Jump to content

FlybBab1u612

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral
  1. You were a patient, knowledgable, and helpful aid.

  2. Thanks. I usually use Firefox and sometimes Chrome too. The slowness goes across all browsers though. The check seems fine. Results of screen317's Security Check version 0.99.59 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` CCleaner Adobe Flash Player 11.5.502.149 Mozilla Firefox (19.0) Google Chrome 25.0.1364.97 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Windows Defender MSASCui.exe Windows Defender MSASCui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 4% ````````````````````End of Log``````````````````````
  3. Things are somewhat better but the Internet is still often slow. Downloads seem OK, but page load times take a bit. Is there a network setting that needs to be changed after the fixes?
  4. I don't need the programs at this moment. The other file seems to be leftover from something. Maybe an old MSE scan. Or a website file backup? It shows up as admin read only file with compression. I doubt it is needed though.
  5. The ComboFix doc is attached. It removed another host file and a program, (possible driver update file?). The other program was one from Cnet that should be OK. ComboFix.txt
  6. I've attached the TDSS file to the reply. It looks as if things might be OK? TDDS.txt
  7. Ooooh. I'm sorry. I got a little confused with program names since rkiller was downloaded earlier before RogueKiller. Please pardon my mistakes.I do appreciate your help and patience. RKreport RogueKiller V8.5.1 [Feb 20 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : Adam [Admin rights] Mode : Scan -- Date : 02/20/2013 21:54:28 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [TASK][sUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> FOUND [TASK][sUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 [7] -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ _INLINE_ : NtTraceEvent -> HOOKED (Unknown @ 0x8059AC00) ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK2565GSX ATA Device +++++ --- User --- [MBR] 116227964434f380990add242a57ff01 [bSP] 86cd584053915ff31ffc42527db8e7d2 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++ --- User --- [MBR] 83b42057fb3fd1d945874c9bf1406a5b [bSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_02202013_02d2154.txt >> RKreport[1]_S_02202013_02d2154.txt
  8. Sorry, I forgot to include it. Here it is: Rkill 2.4.7 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 02/20/2013 08:14:28 PM in x86 mode. Windows Version: Windows 7 Professional Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * WSearch [Missing Service] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 02/20/2013 08:14:57 PM Execution time: 0 hours(s), 0 minute(s), and 29 seconds(s)
  9. OK.. Here are the first two files: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/3/2012 1:24:11 PM System Uptime: 2/20/2013 6:22:22 PM (2 hours ago) . Motherboard: Acer | | JV11-ML Processor: Intel® Atom CPU Z520 @ 1.33GHz | U3E1 | 1333/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 233 GiB total, 190.026 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP143: 2/16/2013 7:00:48 PM - Revo Uninstaller's restore point - Acer Updater RP145: 2/16/2013 7:02:20 PM - Removed Acer Updater RP147: 2/16/2013 7:05:48 PM - Revo Uninstaller's restore point - Audible Download Manager RP148: 2/18/2013 11:05:46 AM - Installed Java 7 Update 13 RP149: 2/18/2013 10:19:06 PM - Device Driver Package Install: Intel® Display adapters RP150: 2/18/2013 10:59:16 PM - Windows Modules Installer RP151: 2/19/2013 8:28:04 AM - Restore Operation RP152: 2/20/2013 11:20:54 AM - Installed Java 7 Update 15 RP153: 2/20/2013 4:09:02 PM - Windows Update . ==== Installed Programs ====================== . Acer Crystal Eye webcam Acer Updater Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Amazon Kindle Amazon MP3 Downloader 1.0.17 Apple Application Support Apple Software Update Audible Download Manager AudibleManager AVG 2013 CCleaner Foxit Reader Google Chrome Google Talk Plugin Intel® Graphics Media Accelerator 500 iTunes Java 7 Update 15 Java Auto Updater KeyScrambler Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Image Composite Editor Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 18.0.2 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB973688) PDFill FREE PDF Writer Picasa 3 QuickTime Realtek High Definition Audio Driver Recuva Revo Uninstaller 1.94 Sandboxie 3.76 (32-bit) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) SlimCleaner Spybot - Search & Destroy Synaptics Pointing Device Driver System Requirements Lab for Intel Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VirtualCloneDrive . ==== Event Viewer Messages From Past Week ======== . 2/20/2013 7:44:37 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 2/20/2013 6:04:36 PM, Error: Service Control Manager [7023] - The Diagnostic Service Host service terminated with the following error: The requested control is not valid for this service. 2/20/2013 6:02:11 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 2/20/2013 6:02:02 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 2/20/2013 4:57:30 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004 2/20/2013 4:13:23 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.143.2586.0). 2/20/2013 4:09:41 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 2/20/2013 3:14:49 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=32) while initializing logging resources for channel Microsoft-Windows-Application-Experience/Program-Compatibility-Assistant. 2/20/2013 11:16:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 2/19/2013 9:40:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 2/19/2013 8:33:49 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 2/19/2013 7:02:07 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 2/19/2013 10:31:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 2/19/2013 10:31:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 2/19/2013 10:31:03 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver AVGIDSShim Avgldx86 discache ElbyCDIO spldr Wanarpv6 2/19/2013 10:31:01 AM, Error: Service Control Manager [7001] - The HomeGroup Listener service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 2/19/2013 10:31:01 AM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning. 2/19/2013 10:30:58 AM, Error: Service Control Manager [7001] - The Application Identity service depends on the AppID Driver service which failed to start because of the following error: The dependency service or group failed to start. 2/19/2013 10:30:58 AM, Error: Service Control Manager [7001] - The AppID Driver service depends on the System Attribute Cache service which failed to start because of the following error: A device attached to the system is not functioning. 2/18/2013 11:04:05 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 2/18/2013 11:04:05 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 2/17/2013 6:39:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 2/16/2013 3:46:34 PM, Error: Service Control Manager [7001] - The PNRP Machine Name Publication Service service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 2/16/2013 3:09:06 PM, Error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration. 2/16/2013 3:02:49 PM, Error: Service Control Manager [7030] - The Windows Driver Foundation - User-mode Driver Framework service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 2/16/2013 1:29:29 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2. 2/15/2013 1:38:17 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wscsvc service. 2/14/2013 5:44:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service. 2/14/2013 10:06:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56} 2/13/2013 11:01:34 AM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 2/13/2013 1:43:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service. 2/13/2013 1:43:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fdPHost service. . ==== End Of File =========================== DDS DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2 Run by Adam at 20:09:08 on 2013-02-20 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.907 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} . ============== Running Processes ================ . C:\PROGRA~1\AVG\AVG2013\avgrsx.exe C:\Program Files\AVG\AVG2013\avgcsrvx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\AVG\AVG2013\avgidsagent.exe C:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe C:\Windows\System32\snmptrap.exe C:\Windows\system32\taskhost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe C:\Windows\Explorer.EXE C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe C:\Program Files\AVG\AVG2013\avgnsx.exe C:\Program Files\AVG\AVG2013\avgemcx.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\UI0Detect.exe C:\Windows\system32\wbem\WmiApSrv.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\notepad.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\svchost.exe -k wcssvc C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\svchost.exe -k defragsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxps://startpage.com/do/mypage.pl?prf=f83a6ce8e8788c5e821499ad31004fbc uSearchURL,(Default) = hxxps://startpage.com/do/metasearch.pl?query=%s&pl=ie&language=english&cat=web BHO: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - c:\program files\keyscrambler\KeyScramblerIE.dll BHO: SDHelper: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll uRun: [Google Update] "c:\users\adam\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe" mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [igfxExt] c:\windows\system32\IgfxExt.exe /RegServer mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{5B595297-3515-4AFB-BCA2-B04255CCCCF8} : DHCPNameServer = 192.168.1.254 Notify: SDWinLogon - SDWinLogon.dll SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - c:\users\adam\appdata\roaming\mozilla\firefox\profiles\d5fsoj81.default\ FF - prefs.js: browser.search.selectedEngine - Startpage (SSL) FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/do/mypage.pl?prf=f83a6ce8e8788c5e821499ad31004fbc FF - prefs.js: network.proxy.type - 2 FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101752.dll FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\users\adam\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\users\adam\appdata\roaming\mozilla\firefox\profiles\d5fsoj81.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll FF - plugin: c:\users\adam\appdata\roaming\mozilla\firefox\profiles\d5fsoj81.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2_x64.dll FF - plugin: c:\users\adam\appdata\roaming\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\adam\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376] R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664] R2 Live Updater Service;Live Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2013-1-17 255376] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-19 398184] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-19 682344] R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-12-3 1103392] R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-12-3 1369624] R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-12-3 168384] R3 igd;igd;c:\windows\system32\drivers\igdkmd32.sys [2010-9-16 648832] R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2012-12-4 173880] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-2-19 21104] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776] R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2012-12-16 157776] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-1-3 14848] S3 rsvcdwdr;rsvcdwdr;c:\windows\system32\drivers\rsvcdwdr.sys [2012-11-13 35976] S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-1-3 49664] S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-1-3 27136] S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-12-6 1343400] . =============== Created Last 30 ================ . 2013-02-20 21:09:52 -------- dc----w- C:\b20a6fb25457ccfbb7b9fe 2013-02-20 16:23:19 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-02-20 01:22:33 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-19 01:22:06 -------- dc----w- C:\IEMGD_HEAD_Windows7 2013-02-18 00:05:34 -------- dc----w- C:\IEGD 2013-02-13 16:19:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-02-13 16:19:03 149528 ----a-w- c:\program files\internet explorer\sqmapi.dll 2013-02-13 16:19:02 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-02-13 16:19:01 194048 ----a-w- c:\program files\internet explorer\IEShims.dll 2013-02-13 15:40:55 2347008 ----a-w- c:\windows\system32\win32k.sys 2013-02-13 15:40:36 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-02-13 15:40:34 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-13 15:40:31 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-13 15:40:30 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2013-02-13 15:40:27 169984 ----a-w- c:\windows\system32\winsrv.dll 2013-02-11 19:27:20 152072 -c--a-w- C:\Regbackup.reg 2013-02-11 02:08:45 454656 ----a-w- c:\program files\mozilla firefox\firemin\bin\sqlite3.exe 2013-02-11 02:08:44 590599 ----a-w- c:\program files\mozilla firefox\firemin\Firemin.exe 2013-02-10 05:18:39 -------- d-----w- c:\users\adam\appdata\roaming\Malwarebytes 2013-02-10 05:18:22 -------- d-----w- c:\programdata\Malwarebytes 2013-02-10 05:18:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-02-10 01:32:43 -------- d-----w- c:\users\adam\appdata\roaming\GlarySoft 2013-02-10 01:29:10 -------- d-----w- c:\program files\Glary Utilities 2013-02-09 20:08:20 -------- d-----w- c:\users\adam\appdata\roaming\Wise Care 365 2013-02-07 13:47:35 -------- d-----w- c:\users\adam\appdata\roaming\SUPERAntiSpyware.com 2013-02-07 13:46:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2013-02-07 13:46:46 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-02-07 01:27:08 -------- d-----w- c:\users\adam\appdata\roaming\Barnes & Noble 2013-02-07 01:27:00 -------- d-----w- c:\program files\Barnes & Noble 2013-02-04 03:39:36 -------- d-----w- c:\program files\CCleaner 2013-02-04 03:06:14 -------- d-----w- c:\users\adam\appdata\local\SlimWare Utilities Inc 2013-02-04 03:05:44 -------- d-----w- c:\program files\SlimCleaner 2013-02-01 20:31:03 -------- d-----w- c:\programdata\unzip 2013-01-30 08:02:16 -------- d-----w- c:\program files\MSXML 4.0 2013-01-30 03:24:16 -------- d-----w- c:\programdata\MAGIX 2013-01-30 03:20:43 -------- d-----w- c:\users\adam\appdata\roaming\MAGIX 2013-01-26 17:09:31 -------- d-----w- c:\users\adam\appdata\roaming\AVG 2013-01-26 17:07:43 -------- d-----w- c:\programdata\AVG 2013-01-24 19:29:46 -------- d-----w- c:\users\adam\appdata\local\Opera . ==================== Find3M ==================== . 2013-02-20 16:22:55 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-02-20 16:22:55 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-02-10 15:55:27 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-10 15:55:27 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-17 20:28:21 120104 ----a-w- c:\windows\system32\SynTPCo4.dll 2013-01-17 06:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll 2012-12-05 04:01:46 1784352 ----a-w- c:\windows\system32\WavesLib.dll 2012-12-05 04:00:50 266240 ----a-w- c:\windows\system32\FMAPO.dll 2012-12-05 04:00:41 125952 ----a-w- c:\windows\system32\AERTARen.dll 2012-12-05 04:00:40 142848 ----a-w- c:\windows\system32\AERTACap.dll 2012-12-05 04:00:33 831488 ----a-w- c:\windows\RtlExUpd.dll 2012-12-04 01:39:17 1176312 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2012-12-04 01:39:14 212400 ----a-w- c:\windows\system32\drivers\SynTP.sys 2012-12-04 01:39:14 161064 ----a-w- c:\windows\system32\SynTPAPI.dll 2012-12-04 01:39:10 206120 ----a-w- c:\windows\system32\SynCtrl.dll 2012-12-04 01:39:10 169256 ----a-w- c:\windows\system32\SynCOM.dll 2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe 2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-11-23 02:48:41 49152 ----a-w- c:\windows\system32\taskhost.exe . ============= FINISH: 20:10:16.79 =============== Finally the Rogue Killer report Rkill 2.4.7 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 02/20/2013 08:14:28 PM in x86 mode. Windows Version: Windows 7 Professional Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * WSearch [Missing Service] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 02/20/2013 08:14:57 PM Execution time: 0 hours(s), 0 minute(s), and 29 seconds(s) I don't mind if not all the Windows services are running, as long as they are not necessary for Windows to work and don't compromise security. Thanks
  10. Hi, I would appreciate it if anyone could please advise me on how to proceed with a problem. My netbook has been running slowly, so I tried to tweak the registry and MS services database to reduce memory needs. I also tried to update the graphics card and ran some cleanup apps from Cnet. They seem to have helped but there may still be an issue according to some scans. I recently ran Malwarebytes programs and they listed a bad host file in System32 folder. I had created some custom hosts file but am no sure if I put them there or not. So I let Malware bytes put it in the vault and delete it anyway. AVG antivrus and Microsoft malware download didn't detect anything. However, the Spybot rootkit scan showed for 3 unknown MBRs and an unknown issue in Physical Drive0. I'm not sure where that is; the computer has a main partition with a virtual drive and an attached usb running ReadyBoost. I saw this post from here the other day that describes a similar problem. I ran the mentioned the System Check and dds scans and can post them if it would help. Thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.