vasnof

Members

View Profile See their activity

Posts
3
Joined
January 7, 2013
Last visited
January 16, 2013

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by vasnof

computer slow and internet not stable

vasnof replied to vasnof's topic in Resolved Malware Removal Logs

When I run the RogueKiller program earlier I received a warning about not deleting some items it had found when I exited the program. Is that okay, or should I have deleted the things it found? Sorry, should've mentioned it earlier. Here's the combofix log: ComboFix 13-01-08.01 - Danny 01/08/2013 18:31:38.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4029.2464 [GMT -5:00] Running from: c:\users\Danny\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Administrator\AppData\Local\assembly\tmp c:\users\Danny\AppData\Local\assembly\tmp c:\users\Default\AppData\Local\assembly\tmp . . ((((((((((((((((((((((((( Files Created from 2012-12-08 to 2013-01-08 ))))))))))))))))))))))))))))))) . . 2013-01-08 23:42 . 2013-01-08 23:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-08 23:42 . 2013-01-08 23:42 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-01-08 23:05 . 2012-11-19 06:01 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA3B8BEA-2A9E-451F-890C-7BB8A7DAA98A}\mpengine.dll 2013-01-08 00:51 . 2013-01-08 00:51 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-01-08 00:49 . 2013-01-08 00:49 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-01-07 01:48 . 2012-10-23 11:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B33A1BB8-21C3-4970-9A75-3BF6801F8299}\gapaengine.dll 2013-01-07 01:47 . 2012-11-19 06:01 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-07 00:48 . 2013-01-07 00:48 -------- d-----w- c:\users\Danny\AppData\Local\Programs 2013-01-06 21:33 . 2013-01-06 21:33 -------- d-----w- c:\program files (x86)\GUM8323.tmp 2013-01-06 21:33 . 2013-01-06 21:33 4096000 ----a-w- c:\program files (x86)\GUT8334.tmp 2013-01-06 21:15 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-01-06 21:15 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-01-06 21:15 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2013-01-06 21:15 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-01-06 21:03 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2013-01-06 21:03 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2013-01-06 21:03 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2013-01-06 21:03 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2013-01-06 21:02 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-01-06 21:02 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-01-06 21:02 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-01-06 21:02 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-01-06 21:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2013-01-06 21:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2013-01-06 21:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-01-06 20:55 . 2013-01-06 20:55 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2013-01-05 23:42 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-01-05 23:42 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2013-01-05 23:42 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2013-01-05 23:42 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2013-01-05 23:42 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2013-01-05 23:42 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2013-01-05 23:42 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2013-01-05 23:39 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2013-01-05 23:38 . 2012-10-04 17:38 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-01-05 23:37 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2013-01-05 23:37 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2013-01-05 23:37 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2013-01-05 23:37 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2013-01-05 23:37 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2013-01-05 23:37 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2013-01-05 23:37 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2013-01-05 23:37 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys 2013-01-05 23:37 . 2012-06-16 05:15 911360 ----a-w- c:\windows\system32\jscript.dll 2013-01-05 23:37 . 2012-06-16 05:16 609792 ----a-w- c:\windows\system32\vbscript.dll 2013-01-05 23:37 . 2012-06-16 04:26 428032 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-01-05 23:36 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2013-01-05 23:36 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2013-01-05 23:36 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll 2013-01-05 23:36 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll 2013-01-05 23:36 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll 2013-01-05 23:36 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2013-01-05 23:36 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll 2013-01-05 23:36 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2013-01-05 23:34 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-01-05 23:34 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe 2013-01-05 23:34 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe 2013-01-05 23:34 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-05 23:31 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-01-05 23:31 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-01-05 23:31 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-01-05 23:31 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2013-01-05 23:31 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-01-05 23:31 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-01-05 23:11 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll 2013-01-05 23:06 . 2013-01-05 23:06 -------- d-----w- c:\program files (x86)\GUMEAEA.tmp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-08 00:49 . 2012-07-02 02:35 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-01-08 00:49 . 2010-07-10 20:21 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-01-06 00:54 . 2012-05-30 06:17 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-06 00:54 . 2011-06-29 02:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-14 21:49 . 2012-07-02 03:30 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-28 20:58 . 2009-10-28 11:17 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-10-23 11:04 . 2011-03-26 17:22 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-10-16 08:38 . 2013-01-05 23:36 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2013-01-05 23:36 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2013-01-05 23:36 561664 ----a-w- c:\windows\apppatch\AcLayers.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\Danny\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2009-10-15 3122440] "UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="0" "UpdatesDisableNotify"="0" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-16 79376] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848] R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-07-28 414984] R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-07-28 472328] R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2010-08-11 11776] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-06-26 219136] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-01 1255736] R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\test\ECECECEC\WinRing0x64.sys [x] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840] R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2010-08-11 121344] R3 ZTEusbwwan;ZTE MBN Miniport;c:\windows\system32\DRIVERS\ZTEusbwwan.sys [2010-08-11 235520] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-06 69152] S1 funfrm;funfrm; [x] S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2009-09-21 71040] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [2007-04-06 77216] S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x] S2 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2013-01-06 1737728] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 26128] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 145408] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-07-02 17152] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-05-14 5435904] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-20 239616] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vodafone_K380x-z_dc_enum;vodafone_K380x-z_dc_enum;c:\windows\system32\DRIVERS\vodafone_K380x-z_dc_enum.sys [2010-05-20 75776] S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11280] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP <NO NAME> REG_SZ . Contents of the 'Scheduled Tasks' folder . 2013-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 00:54] . 2013-01-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1563464669-3591048527-644845245-1003Core.job - c:\users\Danny\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-01 22:52] . 2013-01-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1563464669-3591048527-644845245-1003UA.job - c:\users\Danny\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-01 22:52] . 2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-15 03:02] . 2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-15 03:02] . 2013-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1563464669-3591048527-644845245-1003Core.job - c:\users\Danny\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-25 18:48] . 2013-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1563464669-3591048527-644845245-1003UA.job - c:\users\Danny\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-25 18:48] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc] @="{771C7324-DA80-49D3-8017-753B0AF60951}" [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}] 2009-10-15 08:06 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-05 8060960] "EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-09-01 4366704] "Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-08-19 5825536] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mStart Page = hxxp://lenovo.live.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 Trusted Zone: lenovo.com\consumersupport Trusted Zone: lenovo.com.cn\edrivers Trusted Zone: lenovo.com.cn\support4 Trusted Zone: lenovo.com.cn\think TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A68A86A7-BD7D-486F-8848-DB39D2699D9A}: NameServer = 10.206.65.68 10.206.65.68 DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} - hxxp://consumersupport.lenovo.com/smartdownloading/cab/npdueng.cab DPF: {FDECE629-C65D-46DA-A77F-244600A0E5F9} - hxxps://management.pna.utexas.edu/idengineswpa/tools/xc_loader_activex.ocx FF - ProfilePath - c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\hqq0x3ua.default\ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-01-08 18:49:08 ComboFix-quarantined-files.txt 2013-01-08 23:49 . Pre-Run: 110,652,239,872 bytes free Post-Run: 110,334,693,376 bytes free . - - End Of File - - E47EBA45F9857598332D0DE5F1458D92
- January 9, 2013
- 7 replies
computer slow and internet not stable

vasnof replied to vasnof's topic in Resolved Malware Removal Logs

Hi Kevin, thanks for the quick reply! I uninstalled ZoneAlarm. Here are the two logs you requested. RogueKiller V8.4.2 [Jan 6 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Danny [Admin rights] Mode : Scan -- Date : 01/07/2013 19:58:57 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{A68A86A7-BD7D-486F-8848-DB39D2699D9A} : NameServer (10.206.65.68 10.206.65.68) -> FOUND [DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{A68A86A7-BD7D-486F-8848-DB39D2699D9A} : NameServer (10.206.65.68 10.206.65.68) -> FOUND [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9320325AS +++++ --- User --- [MBR] 68a27d6ba8269fd5273739bd622c9300 [bSP] bd71ecee3ed635930c5c9c48d76fe1d5 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 258962 Mo 2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 530768192 | Size: 30972 Mo 3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 594198848 | Size: 15109 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_01072013_02d1958.txt >> RKreport[1]_S_01072013_02d1958.txt _____________________________________________________________________ Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Ad-Aware MVPS Hosts File Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.70.0.1100 CCleaner JavaFX 2.1.1 Java 6 Update 31 Java 7 Update 10 Java version out of Date! Adobe Flash Player 11.5.502.135 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 13.0.1 Firefox out of Date! Google Chrome 20.0.1132.57 Google Chrome 21.0.1180.60 Google Chrome 22.0.1229.79 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Ad-Aware AAWService.exe Ad-Aware AAWTray.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 4% ````````````````````End of Log``````````````````````
- January 8, 2013
- 7 replies
computer slow and internet not stable

vasnof posted a topic in Resolved Malware Removal Logs

Hi, My computer has been slow lately, and my internet connection hasn't been stable (my housemates report having stable internet connections). I'm worried my computer may be infected with malware. I downloaded and ran DDS and attached the two logs. I appreciate any help you can provide. Thanks attach.txt dds.txt
- January 7, 2013
- 7 replies

Sign In

vasnof

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by vasnof

computer slow and internet not stable

computer slow and internet not stable

computer slow and internet not stable

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information