Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Slow laptop, possible malware

This is a discussion on Slow laptop, possible malware within the Resolved HJT Threads forums, part of the Tech Support Forum category. Have been experiencing slow running and unresponsiveness in the laptop for some time. Running at 90% memory capacity when web


 
 
Thread Tools Search this Thread
Old 08-31-2015, 04:24 AM   #1
Registered Member
 
Join Date: Mar 2010
Posts: 19
OS: Vista



Have been experiencing slow running and unresponsiveness in the laptop for some time. Running at 90% memory capacity when web browsing, and at 45-55% when idle. Had several BSOD, and was advised to check for malware.

DDS:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16685
Run by ADB49 at 12:09:01 on 2015-08-31
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe
C:\Users\ADB49\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
.
============== Pseudo HJT Report ===============
.
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [CCleaner Monitoring] "c:\program files\ccleaner\CCleaner.exe" /MONITOR
uRun: [Dropbox Update] "c:\users\adb49\appdata\local\dropbox\update\DropboxUpdate.exe" /c
uRun: [SpybotPostWindows10UpgradeReInstall] "c:\program files\common files\av\spybot - search and destroy\Test.exe"
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [SiSTray] c:\program files\sis vga utilities\SiSTray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TouchPadHotKey] c:\program files\fsc\touchpad hotkey utility\TouchPad_HotKey.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-System: EnableSecureUIAPath = dword:1
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2B2610FD-EABF-4654-850F-5A4B9945AE07} : DHCPNameServer = 192.168.1.1
Notify: SDWinLogon - SDWinLogon.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 Spyware Info | Spyware Info
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\adb49\appdata\roaming\mozilla\firefox\profiles\4vgpos24.default\
FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm
FF - prefs.js: browser.startup.homepage - Google
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: c:\users\adb49\appdata\roaming\mozilla\firefox\profiles\4vgpos24.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: c:\users\adb49\appdata\roaming\mozilla\firefox\profiles\4vgpos24.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npPitPlugin.dll
FF - plugin: c:\users\adb49\appdata\roaming\mozilla\firefox\profiles\4vgpos24.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_17_0_0_188.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_18_0_0_232.dll
.
============= SERVICES / DRIVERS ===============
.
R? CH341SER;CH341SER
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? eapihdrv;eapihdrv
R? MBAMService;MBAMService
R? MBAMWebAccessControl;MBAMWebAccessControl
R? SDWSCService;Spybot-S&D 2 Security Center Service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? FontCache;Windows Font Cache Service
S? MBAMProtector;MBAMProtector
S? MpFilter;Microsoft Malware Protection Driver
S? MpKsle3030d05;MpKsle3030d05
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft Network Inspection
S? PSI;PSI
S? SDScannerService;Spybot-S&D 2 Scanner Service
S? SDUpdateService;Spybot-S&D 2 Updating Service
S? Secunia PSI Agent;Secunia PSI Agent
S? Secunia Update Agent;Secunia Update Agent
S? SiS6350;SiS6350
S? SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver
S? ZAPrivacyService;ZoneAlarm Privacy Service
.
=============== Created Last 30 ================
.
2015-08-30 16:00:16 39168 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3588452f-c4a1-4bb9-a2b0-e83fc26a9633}\MpKsle3030d05.sys
2015-08-30 15:24:56 912000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f1deb663-44b7-403b-a021-5e674a917742}\gapaengine.dll
2015-08-30 15:23:38 9234960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3588452f-c4a1-4bb9-a2b0-e83fc26a9633}\mpengine.dll
2015-08-30 15:18:49 -------- d-----w- c:\program files\Microsoft Security Client
2015-08-29 10:27:28 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{40bb5cbb-2086-4592-92e6-681d33c94b06}\offreg.964.dll
2015-08-29 1029 9234960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{40bb5cbb-2086-4592-92e6-681d33c94b06}\mpengine.dll
2015-08-19 19:49:48 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-19 19:49:45 758000 ----a-w- c:\program files\internet explorer\iexplore.exe
2015-08-19 19:49:45 151184 ----a-w- c:\program files\internet explorer\sqmapi.dll
2015-08-16 15:46:37 -------- d-----w- c:\programdata\Fujitsu
2015-08-12 18:52:38 56256 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-08-12 18:52:38 49664 ----a-w- c:\windows\system32\csrsrv.dll
2015-08-12 18:52:37 140224 ----a-w- c:\windows\system32\drivers\ecache.sys
2015-08-12 18:52:37 1206192 ----a-w- c:\windows\system32\ntdll.dll
2015-08-12 18:52:37 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-08-12 18:52:36 564224 ----a-w- c:\windows\system32\emdmgmt.dll
2015-08-12 18:52:35 3605440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-08-12 18:52:32 3553216 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-08-12 18:45:17 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 18:44:24 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2015-08-12 18:40:41 2067968 ----a-w- c:\windows\system32\mstscax.dll
2015-08-12 17:59:27 68608 ----a-w- c:\windows\system32\basesrv.dll
2015-08-12 17:56:21 1402368 ----a-w- c:\windows\system32\msxml6.dll
2015-08-12 17:56:21 1253376 ----a-w- c:\windows\system32\msxml3.dll
2015-08-12 17:53:53 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-08-12 17:53:53 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-08-12 17:53:53 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-08-12 17:53:52 297472 ----a-w- c:\windows\system32\atmfd.dll
2015-08-12 17:53:52 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-08-12 17:53:52 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-08-12 17:53:51 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-08-12 17:53:51 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-08-12 17:53:50 2066944 ----a-w- c:\windows\system32\win32k.sys
2015-08-12 17:53:50 1029120 ----a-w- c:\windows\system32\d3d10.dll
2015-08-12 17:53:49 802304 ----a-w- c:\windows\system32\FntCache.dll
2015-08-12 17:53:49 1072640 ----a-w- c:\windows\system32\DWrite.dll
2015-08-12 17:52:43 -------- d-sh--w- c:\windows\system32\%APPDATA%
2015-08-12 17:49:54 199680 ----a-w- c:\windows\system32\WebClnt.dll
2015-08-12 17:49:05 151040 ----a-w- c:\windows\system32\notepad.exe
2015-08-12 17:49:05 151040 ----a-w- c:\windows\notepad.exe
2015-08-04 23:03:08 877152 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-08-04 23:03:08 538208 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2015-08-02 20:28:01 -------- d-----w- c:\users\adb49\appdata\local\DriverToolkit
2015-08-02 20:27:36 -------- d-----w- c:\program files\DriverToolkit
2015-08-02 1250 -------- d-----w- c:\program files\NirSoft
.
==================== Find3M ====================
.
2015-08-12 18:25:41 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-12 18:25:40 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-08-11 10:15:32 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-22 20:54:48 367616 ----a-w- c:\windows\system32\html.iec
2015-07-22 20:51:20 1810432 ----a-w- c:\windows\system32\jscript9.dll
2015-07-22 20:46:19 1129472 ----a-w- c:\windows\system32\wininet.dll
2015-07-22 20:45:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2015-07-22 20:44:56 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2015-07-22 20:44:39 421888 ----a-w- c:\windows\system32\vbscript.dll
2015-07-22 20:43:19 11776 ----a-w- c:\windows\system32\mshta.exe
2015-07-05 10:11:18 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-07-03 16:04:03 1316864 ----a-w- c:\windows\system32\ole32.dll
2015-06-27 16:03:22 783872 ----a-w- c:\windows\system32\rpcrt4.dll
2015-06-27 16:02:55 218112 ----a-w- c:\windows\system32\msv1_0.dll
2015-06-27 16:02:34 501248 ----a-w- c:\windows\system32\kerberos.dll
2015-06-27 16:01:58 801280 ----a-w- c:\windows\system32\advapi32.dll
2015-06-27 14:21:13 217088 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-06-27 14:21:10 81408 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-06-18 07:41:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 07:41:42 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 07:41:36 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-17 16:50:20 2264576 ----a-w- c:\windows\system32\msi.dll
2015-06-17 15:09:17 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-06-17 00:01:52 1202856 ----a-w- c:\windows\system32\FM20.DLL
2015-06-16 16:19:02 18688 ----a-w- c:\windows\system32\sdnclean.exe
2015-06-12 16:01:52 298496 ----a-w- c:\windows\system32\gdi32.dll
2015-06-12 13:13:52 440768 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
============= FINISH: 12:15:50.90 ===============
Attached Files
File Type: txt attach.txt (6.2 KB, 291 views)
ADB45 is offline  
Sponsored Links
Advertisement
 
Old 08-31-2015, 05:23 AM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello ADB45,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Now, let's get started, shall we?

Please do the below intructions:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Old 08-31-2015, 10:42 AM   #3
Registered Member
 
Join Date: Mar 2010
Posts: 19
OS: Vista



Hello Tolga, thank you for your assistance. I should point out that I had this problem looked at on another malware forum a month ago (as you can see in one of the logs). However, as further advice from the BSOD forum on Tech Support Forum suggested that (a) I change my antivirus and (b) check for malware, I have resubmitted the question here.

Please find attached the two logs from FRST. I should point out that the executable stalled twice, and it only completed the scan after running the OS in safe mode; then, after a full restart, it did complete the scan.
Attached Files
File Type: txt FRST.txt (30.5 KB, 23 views)
File Type: txt Addition.txt (34.8 KB, 22 views)
ADB45 is offline  
Sponsored Links
Advertisement
 
Old 09-01-2015, 03:40 AM   #4
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello,

Thanks for the information. Please do the below steps.

STEP 1

We need to uninstall some programs.

Press the Windows Key + R on your keyboard at the same time. Type appwiz.cpl and click OK.
Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

Google Update Helper >>>>> Please read

=========================================================

STEP 2

Please go HERE then click on: Run Eset Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

Select the option YES, I accept the Terms of Use then click on Start buton.
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan Archives
  • Enable Anti-Stealth Technology
Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
Tick all the boxes that correspond to your external/inserted drives.
Click Start. The virus signature database will begin to download. This may take some time.
Wait for the scan to finish.
When completed, click on Finish.
When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
Save that text file to your desktop, and then copy/paste the contents in your next reply.
__________________
tekir06 is offline  
Old 09-01-2015, 06:15 AM   #5
Registered Member
 
Join Date: Mar 2010
Posts: 19
OS: Vista



Google Update Helper is NOT shown in the list of programs that can be uninstalled.
ADB45 is offline  
Old 09-01-2015, 09:36 AM   #6
Registered Member
 
Join Date: Mar 2010
Posts: 19
OS: Vista



ESET found NO threats
ADB45 is offline  
Old 09-01-2015, 10:59 PM   #7
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again,

Okay. Please do the following.

Launch Malwarebytes Anti-Malware

On the Settings tab > Detection and Protection subtab, Detection Options section, tick the box Scan for rootkits.
Click on the Scan tab, then click on Start Scan.
A check for database updates will be performed.
After the update check completes, a scan will begin.
With some infections, you may see this message box.
  • 'Could not load DDA driver'
Click Yes to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click 'Remove Selected'.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

============================

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.
__________________
tekir06 is offline  
Old 09-02-2015, 05:30 AM   #8
Registered Member
 
Join Date: Mar 2010
Posts: 19
OS: Vista



Result of MBAM scan
Attached Files
File Type: txt mbamscan.txt (1.0 KB, 14 views)
ADB45 is offline  
Old 09-02-2015, 05:46 AM   #9
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello ,

Your reports are looked clean. Now, do the following.

Please download AdwCleaner on to your desktop.
Close all open programs and internet browsers.
Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
Click on Scan.
After the scan is complete click on "Cleaning"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.
__________________
tekir06 is offline  
Old 09-02-2015, 10:38 AM   #10
Registered Member
 
Join Date: Mar 2010
Posts: 19
OS: Vista



# AdwCleaner v5.005 - Logfile created 02/09/2015 at 17:46:06
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows Vista (TM) Home Basic Service Pack 2 (x86)
# Username : ADB49 - ADB
# Running from : C:\Users\ADB49\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\DriverToolkit
[-] Folder Deleted : C:\Users\ADB49\AppData\Local\DriverToolkit

***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\DriverToolkit

***** [ Web browsers ] *****


*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [788 bytes] ##########
ADB45 is offline  
Old 09-03-2015, 04:02 AM   #11
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello,

Please do the following instructions. Then tell me, How is the machine behaving now? What problems do you still have?

Please download ComboFix and Save it to your Desktop.

Important! - Please make sure you save combofix to your desktop and do not run it from your browser
Please make sure you disable your security applications before running ComboFix. Get help here
Double-click ComboFix.exe and follow the prompts to run it.
If a message window opens to install the Microsoft Windows Recovery Console, click the yes button.
Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.
Please re-enable your antivirus before posting the ComboFix.txt log.
NOTE: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe
Next, go File > New Task(Run...) and type explorer then press 'Enter'. or just reboot the computer.
__________________
tekir06 is offline  
Old 09-03-2015, 02:48 PM   #12
Registered Member
 
Join Date: Mar 2010
Posts: 19
OS: Vista



I have made 3 attempts to run Combofix today, with one taking 3 hours to reach stage 48, and two other taking 2 hours to reach stage 47. I have disabled Microsoft Security Essentials and ZoneAlarm. Will continue to try - any advice welcome.
ADB45 is offline  
Old 09-04-2015, 12:45 AM   #13
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello,

I understand. If it does not Combofix again, let me know.
__________________
tekir06 is offline  
Old 09-04-2015, 04:20 AM   #14
Registered Member
 
Join Date: Mar 2010
Posts: 19
OS: Vista



Ran Combofix from safe mode and this time it finished normally.

ComboFix 15-09-03.01 - ADB49 04/09/2015 11:37:05.4.1 - x86 MINIMAL
Running from: c:\users\ADB49\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-08-04 to 2015-09-04 )))))))))))))))))))))))))))))))
.
.
2015-09-04 10:46 . 2015-09-04 10:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-04 10:46 . 2015-09-04 10:46 -------- d-----w- c:\users\ADB49\AppData\Local\temp
2015-09-02 16:47 . 2015-08-30 15:23 912000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-09-02 16:47 . 2015-08-30 15:23 912000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4510F97F-B18C-45EF-99F4-D0D357B687BD}\gapaengine.dll
2015-09-02 16:43 . 2015-09-02 16:46 -------- d-----w- C:\AdwCleaner
2015-09-01 17:36 . 2015-07-31 01:37 9234960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{924EA78A-5FF8-4E4F-B17F-A19C3A2B6DA9}\mpengine.dll
2015-09-01 14:11 . 2015-09-01 14:11 -------- d-----w- c:\program files\ESET
2015-08-31 14:44 . 2015-08-31 16:29 -------- d-----w- C:\FRST
2015-08-30 15:23 . 2015-07-31 01:37 9234960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-08-30 15:18 . 2015-08-30 15:20 -------- d-----w- c:\program files\Microsoft Security Client
2015-08-29 10:27 . 2015-08-29 10:27 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40BB5CBB-2086-4592-92E6-681D33C94B06}\offreg.964.dll
2015-08-29 10:06 . 2015-07-31 09:37 9234960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40BB5CBB-2086-4592-92E6-681D33C94B06}\mpengine.dll
2015-08-19 19:49 . 2015-08-14 22:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-19 19:49 . 2015-08-14 23:07 758000 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2015-08-19 19:49 . 2015-08-14 23:07 151184 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2015-08-16 15:46 . 2015-08-16 15:46 -------- d-----w- c:\programdata\Fujitsu
2015-08-12 18:52 . 2015-07-21 16:07 56256 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-08-12 18:52 . 2015-07-21 16:03 49664 ----a-w- c:\windows\system32\csrsrv.dll
2015-08-12 18:52 . 2015-07-21 20:55 1206192 ----a-w- c:\windows\system32\ntdll.dll
2015-08-12 18:52 . 2015-07-21 16:07 140224 ----a-w- c:\windows\system32\drivers\ecache.sys
2015-08-12 18:52 . 2015-07-21 16:03 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-08-12 18:52 . 2015-07-21 16:03 564224 ----a-w- c:\windows\system32\emdmgmt.dll
2015-08-12 18:52 . 2015-07-21 16:07 3605440 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-08-12 18:52 . 2015-07-21 16:07 3553216 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-08-12 18:45 . 2015-07-31 19:27 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 18:44 . 2015-07-09 14:20 304640 ----a-w- c:\windows\system32\drivers\srv.sys
2015-08-12 18:40 . 2015-07-10 19:37 2067968 ----a-w- c:\windows\system32\mstscax.dll
2015-08-12 17:59 . 2015-07-18 16:03 68608 ----a-w- c:\windows\system32\basesrv.dll
2015-08-12 17:56 . 2015-07-10 19:37 1402368 ----a-w- c:\windows\system32\msxml6.dll
2015-08-12 17:56 . 2015-07-10 19:37 1253376 ----a-w- c:\windows\system32\msxml3.dll
2015-08-12 17:53 . 2015-07-31 21:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-08-12 17:53 . 2015-07-31 21:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2015-08-12 17:53 . 2015-07-31 20:40 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2015-08-12 17:53 . 2015-07-31 21:46 189952 ----a-w- c:\windows\system32\d3d10core.dll
2015-08-12 17:53 . 2015-07-31 20:41 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2015-08-12 17:53 . 2015-07-31 20:33 297472 ----a-w- c:\windows\system32\atmfd.dll
2015-08-12 17:53 . 2015-07-31 22:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-08-12 17:53 . 2015-07-31 20:35 682496 ----a-w- c:\windows\system32\d2d1.dll
2015-08-12 17:53 . 2015-07-31 21:46 1029120 ----a-w- c:\windows\system32\d3d10.dll
2015-08-12 17:53 . 2015-07-31 20:33 2066944 ----a-w- c:\windows\system32\win32k.sys
2015-08-12 17:53 . 2015-07-31 20:33 1072640 ----a-w- c:\windows\system32\DWrite.dll
2015-08-12 17:53 . 2015-07-31 20:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2015-08-12 17:52 . 2015-08-12 17:52 -------- d-sh--w- c:\windows\system32\%APPDATA%
2015-08-12 17:49 . 2015-07-01 15:57 199680 ----a-w- c:\windows\system32\WebClnt.dll
2015-08-12 17:49 . 2015-07-09 14:25 151040 ----a-w- c:\windows\system32\notepad.exe
2015-08-12 17:49 . 2015-07-09 14:25 151040 ----a-w- c:\windows\notepad.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-02 11:13 . 2014-07-25 11:07 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-12 18:25 . 2013-10-12 15:49 778440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-08-12 18:25 . 2013-10-12 15:49 142536 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-08-04 23:03 . 2015-08-04 23:03 877152 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-08-04 23:03 . 2015-08-04 23:03 538208 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
2015-07-05 10:11 . 2013-10-11 20:22 246952 ------w- c:\windows\system32\MpSigStub.exe
2015-07-03 16:04 . 2015-07-17 14:20 1316864 ----a-w- c:\windows\system32\ole32.dll
2015-06-27 16:03 . 2015-07-17 14:13 783872 ----a-w- c:\windows\system32\rpcrt4.dll
2015-06-27 16:02 . 2015-07-17 14:13 218112 ----a-w- c:\windows\system32\msv1_0.dll
2015-06-27 16:02 . 2015-07-17 14:13 501248 ----a-w- c:\windows\system32\kerberos.dll
2015-06-27 16:01 . 2015-07-17 14:13 801280 ----a-w- c:\windows\system32\advapi32.dll
2015-06-27 14:21 . 2015-07-17 14:13 217088 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-06-27 14:21 . 2015-07-17 14:13 81408 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-06-18 07:41 . 2014-07-24 20:37 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 07:41 . 2014-07-24 20:37 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 07:41 . 2013-10-22 09:37 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-17 16:50 . 2015-07-17 14:19 2264576 ----a-w- c:\windows\system32\msi.dll
2015-06-17 15:09 . 2015-07-17 14:19 73216 ----a-w- c:\windows\system32\msiexec.exe
2015-06-17 00:01 . 2015-06-17 00:01 1202856 ----a-w- c:\windows\system32\FM20.DLL
2015-06-16 16:19 . 2013-10-16 11:30 18688 ----a-w- c:\windows\system32\sdnclean.exe
2015-06-12 16:01 . 2015-07-17 14:19 298496 ----a-w- c:\windows\system32\gdi32.dll
2015-06-12 13:13 . 2015-07-17 14:13 440768 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\ADB49\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\ADB49\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\ADB49\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\ADB49\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\ADB49\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\ADB49\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\ADB49\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\ADB49\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\ADB49\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\ADB49\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\ADB49\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\ADB49\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\ADB49\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\ADB49\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\ADB49\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\ADB49\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dropbox Update"="c:\users\ADB49\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-19 134512]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2015-06-16 4594552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-08-14 552960]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 869936]
"TouchPadHotKey"="c:\program files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe" [2007-08-13 364544]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2015-06-16 4127488]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2014-01-17 421888]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2014-08-13 137352]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-29 981688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2015-01-20 21:02 5496600 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-12 18:26]
.
2015-09-03 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3740713769-1093254276-2860028584-1000Core.job
- c:\users\ADB49\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19 20:52]
.
2015-09-03 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3740713769-1093254276-2860028584-1000UA.job
- c:\users\ADB49\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19 20:52]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\ADB49\AppData\Roaming\Mozilla\Firefox\Profiles\4vgpos24.default\
FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm
FF - prefs.js: browser.startup.homepage - Google
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2015-09-04 11:49:58
ComboFix-quarantined-files.txt 2015-09-04 10:49
.
Pre-Run: 99,868,368,896 bytes free
Post-Run: 99,808,452,608 bytes free
.
- - End Of File - - 52236ABE04FE54C3D1C159C3D5863BE8
5C616939100B85E558DA92B899A0FC36
ADB45 is offline  
Old 09-04-2015, 05:47 AM   #15
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello,

As I wrote before, I did not see any issue in your logs. The issue does not seem malware related.

The reason for high memory capacity may be related to ZoneAlarm. If you want to try. Remove ZoneAlarm and check the memory capacity.

Your reports are clear. Let's remove all tools and logs that we use.

Please download delfix to your desktop.

  • Close all other programs and start delfix.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Ensure Remove disinfection tools is ticked. Also tick: Create registry backup, Purge system restore
  • Click Run
  • delfix will now delete all found traces of our removal process.

Note: The program will run for a few moments and then notepad will open with a log. No need to post this log.

=========================================================

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System. Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn ON Automatic Updates in Windows Vista

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

PREVENTION

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here

Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
tekir06 is offline  
Old 09-04-2015, 07:49 AM   #16
Registered Member
 
Join Date: Mar 2010
Posts: 19
OS: Vista


Smile

Have followed instructions, and am pleased to learn that malware is not an issue at present. Thank you for your assistance and your time, and am happy to call this thread SOLVED.
ADB45 is offline  
Old 09-06-2015, 11:19 PM   #17
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello ADB45,

You're welcome. Thank you for your patience and cooperation.
__________________
tekir06 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Internet slow on one laptop, but fine on other devices
I have recently had very slow connection speeds on my laptop, with a download speed of around 7 mb/s, where it was about 30 mb/s before this started. The download speed remains the same on my brother's laptop, despite being the exact same make of laptop and in a similar location to mine....
Dr_Foetus Networking Support 7 06-20-2013 03:09 PM
Laptop very slow even after installing a fresh copy of Windows
Hello Guys! I am really new to this forum and hopefully somebody can give me a hand here with my laptop which is acting really slow even after installing a fresh copy of Windows 7. Here are the details: I have a Toshiba Satellite L455D-S5976 and today I decided to install a fresh copy of...
NikkiTech Windows 7 , Windows Vista Support 10 12-09-2012 11:02 PM
mt laptop is too slow & firefox is running too slow
from 2 days i'm experiencing quite few problems with my laptop . firefox & other browsers are running slow . internet is working fine on other computer(pc) i have at home . i think there is some malware or virus . plz help me . the dds.txt is given below : . DDS (Ver_2011-06-23.01) -...
mfyp General Computer Security 1 07-05-2011 04:46 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:42 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts