftdownloader4@ftdownloader.com.xpi
FF - ExtSQL: 2013-06-11 06:50; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; C:\Users\Jolene\AppData\Roaming\Mozilla\Firefox\Profiles\pwlv0oxb.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF - ExtSQL: 2013-06-17 14:29; uefwa-7pcu@wyiauydcorfx.co.uk; C:\Users\Jolene\AppData\Roaming\Mozilla\Firefox\Profiles\pwlv0oxb.default\extensions\uefwa-7pcu@wyiauydcorfx.co.uk
FF - ExtSQL: 2013-06-17 14:29; mtdukrch@euoarvco.com; C:\Users\Jolene\AppData\Roaming\Mozilla\Firefox\Profiles\pwlv0oxb.default\extensions\mtdukrch@euoarvco.com
FF - ExtSQL: 2013-06-18 00:40; uriloader@pdf.js; C:\Users\Jolene\AppData\Roaming\Mozilla\Firefox\Profiles\pwlv0oxb.default\extensions\uriloader@pdf.js.xpi
FF - ExtSQL: 2013-06-25 20:47; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Jolene\AppData\Roaming\Mozilla\Firefox\Profiles\pwlv0oxb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-06-25 20:51; feca4b87-3be4-43da-a1b1-137c24220968@jetpack; C:\Users\Jolene\AppData\Roaming\Mozilla\Firefox\Profiles\pwlv0oxb.default\extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
FF - ExtSQL: 2013-06-25 20:57; {1280606b-2510-4fe0-97ef-9b5a22eafe30}; C:\Users\Jolene\AppData\Roaming\Mozilla\Firefox\Profiles\pwlv0oxb.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
FF - ExtSQL: 2013-06-26 08:37; {aff87fa2-a58e-4edd-b852-0a20203c1e17}; C:\Users\Jolene\AppData\Roaming\Mozilla\Firefox\Profiles\pwlv0oxb.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - c8c5b96c000000000000904ce5965eb3
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15873
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.519:58:19
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=120007
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-6-24 14456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 ASTSRV;Nalpeiron Licensing Service;C:\Windows\System32\ASTSRV.EXE --> C:\Windows\System32\ASTSRV.EXE [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-11-5 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-20 13336]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 130008]
R2 nlsInterface;Nalpeiron Licensing Service 64-bit;C:\Windows\System32\nlsInterface.exe [2010-9-24 72192]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-11-5 58880]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2010-5-14 271712]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-5-14 329952]
S3 LVUVC64;Logitech Webcam C210(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-5-14 6465760]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-28 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-5 225280]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-28 57856]
S4 BackupStack;Computer Backup (JustCloud);C:\Program Files (x86)\JustCloud\BackupStack.exe [2013-3-7 32808]
S4 CFUACProxy_c2smb;CFUACProxy_c2smb;C:\ProgramData\Clickfree\C2SMB\UACProxy.exe [2011-1-15 83792]
S4 CFUACProxy_c2smb_m;CFUACProxy_c2smb_m;C:\ProgramData\Clickfree\C2SMB_M\UACProxy.exe [2012-3-18 83792]
S4 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-6-28 17152]
S4 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
S4 lxee_device;lxee_device;C:\Windows\System32\lxeecoms.exe -service --> C:\Windows\System32\lxeecoms.exe -service [?]
S4 lxeeCATSCustConnectService;lxeeCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxeeserv.exe [2011-7-9 45736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2013-07-01 01:28:50    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-07-01 01:28:50    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-01 01:18:40    --------    d-----w-    C:\Users\Jolene\AppData\Local\{3DA1681E-2638-4F3A-A12F-774C60A1ADF8}
2013-06-30 17:22:50    9552976    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C0474C5E-5EE1-4030-B333-398138E6C188}\mpengine.dll
2013-06-28 04:02:34    9552976    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-28 02:06:04    --------    d-----w-    C:\Users\Jolene\AppData\Local\{B4C3E628-D932-4432-B379-A582C223E27A}
2013-06-26 02:21:47    --------    d-----w-    C:\Users\Jolene\AppData\Local\{9E3BDBC3-30BA-4CBE-AAF0-E3698D3ABF2E}
2013-06-26 01:25:00    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-26 01:25:00    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-26 01:25:00    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-26 01:25:00    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-26 01:25:00    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-26 01:25:00    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-06-26 01:25:00    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-06-26 01:25:00    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-06-26 01:25:00    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-06-26 01:25:00    159744    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2013-06-26 01:14:20    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-06-26 01:14:04    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-26 00:06:11    --------    d-----w-    C:\Program Files (x86)\Enigma Software Group
2013-06-26 00:01:56    --------    d-----w-    C:\Windows\4941BFEB62C047A2801E998FC469CC2C.TMP
2013-06-25 19:43:55    --------    d-----w-    C:\Windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-25 19:43:46    --------    d-----w-    C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-06-25 18:29:54    --------    d-----w-    C:\Users\Jolene\AppData\Local\Programs
2013-06-24 08:06:21    --------    d-----w-    C:\Users\Jolene\AppData\Roaming\LavasoftStatistics
2013-06-24 08:04:55    47496    ----a-w-    C:\Windows\System32\sbbd.exe
2013-06-24 08:04:55    14456    ----a-w-    C:\Windows\System32\drivers\gfibto.sys
2013-06-24 08:04:53    --------    d-----w-    C:\Users\Jolene\AppData\Roaming\Ad-Aware Antivirus
2013-06-24 07:04:06    964552    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{726E99A8-526C-4FDF-B0D6-F26EA1DD067D}\gapaengine.dll
2013-06-24 02:35:23    --------    d-----w-    C:\Users\Jolene\AppData\Local\{F3BE8C44-82B0-4241-B36D-9D2157AD83E8}
2013-06-22 20:50:35    --------    d-----w-    C:\Users\Jolene\AppData\Local\{6B595218-497D-4FD2-A82B-62C4A145060C}
2013-06-22 07:50:01    --------    d-----w-    C:\Users\Jolene\AppData\Local\{E2B08789-8A88-430D-8CB6-535779F6FEA6}
2013-06-20 02:48:26    --------    d-----w-    C:\Users\Jolene\AppData\Local\{58F30B44-EAC8-427C-8B86-78645EBEA12F}
2013-06-19 14:48:00    --------    d-----w-    C:\Users\Jolene\AppData\Local\{A044EBA9-342C-4148-847A-C57E9672BBAB}
2013-06-19 02:47:47    --------    d-----w-    C:\Users\Jolene\AppData\Local\{752CE787-BE61-44DF-85FC-10D6E210EF6C}
2013-06-18 18:19:16    --------    d-----w-    C:\Windows\BBSTORE
2013-06-18 14:47:20    --------    d-----w-    C:\Users\Jolene\AppData\Local\{521D68CF-1E8C-4F85-91D2-0E0F899572D1}
2013-06-18 12:59:27    --------    d-----w-    C:\Program Files\Microsoft Mouse and Keyboard Center
2013-06-18 01:16:58    22016    ----a-r-    C:\Users\Jolene\AppData\Roaming\Microsoft\Installer\{8BEB3810-2B1A-11D3-ABD9-00C04FB943A9}\1F965547.exe
2013-06-17 23:53:11    --------    d-----w-    C:\Users\Jolene\AppData\Roaming\YourFileDownloader
2013-06-17 18:43:41    --------    d-----w-    C:\Users\Jolene\AppData\Local\{766834E7-B786-4F6F-B402-3EF49E7F6EF1}
2013-06-17 18:20:34    --------    d-----w-    C:\Users\Jolene\AppData\Local\UnitLayers
2013-06-17 17:44:22    --------    d-----w-    C:\ProgramData\StarApp
2013-06-17 17:41:14    --------    d-----w-    C:\ProgramData\SearchNewTab
2013-06-17 17:40:52    --------    d-----w-    C:\ProgramData\sayfe ssauve
2013-06-17 17:33:08    33792    ----a-w-    C:\Windows\System32\ImHttpComm.dll
2013-06-17 17:33:08    1447728    ----a-w-    C:\Windows\System32\dmwu.exe
2013-06-17 17:30:46    --------    d-----w-    C:\ProgramData\Tarma Installer
2013-06-17 17:30:40    --------    d-----w-    C:\Users\Jolene\AppData\Local\PutLockerDownloader
2013-06-17 06:43:30    --------    d-----w-    C:\Users\Jolene\AppData\Local\{DCEE4C9F-0D2A-499E-9C4E-CBA133FB436E}
2013-06-15 00:48:13    --------    d-----w-    C:\Users\Jolene\AppData\Local\{E8289CB0-170E-40D6-B048-2C2E588E40B9}
2013-06-11 18:27:12    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-06-11 18:27:12    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-06-11 18:27:11    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-11 18:27:05    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-06-11 18:27:05    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-06-11 18:27:00    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-06-11 18:27:00    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-06-11 18:26:53    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-06-11 18:26:53    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-06-11 18:26:52    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-06-11 18:26:51    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-06-11 18:26:51    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-06-11 18:26:51    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-06-11 18:26:46    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-06-11 18:26:46    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-06-11 18:26:45    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-06-11 18:26:45    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-06-11 18:26:35    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-06-11 18:26:35    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-06-07 20:01:47    --------    d-----w-    C:\Users\Jolene\AppData\Roaming\DirectoryListPrintPro
2013-06-07 19:34:23    --------    d-----w-    C:\Users\Jolene\AppData\Local\SimpleFileLister
2013-06-07 19:21:12    --------    d-----w-    C:\Program Files (x86)\File & Folder List Maker
2013-06-07 06:30:43    --------    d-----w-    C:\Users\Jolene\AppData\Local\{0119AD60-1D61-4F0F-8C39-32371BC4E111}
2013-06-04 20:56:46    --------    d-----w-    C:\Users\Jolene\AppData\Local\{AB21A4EE-DEBF-4241-B0F8-E4BEE0D88C1B}
2013-06-03 21:18:36    --------    d-----w-    C:\Users\Jolene\AppData\Local\{0161BFDD-0C77-4720-AF9B-5D711F97019E}
2013-06-03 20:19:23    --------    d-----w-    C:\Users\Jolene\AppData\Roaming\PresetViewerBreeze.TumaSoft
2013-06-03 20:19:09    --------    d-----w-    C:\Program Files (x86)\TumaSoft LLC
2013-06-03 03:20:03    --------    d-----w-    C:\Users\Jolene\AppData\Local\{E3FBCD2D-A521-4AC8-8823-8A73E8FA890A}
2013-06-03 03:18:19    --------    d-----w-    C:\Users\Jolene\AppData\Local\{77F28DE5-4C3D-4619-8921-42903F14DBF8}
.
==================== Find3M  ====================
.
2013-06-26 01:20:01    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-26 01:20:01    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-26 01:13:29    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-06-08 12:28:46    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-17 01:25:57    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-05-17 00:58:10    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 19:36:12    828872    ----a-w-    C:\Windows\System32\msvcr110.dll
2013-05-13 19:36:12    661448    ----a-w-    C:\Windows\System32\msvcp110.dll
2013-05-13 19:36:12    354264    ----a-w-    C:\Windows\System32\vccorlib110.dll
2013-05-13 19:36:12    251864    ----a-w-    C:\Windows\SysWow64\vccorlib110.dll
2013-05-13 19:36:10    862664    ----a-w-    C:\Windows\SysWow64\msvcr110.dll
2013-05-13 19:36:10    534480    ----a-w-    C:\Windows\SysWow64\msvcp110.dll
2013-05-13 19:36:06    50864    ----a-w-    C:\Windows\System32\drivers\point64.sys
2013-05-13 19:36:06    2274480    ----a-w-    C:\Windows\System32\coin94.dll
2013-05-10 07:57:38    27208    ----a-w-    C:\Windows\System32\AdobePDFUI.dll
2013-05-10 07:57:34    55872    ----a-w-    C:\Windows\System32\AdobePDF.dll
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-05-01 07:59:12    94208    ----a-w-    C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59:12    69632    ----a-w-    C:\Windows\SysWow64\QuickTime.qts
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows\System32\win32k.sys
.
============= FINISH: 22:00:23.85 ===============
hAVE THE ATTACH LOG SAVED IF IT IS NEEDED.

 

 

Link to post
Share on other sites

Hello jojobon and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.

    Vista/Windows 7 users right-click and select Run As Administrator.

  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.

  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
----------Step 5----------------

In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

 

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

Link to post
Share on other sites

Thank u Fred..there was a major problem when I got to the combo fix portion..it totally killed my IE and my FF! I had to do a system restore to before I ran it and things appear to be aok now. I don't understand combofix unfortunately so have not a clue what it did or how it did it. I did run the other proggies and have the txt's that were done with them but for now all systems seem to be back in working order and running smoothly. I had no virus's according to malwarebytes and ran Spybot and nothing there and nothing on the anti root scan either. I appreciate your fast help and will see how things go for now.

Many Blessings

Jojo

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.