1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

IE Locking Up At Times

Discussion in 'Virus & Other Malware Removal' started by HaroRider, May 18, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. HaroRider

    HaroRider Thread Starter

    Joined:
    Aug 9, 2006
    Messages:
    387
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM)2 CPU 6420 @ 2.13GHz, Intel64 Family 6 Model 15 Stepping 6
    Processor Count: 2
    RAM: 7167 Mb
    Graphics Card: NVIDIA GeForce GT 630, -2048 Mb
    Hard Drives: C: Total - 238372 MB, Free - 174231 MB;
    Motherboard: ASUSTeK Computer INC., P5B-Deluxe
    Antivirus: Microsoft Security Essentials, Updated and Enabled
    _________________________________________________________________________________________________

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:49:28 PM, on 5/18/2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17801)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Windows\SysWOW64\CtHelper.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Users\Thomas\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 7477 bytes
     
  2. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hi HaroRider,

    It appears that you are still having difficulties.

    Run the scan tool and post each log in a separate post, please.

    DDS Scan
    1. Please download DDS ... by sUBs. Save it to your desktop. Alternate download link here.
      Disable any script blocking software you have running before running DDS.
    2. Please right mouse click and select "Run As Administrator" on dds.com to run the tool. (File name will be different if alternate download used).
      If you are using DDS.com, a black window will open with some additional instructions and comments... There is no need to change the default settings.
    3. When done, DDS will open two (2) logs:
      • DDS.txt
      • Attach.txt
    4. Please post both the DDS.txt and Attach.txt files in your next reply.
     
  3. HaroRider

    HaroRider Thread Starter

    Joined:
    Aug 9, 2006
    Messages:
    387
    This may sound silly, but when I right click the icon I don't get run as administrator option. On other icons I do.
     
  4. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Run it anyway
     
  5. HaroRider

    HaroRider Thread Starter

    Joined:
    Aug 9, 2006
    Messages:
    387
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17801
    Run by Thomas at 14:48:54 on 2015-05-20
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.7167.5792 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\svchost.exe -k utcsvc
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\SysWOW64\CtHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.aol.com/
    mWinlogon: Userinit = userinit.exe
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [CTxfiHlp] CTXFIHLP.EXE
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    dRun: [DevconDefaultDB] C:\Windows\System32\READREG /SILENT /FAIL=1
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{E87E5278-7B44-4C37-A056-15845EC0C4B6} : DHCPNameServer = 192.168.1.1
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
    R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
    R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-11-29 1149760]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-7-17 124568]
    R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-11-29 1796928]
    R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-11-29 19821376]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-11-29 409800]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
    R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-11-29 20800]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-11-29 38216]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    S2 abc71024;CutterMaker;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-5-12 114688]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-3-10 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-11-29 59392]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-11-29 1255736]
    .
    =============== Created Last 30 ================
    .
    2015-05-20 05:40:08 12214312 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5600FF4D-65EC-4780-996F-E33BD1326393}\mpengine.dll
    2015-05-18 23:43:25 -------- d-----w- C:\ProgramData\Malwarebytes
    2015-05-18 23:43:09 12214312 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2015-05-18 23:42:46 -------- d-----w- C:\Users\Thomas\AppData\Local\Programs
    2015-05-17 10:07:02 1187344 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{336A99D4-7034-4C49-852F-E5BC621C4971}\gapaengine.dll
    2015-05-15 05:55:52 -------- d-----w- C:\Program Files (x86)\CutterMaker
    2015-05-15 05:55:05 -------- d-----w- C:\Program Files (x86)\Facebook for Chrome Plus
    2015-05-15 05:54:16 -------- d-----w- C:\Program Files (x86)\PriceMinus
    2015-05-15 05:54:10 -------- d-----w- C:\ProgramData\8910473873129165527
    2015-05-15 05:54:01 -------- d-----w- C:\Program Files (x86)\PRiceMiannus
    2015-05-15 05:53:46 -------- d-----w- C:\ProgramData\cjiijnmijocbklkphiiknjfpkhdnapfo
    2015-05-15 05:52:59 -------- d-----w- C:\ProgramData\{9e7f0106-df88-fd68-9e7f-f0106df8041b}
    2015-05-13 06:40:05 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 06:40:05 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 03:39:59 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    .
    ==================== Find3M ====================
    .
    2015-05-05 01:29:39 342016 ----a-w- C:\Windows\System32\schannel.dll
    2015-05-05 01:12:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
    2015-04-27 19:28:36 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2015-04-27 19:28:35 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2015-04-27 19:28:35 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2015-04-27 19:26:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
    2015-04-27 19:22:57 47104 ----a-w- C:\Windows\System32\typeperf.exe
    2015-04-27 19:22:57 404992 ----a-w- C:\Windows\System32\tracerpt.exe
    2015-04-27 19:22:53 112640 ----a-w- C:\Windows\System32\smss.exe
    2015-04-27 19:22:47 296960 ----a-w- C:\Windows\System32\rstrui.exe
    2015-04-27 19:22:46 43008 ----a-w- C:\Windows\System32\relog.exe
    2015-04-27 19:22:35 31232 ----a-w- C:\Windows\System32\lsass.exe
    2015-04-27 19:22:34 104448 ----a-w- C:\Windows\System32\logman.exe
    2015-04-27 19:22:26 19456 ----a-w- C:\Windows\System32\diskperf.exe
    2015-04-27 19:22:08 338432 ----a-w- C:\Windows\System32\conhost.exe
    2015-04-27 19:21:37 64000 ----a-w- C:\Windows\System32\auditpol.exe
    2015-04-27 19:18:37 60416 ----a-w- C:\Windows\System32\msobjs.dll
    2015-04-27 19:18:25 146432 ----a-w- C:\Windows\System32\msaudite.dll
    2015-04-27 19:11:55 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2015-04-27 19:11:54 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2015-04-27 19:08:02 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2015-04-27 19:05:40 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
    2015-04-27 19:05:35 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
    2015-04-27 19:05:34 635392 ----a-w- C:\Windows\SysWow64\tdh.dll
    2015-04-27 19:05:32 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2015-04-27 19:05:29 92160 ----a-w- C:\Windows\SysWow64\sechost.dll
    2015-04-27 19:05:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2015-04-27 19:05:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2015-04-27 19:05:17 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2015-04-27 19:05:11 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
    2015-04-27 19:04:45 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2015-04-27 19:04:37 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
    2015-04-27 19:04:33 641536 ----a-w- C:\Windows\SysWow64\advapi32.dll
    2015-04-27 19:04:33 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2015-04-27 19:04:24 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
    2015-04-27 19:04:24 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
    2015-04-27 19:04:19 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2015-04-27 19:04:12 37888 ----a-w- C:\Windows\SysWow64\relog.exe
    2015-04-27 19:04:04 82944 ----a-w- C:\Windows\SysWow64\logman.exe
    2015-04-27 19:03:58 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
    2015-04-27 19:03:52 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
    2015-04-27 19:03:36 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2015-04-27 19:03:36 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2015-04-27 19:01:33 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
    2015-04-27 19:01:22 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
    2015-04-27 18:06:48 36864 ----a-w- C:\Windows\System32\UtcResources.dll
    2015-04-27 17:57:32 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2015-04-27 17:57:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2015-04-27 17:55:03 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2015-04-27 17:55:03 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-04-27 17:55:03 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2015-04-27 17:55:03 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2015-04-21 17:08:08 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2015-04-21 17:07:54 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2015-04-21 16:51:08 66560 ----a-w- C:\Windows\System32\iesetup.dll
    2015-04-21 16:50:14 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2015-04-21 16:50:12 584192 ----a-w- C:\Windows\System32\vbscript.dll
    2015-04-21 16:50:03 417792 ----a-w- C:\Windows\System32\html.iec
    2015-04-21 16:48:40 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2015-04-21 16:35:51 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
    2015-04-21 16:35:40 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2015-04-21 16:34:59 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
    2015-04-21 16:31:56 6025728 ----a-w- C:\Windows\System32\jscript9.dll
    2015-04-21 16:26:35 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2015-04-21 16:25:34 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2015-04-21 16:14:33 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2015-04-21 16:11:10 504320 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2015-04-21 16:11:07 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2015-04-21 16:10:12 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2015-04-21 16:09:57 341504 ----a-w- C:\Windows\SysWow64\html.iec
    2015-04-21 16:08:41 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2015-04-21 15:58:45 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2015-04-21 15:57:57 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2015-04-21 15:47:04 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2015-04-21 15:46:50 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
    2015-04-21 15:43:28 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2015-04-21 15:31:13 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2015-04-21 15:27:25 2352128 ----a-w- C:\Windows\System32\wininet.dll
    2015-04-21 15:25:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2015-04-21 15:24:48 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2015-04-21 15:02:00 1882112 ----a-w- C:\Windows\SysWow64\wininet.dll
    2015-04-20 03:17:07 1647104 ----a-w- C:\Windows\System32\DWrite.dll
    2015-04-20 03:17:07 1179136 ----a-w- C:\Windows\System32\FntCache.dll
    2015-04-20 02:56:29 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2015-04-20 02:11:23 3204608 ----a-w- C:\Windows\System32\win32k.sys
    2015-04-18 03:10:57 460800 ----a-w- C:\Windows\System32\certcli.dll
    2015-04-18 02:56:57 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
    2015-04-16 04:10:47 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2015-04-16 04:10:47 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-04-13 03:28:33 328704 ----a-w- C:\Windows\System32\services.exe
    2015-04-08 03:29:07 275456 ----a-w- C:\Windows\System32\InkEd.dll
    2015-04-08 03:29:07 24576 ----a-w- C:\Windows\System32\jnwmon.dll
    2015-04-08 03:14:07 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
    2015-03-25 03:24:41 98304 ----a-w- C:\Windows\System32\wudriver.dll
    2015-03-25 03:24:41 3298816 ----a-w- C:\Windows\System32\wucltux.dll
    2015-03-25 03:24:41 191488 ----a-w- C:\Windows\System32\wuwebv.dll
    2015-03-25 03:24:08 60416 ----a-w- C:\Windows\System32\WinSetupUI.dll
    2015-03-25 03:23:58 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
    2015-03-25 03:23:55 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2015-03-25 03:00:57 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
    .
    ============= FINISH: 14:49:08.96 ===============
     
  6. HaroRider

    HaroRider Thread Starter

    Joined:
    Aug 9, 2006
    Messages:
    387
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/29/2014 6:11:55 PM
    System Uptime: 5/20/2015 2:32:54 PM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P5B-Deluxe
    Processor: Intel(R) Core(TM)2 CPU 6420 @ 2.13GHz | LGA 775 | 2128/266mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 233 GiB total, 169.764 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP56: 4/18/2015 9:54:55 PM - Installed LG United Mobile Drivers.
    RP57: 4/21/2015 9:26:15 AM - Windows Update
    RP58: 4/24/2015 8:21:10 PM - Windows Update
    RP59: 4/28/2015 8:42:55 PM - Windows Update
    RP60: 5/2/2015 10:42:34 AM - Windows Update
    RP61: 5/6/2015 8:27:20 AM - Windows Update
    RP62: 5/9/2015 9:24:34 PM - Windows Update
    RP63: 5/12/2015 11:39:42 PM - Windows Update
    RP64: 5/15/2015 12:28:23 AM - Windows Update
    RP65: 5/18/2015 4:42:29 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 17 ActiveX
    Adobe Reader XI (11.0.11)
    Adobe Refresh Manager
    AIM 7
    Call of Duty(R) - World at War(TM)
    Counter-Strike: Source
    Download Updater (AOL LLC)
    EPSON Scan
    EPSON WorkForce 500 Series Printer Uninstall
    Google Chrome
    Google Update Helper
    LG United Mobile Drivers
    Microsoft .NET Framework 4.5.1
    Microsoft Security Client
    Microsoft Security Essentials
    NVIDIA 3D Vision Controller Driver 344.75
    NVIDIA 3D Vision Driver 344.75
    NVIDIA Control Panel 344.75
    NVIDIA GeForce Experience 2.1.4.1
    NVIDIA GeForce Experience Service
    NVIDIA Graphics Driver 344.75
    NVIDIA HD Audio Driver 1.3.32.1
    NVIDIA Install Application
    NVIDIA LED Visualizer 1.0
    NVIDIA Network Service
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.14.0702
    NVIDIA ShadowPlay 16.13.69
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 16.13.69
    NVIDIA Update Core
    NVIDIA Virtual Audio 1.2.26
    PointerAccess
    PriceMinus
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB3023224)
    Security Update for Microsoft .NET Framework 4.5.1 (KB3035490)
    Security Update for Microsoft .NET Framework 4.5.1 (KB3037581)
    SHIELD Streaming
    SHIELD Wireless Controller Driver
    Steam
    WinRAR 5.21 (64-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/20/2015 2:47:12 PM, Error: Schannel [36888] - The following fatal alert was generated: 43. The internal error state is 252.
    5/20/2015 2:33:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the CutterMaker service to connect.
    5/18/2015 4:53:45 PM, Error: Schannel [36887] - The following fatal alert was received: 20.
    5/18/2015 4:40:55 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureCommand with the following error: Access is denied.
    5/18/2015 4:40:53 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    5/17/2015 5:20:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    5/17/2015 5:20:24 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/14/2015 8:16:26 PM, Error: Service Control Manager [7023] -
    .
    ==== End Of File ===========================
     
  7. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hey HaroRider,

    Before we too involved, please read and follow these important guidelines, so things will proceed smoothly.
    1. The instructions being given are for YOUR computer and system only!
      Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
    2. You must have Administrator rights, permissions for this computer.
    3. DO NOT run any other fix or removal tools unless instructed to do so!
    4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
      DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
      Extra Additions and Removals of files make the analysis more difficult.
    5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
    6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
    7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
      Absence of symptoms does not mean that everything is clear.

    Please take time to read TSG Forum Guidelines and Rules where the conditions for receiving help here are explained.

    Please read all instructions carefully before executing and perform the steps, in the order given.
    lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

    Because of this, I advise you to backup any personal files and folders before you start
     
  8. HaroRider

    HaroRider Thread Starter

    Joined:
    Aug 9, 2006
    Messages:
    387
    I reformatted not too long ago. There really in not much on here that I care about. I have all my pictures and data on SD cards so I am ok.

    Thanks
     
  9. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    So you reformatted the hard drive and reinstalled the OS?
     
  10. HaroRider

    HaroRider Thread Starter

    Joined:
    Aug 9, 2006
    Messages:
    387
    I did, but that was several months ago.

    It was for an unrelated problem. Bad hard drive. I went with a SSD.
     
  11. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    HaroRider,

    So 6 months ago is not too long ago?
    http://forums.techguy.org/windows-7/1136180-slow-running-computer.html

    Understand that in the computer world six months ago is a long, long time ago. Malware writers pour out copious amounts of new malware daily; http://www.pandasecurity.com/mediac...rains-of-malware-were-indentified-in-q3-2014/
    Even though the article is from last October - about the time you started your last thread - don't kid yourself into thinking that the article is old and the information outdated. Malware is becoming more complex and difficult to detect.

    I take it then that you have read the guidelines I posted in post # 7

    If you wish to continue, click the button "Mark Unsloved" and post the following reports from the instructions below and do try to be a little less ambiguous about how long ago you did something.


    RSIT (Random's System Information Tool)
    Please download RSITx64 by random/random... save it to your desktop.
    1. Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
    2. Please read the disclaimer... click on Continue.
    3. RSIT will start running. When done... 2 logs files...will be produced.
      The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
    4. Please post both... "log.txt" and "info.txt", file contents in your next reply.
    (These logs can be lengthy, so post each separately.)
     
  12. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hi HaroRider,

    It has been three days since my last post.

    • Do you still need help?
    • Do you need more time?
    • Are you having problems following my instructions?
    • These topics will self- close after 45 days without a response.
    • If you do not reply within the next 48 hours, I will remove this topic from my notification list.
    • If you post back after 5 days but before 45 days, PM me and wait for a response.
    • If you still need help after 45 days post a new log on a new thread.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1148455

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice