PC is suddenly slow and programs display not responding for awhile. MW
Started by
whizzhard
, Mar 18 2013 03:15 PM
This topic is locked
#17
Posted 21 March 2013 - 08:26 AM
whizzhard
- Topic Starter
-
- Member
-
- 34 posts
Member
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Shawlhar [Admin rights]
Mode : Scan -- Date : 03/21/2013 15:21:38
| ARK || FAK || MBR |
¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] UnsignedThemesSvc.exe -- C:\Windows\UnsignedThemesSvc.exe [7] -> KILLED [TermProc]
[SUSP PATH] adobe_plugin.exe -- C:\Users\Shawlhar\AppData\Roaming\Adobe\Plugins\adobe_plugin.exe [-] -> KILLED [TermProc]
¤¤¤ Registry Entries : 23 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : AdobePlugins (wscript "C:\Users\Shawlhar\AppData\Roaming\Adobe\Plugins\invis.vbs" "C:\Users\Shawlhar\AppData\Roaming\Adobe\Plugins\bat.bat") [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1397294529-3170872516-2112063622-1000[...]\Run : AdobePlugins (wscript "C:\Users\Shawlhar\AppData\Roaming\Adobe\Plugins\invis.vbs" "C:\Users\Shawlhar\AppData\Roaming\Adobe\Plugins\bat.bat") [-] -> FOUND
[Services][BLSVC] HKLM\[...]\ControlSet001\Services\IBUpdaterService ("C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE) -> FOUND
[TASK][SUSP PATH] CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} : C:\Users\Shawlhar\AppData\Local\Temp\cis6096.exe --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805} [x] -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:8080) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{8784BAD3-0F16-4198-95E4-C07A58FF16C3} : NameServer (10.71.165.25 10.71.165.30) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{32DB6BF4-4C50-4790-B708-6C6921136CD9} : NameServer (172.24.8.50 141.1.1.1) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{32DB6BF4-4C50-4790-B708-6C6921136CD9} : NameServer (172.24.8.50 141.1.1.1) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registeridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
127.0.0.1 mirror2.internetdownloadmanager.com
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-60A23T0 +++++
--- User ---
[MBR] 8cf363d44a7dce5a79e4acd94cfbe718
[BSP] ff53f638fa0bf32284331c9f841c3b66 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 409600 | Size: 290869 Mo
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 596109312 | Size: 14175 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_03212013_02d1521.txt >>
RKreport[1]_S_03212013_02d1521.txt
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Shawlhar [Admin rights]
Mode : Scan -- Date : 03/21/2013 15:21:38
| ARK || FAK || MBR |
¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] UnsignedThemesSvc.exe -- C:\Windows\UnsignedThemesSvc.exe [7] -> KILLED [TermProc]
[SUSP PATH] adobe_plugin.exe -- C:\Users\Shawlhar\AppData\Roaming\Adobe\Plugins\adobe_plugin.exe [-] -> KILLED [TermProc]
¤¤¤ Registry Entries : 23 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : AdobePlugins (wscript "C:\Users\Shawlhar\AppData\Roaming\Adobe\Plugins\invis.vbs" "C:\Users\Shawlhar\AppData\Roaming\Adobe\Plugins\bat.bat") [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1397294529-3170872516-2112063622-1000[...]\Run : AdobePlugins (wscript "C:\Users\Shawlhar\AppData\Roaming\Adobe\Plugins\invis.vbs" "C:\Users\Shawlhar\AppData\Roaming\Adobe\Plugins\bat.bat") [-] -> FOUND
[Services][BLSVC] HKLM\[...]\ControlSet001\Services\IBUpdaterService ("C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE) -> FOUND
[TASK][SUSP PATH] CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} : C:\Users\Shawlhar\AppData\Local\Temp\cis6096.exe --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805} [x] -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:8080) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{8784BAD3-0F16-4198-95E4-C07A58FF16C3} : NameServer (10.71.165.25 10.71.165.30) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{32DB6BF4-4C50-4790-B708-6C6921136CD9} : NameServer (172.24.8.50 141.1.1.1) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{32DB6BF4-4C50-4790-B708-6C6921136CD9} : NameServer (172.24.8.50 141.1.1.1) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registeridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
127.0.0.1 mirror2.internetdownloadmanager.com
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-60A23T0 +++++
--- User ---
[MBR] 8cf363d44a7dce5a79e4acd94cfbe718
[BSP] ff53f638fa0bf32284331c9f841c3b66 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 409600 | Size: 290869 Mo
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 596109312 | Size: 14175 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_03212013_02d1521.txt >>
RKreport[1]_S_03212013_02d1521.txt
#18
Posted 21 March 2013 - 08:28 AM
whizzhard
- Topic Starter
-
- Member
-
- 34 posts
Member
About the proxy stuff, i intentionally edited my host file so as to stop internetdownloadmanager from going online.
#19
Posted 21 March 2013 - 08:35 AM
1972vet
-
- Malware Removal
-
- 99 posts
Trusted Helper
Internet Download Manager is not necessary and should be uninstalled. Please uninstall it first, then run RogueKiller as before. When the scan completes, please click the Delete button and post back THAT log. Thanks!
#20
Posted 21 March 2013 - 08:43 AM
whizzhard
- Topic Starter
-
- Member
-
- 34 posts
Member
I'm really used to it and its the best download manager, do i really have to uninstall it or just reset the host file back to default.
#21
Posted 21 March 2013 - 08:51 AM
1972vet
-
- Malware Removal
-
- 99 posts
Trusted Helper
Well, it can depend on the location where you downloaded this and what it is used for. Can you expand on this for me? There is no real need for a download manager since Windows works quite well on it's own. There are free and shareware versions of such tools and named identically. Some just refer to this as "IDL". This tool can be, has been, exploited. It's unknown if yours is though, but if your version is a licensed copy then I'd say you might be fine to keep it but if this is the free or shareware version then you might be in for a ride on occasion by some malicious user who found your system and is able to exploit it.
#22
Posted 21 March 2013 - 09:01 AM
whizzhard
- Topic Starter
-
- Member
-
- 34 posts
Member
I believe it is okay to keep it because it really boost downloading speed and it is a 30day trial software which i downloaded from their official site http://www.internetdownloadmanager.com
I just had to make their website redirect to localhost because i used a fake serial.
Thats it.
Thanks
I just had to make their website redirect to localhost because i used a fake serial.
Thats it.
Thanks
#23
Posted 21 March 2013 - 09:10 AM
1972vet
-
- Malware Removal
-
- 99 posts
Trusted Helper
Hmmm...I don't think I would do that. Since you don't mind resetting the hosts file, then just leave the application be for now, yet still click the Delete button. If you notice an improvement in your system then you could blame (at least in part) the behavior of this dlm. Otherwise, you can always undo the changes that RogueKiller makes. While this troubleshooting session is still underway, let's take that approach. Post back a fresh RogueKiller log after you've completed the instruction. Thanks!
#24
Posted 21 March 2013 - 09:26 AM
whizzhard
- Topic Starter
-
- Member
-
- 34 posts
Member
Okay, so i clicked the delete button and its all done
I did not click the other fix buttons for hosts et al.
Do I have to restart now?
I did not click the other fix buttons for hosts et al.
Do I have to restart now?
#25
Posted 21 March 2013 - 09:28 AM
1972vet
-
- Malware Removal
-
- 99 posts
Trusted Helper
Clicking the delete button would have generated a new log. Please post that log. Rebooting for now isn't necessary. Post the log first so we can determine whether other changes need to be made...then you can close it and reboot at that time. Thanks!
#26
Posted 21 March 2013 - 09:35 AM
whizzhard
- Topic Starter
-
- Member
-
- 34 posts
Member
My bad.
Two logs were generated.
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Shawlhar [Admin rights]
Mode : Scan -- Date : 03/21/2013 16:27:23
| ARK || FAK || MBR |
¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] UnsignedThemesSvc.exe -- C:\Windows\UnsignedThemesSvc.exe [7] -> KILLED [TermProc]
[SUSP PATH] adobe_plugin.exe -- C:\Users\Shawlhar\AppData\Roaming\Adobe\Plugins\adobe_plugin.exe [-] -> KILLED [TermProc]
¤¤¤ Registry Entries : 10 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:8080) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{8784BAD3-0F16-4198-95E4-C07A58FF16C3} : NameServer (10.71.165.25 10.71.165.30) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{32DB6BF4-4C50-4790-B708-6C6921136CD9} : NameServer (172.24.8.50 141.1.1.1) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{32DB6BF4-4C50-4790-B708-6C6921136CD9} : NameServer (172.24.8.50 141.1.1.1) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registeridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
127.0.0.1 mirror2.internetdownloadmanager.com
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-60A23T0 +++++
--- User ---
[MBR] 8cf363d44a7dce5a79e4acd94cfbe718
[BSP] ff53f638fa0bf32284331c9f841c3b66 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 409600 | Size: 290869 Mo
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 596109312 | Size: 14175 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[3]_S_03212013_02d1627.txt >>
RKreport[1]_S_03212013_02d1521.txt ; RKreport[2]_D_03212013_02d1618.txt ; RKreport[3]_S_03212013_02d1627.txt
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Shawlhar [Admin rights]
Mode : Remove -- Date : 03/21/2013 16:18:49
| ARK || FAK || MBR |
¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] UnsignedThemesSvc.exe -- C:\Windows\UnsignedThemesSvc.exe [7] -> KILLED [TermProc]
[SUSP PATH] adobe_plugin.exe -- C:\Users\Shawlhar\AppData\Roaming\Adobe\Plugins\adobe_plugin.exe [-] -> KILLED [TermProc]
¤¤¤ Registry Entries : 22 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : AdobePlugins (wscript "C:\Users\Shawlhar\AppData\Roaming\Adobe\Plugins\invis.vbs" "C:\Users\Shawlhar\AppData\Roaming\Adobe\Plugins\bat.bat") [-] -> DELETED
[RUN][SUSP PATH] HKCU\[...]\RunOnce : ISSetupPrerequisistes ("C:\Users\Shawlhar\AppData\Local\Temp\NeroInstallFiles\NERO20101126103344769\setup.exe") [7] -> DELETED
[Services][BLSVC] HKLM\[...]\ControlSet001\Services\IBUpdaterService ("C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE) -> DELETED
[TASK][SUSP PATH] CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} : C:\Users\Shawlhar\AppData\Local\Temp\cis6096.exe --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805} [x] -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:8080) -> NOT REMOVED, USE PROXYFIX
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{8784BAD3-0F16-4198-95E4-C07A58FF16C3} : NameServer (10.71.165.25 10.71.165.30) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{32DB6BF4-4C50-4790-B708-6C6921136CD9} : NameServer (172.24.8.50 141.1.1.1) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{32DB6BF4-4C50-4790-B708-6C6921136CD9} : NameServer (172.24.8.50 141.1.1.1) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registeridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
127.0.0.1 mirror2.internetdownloadmanager.com
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-60A23T0 +++++
--- User ---
[MBR] 8cf363d44a7dce5a79e4acd94cfbe718
[BSP] ff53f638fa0bf32284331c9f841c3b66 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 409600 | Size: 290869 Mo
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 596109312 | Size: 14175 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_03212013_02d1618.txt >>
RKreport[1]_S_03212013_02d1521.txt ; RKreport[2]_D_03212013_02d1618.txt
Two logs were generated.
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Shawlhar [Admin rights]
Mode : Scan -- Date : 03/21/2013 16:27:23
| ARK || FAK || MBR |
¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] UnsignedThemesSvc.exe -- C:\Windows\UnsignedThemesSvc.exe [7] -> KILLED [TermProc]
[SUSP PATH] adobe_plugin.exe -- C:\Users\Shawlhar\AppData\Roaming\Adobe\Plugins\adobe_plugin.exe [-] -> KILLED [TermProc]
¤¤¤ Registry Entries : 10 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:8080) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{8784BAD3-0F16-4198-95E4-C07A58FF16C3} : NameServer (10.71.165.25 10.71.165.30) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{32DB6BF4-4C50-4790-B708-6C6921136CD9} : NameServer (172.24.8.50 141.1.1.1) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{32DB6BF4-4C50-4790-B708-6C6921136CD9} : NameServer (172.24.8.50 141.1.1.1) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registeridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
127.0.0.1 mirror2.internetdownloadmanager.com
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-60A23T0 +++++
--- User ---
[MBR] 8cf363d44a7dce5a79e4acd94cfbe718
[BSP] ff53f638fa0bf32284331c9f841c3b66 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 409600 | Size: 290869 Mo
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 596109312 | Size: 14175 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[3]_S_03212013_02d1627.txt >>
RKreport[1]_S_03212013_02d1521.txt ; RKreport[2]_D_03212013_02d1618.txt ; RKreport[3]_S_03212013_02d1627.txt
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Shawlhar [Admin rights]
Mode : Remove -- Date : 03/21/2013 16:18:49
| ARK || FAK || MBR |
¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] UnsignedThemesSvc.exe -- C:\Windows\UnsignedThemesSvc.exe [7] -> KILLED [TermProc]
[SUSP PATH] adobe_plugin.exe -- C:\Users\Shawlhar\AppData\Roaming\Adobe\Plugins\adobe_plugin.exe [-] -> KILLED [TermProc]
¤¤¤ Registry Entries : 22 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : AdobePlugins (wscript "C:\Users\Shawlhar\AppData\Roaming\Adobe\Plugins\invis.vbs" "C:\Users\Shawlhar\AppData\Roaming\Adobe\Plugins\bat.bat") [-] -> DELETED
[RUN][SUSP PATH] HKCU\[...]\RunOnce : ISSetupPrerequisistes ("C:\Users\Shawlhar\AppData\Local\Temp\NeroInstallFiles\NERO20101126103344769\setup.exe") [7] -> DELETED
[Services][BLSVC] HKLM\[...]\ControlSet001\Services\IBUpdaterService ("C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE) -> DELETED
[TASK][SUSP PATH] CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} : C:\Users\Shawlhar\AppData\Local\Temp\cis6096.exe --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805} [x] -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:8080) -> NOT REMOVED, USE PROXYFIX
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{8784BAD3-0F16-4198-95E4-C07A58FF16C3} : NameServer (10.71.165.25 10.71.165.30) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{32DB6BF4-4C50-4790-B708-6C6921136CD9} : NameServer (172.24.8.50 141.1.1.1) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{32DB6BF4-4C50-4790-B708-6C6921136CD9} : NameServer (172.24.8.50 141.1.1.1) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registeridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
127.0.0.1 mirror2.internetdownloadmanager.com
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-60A23T0 +++++
--- User ---
[MBR] 8cf363d44a7dce5a79e4acd94cfbe718
[BSP] ff53f638fa0bf32284331c9f841c3b66 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 409600 | Size: 290869 Mo
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 596109312 | Size: 14175 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_03212013_02d1618.txt >>
RKreport[1]_S_03212013_02d1521.txt ; RKreport[2]_D_03212013_02d1618.txt
#27
Posted 21 March 2013 - 09:40 AM
1972vet
-
- Malware Removal
-
- 99 posts
Trusted Helper
Thanks...now please click the Fix DNS button. Reboot at this point. When the system comes back up, run RogueKiller afresh and post THAT log. Thanks!
#28
Posted 21 March 2013 - 10:49 AM
whizzhard
- Topic Starter
-
- Member
-
- 34 posts
Member
I restarted the system and it hanged minutes after logging into desdtop, i had to hold down the power button, i guess it only happens if am in a hurry and i want the system to boot up quickly esp when the intel rapid storage technology service is yet to load.
so i changed it from automatic(delayed) to automatic in service.
these are the logs
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Shawlhar [Admin rights]
Mode : DNSFix -- Date : 03/21/2013 16:44:58
| ARK || FAK || MBR |
¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] UnsignedThemesSvc.exe -- C:\Windows\UnsignedThemesSvc.exe [7] -> KILLED [TermProc]
[SUSP PATH] adobe_plugin.exe -- C:\Users\Shawlhar\AppData\Roaming\Adobe\Plugins\adobe_plugin.exe [-] -> KILLED [TermProc]
¤¤¤ Registry Entries : 9 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{8784BAD3-0F16-4198-95E4-C07A58FF16C3} : NameServer (10.71.165.25 10.71.165.30) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{32DB6BF4-4C50-4790-B708-6C6921136CD9} : NameServer (172.24.8.50 141.1.1.1) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{32DB6BF4-4C50-4790-B708-6C6921136CD9} : NameServer (172.24.8.50 141.1.1.1) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> REPLACED ()
¤¤¤ Driver : [NOT LOADED] ¤¤¤
Finished : << RKreport[4]_DN_03212013_02d1644.txt >>
RKreport[1]_S_03212013_02d1521.txt ; RKreport[2]_D_03212013_02d1618.txt ; RKreport[3]_S_03212013_02d1627.txt ; RKreport[4]_DN_03212013_02d1644.txt
the log from fresh scan
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Shawlhar [Admin rights]
Mode : Scan -- Date : 03/21/2013 17:39:41
| ARK || FAK || MBR |
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] UnsignedThemesSvc.exe -- C:\Windows\UnsignedThemesSvc.exe [7] -> KILLED [TermProc]
¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:8080) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registeridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
127.0.0.1 mirror2.internetdownloadmanager.com
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-60A23T0 +++++
--- User ---
[MBR] 8cf363d44a7dce5a79e4acd94cfbe718
[BSP] ff53f638fa0bf32284331c9f841c3b66 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 409600 | Size: 290869 Mo
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 596109312 | Size: 14175 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[5]_S_03212013_02d1739.txt >>
RKreport[1]_S_03212013_02d1521.txt ; RKreport[2]_D_03212013_02d1618.txt ; RKreport[3]_S_03212013_02d1627.txt ; RKreport[4]_DN_03212013_02d1644.txt ; RKreport[5]_S_03212013_02d1739.txt
so i changed it from automatic(delayed) to automatic in service.
these are the logs
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Shawlhar [Admin rights]
Mode : DNSFix -- Date : 03/21/2013 16:44:58
| ARK || FAK || MBR |
¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] UnsignedThemesSvc.exe -- C:\Windows\UnsignedThemesSvc.exe [7] -> KILLED [TermProc]
[SUSP PATH] adobe_plugin.exe -- C:\Users\Shawlhar\AppData\Roaming\Adobe\Plugins\adobe_plugin.exe [-] -> KILLED [TermProc]
¤¤¤ Registry Entries : 9 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{8784BAD3-0F16-4198-95E4-C07A58FF16C3} : NameServer (10.71.165.25 10.71.165.30) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{32DB6BF4-4C50-4790-B708-6C6921136CD9} : NameServer (172.24.8.50 141.1.1.1) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{141A3F81-F276-4A08-9819-353D6DAA02E6} : NameServer (10.71.165.25) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{32DB6BF4-4C50-4790-B708-6C6921136CD9} : NameServer (172.24.8.50 141.1.1.1) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{AC0F8338-EC1E-4573-B39C-55D11969FA30} : NameServer (172.24.8.50 141.1.1.1) -> REPLACED ()
¤¤¤ Driver : [NOT LOADED] ¤¤¤
Finished : << RKreport[4]_DN_03212013_02d1644.txt >>
RKreport[1]_S_03212013_02d1521.txt ; RKreport[2]_D_03212013_02d1618.txt ; RKreport[3]_S_03212013_02d1627.txt ; RKreport[4]_DN_03212013_02d1644.txt
the log from fresh scan
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Shawlhar [Admin rights]
Mode : Scan -- Date : 03/21/2013 17:39:41
| ARK || FAK || MBR |
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] UnsignedThemesSvc.exe -- C:\Windows\UnsignedThemesSvc.exe [7] -> KILLED [TermProc]
¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:8080) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 www.registeridm.com
127.0.0.1 secure.registeridm.com
127.0.0.1 internetdownloadmanager.com
127.0.0.1 www.internetdownloadmanager.com
127.0.0.1 secure.internetdownloadmanager.com
127.0.0.1 mirror.internetdownloadmanager.com
127.0.0.1 mirror2.internetdownloadmanager.com
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-60A23T0 +++++
--- User ---
[MBR] 8cf363d44a7dce5a79e4acd94cfbe718
[BSP] ff53f638fa0bf32284331c9f841c3b66 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 409600 | Size: 290869 Mo
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 596109312 | Size: 14175 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[5]_S_03212013_02d1739.txt >>
RKreport[1]_S_03212013_02d1521.txt ; RKreport[2]_D_03212013_02d1618.txt ; RKreport[3]_S_03212013_02d1627.txt ; RKreport[4]_DN_03212013_02d1644.txt ; RKreport[5]_S_03212013_02d1739.txt
Edited by whizzhard, 21 March 2013 - 10:50 AM.
#29
Posted 21 March 2013 - 11:20 AM
1972vet
-
- Malware Removal
-
- 99 posts
Trusted Helper
Is the pc still "slow" as you described in your original post? The issues that caused you to start this thread, are they all still present or have you noticed any improvement at all?
#30
Posted 21 March 2013 - 11:47 AM
whizzhard
- Topic Starter
-
- Member
-
- 34 posts
Member
i think itz a little bit better now though the startup is very slow like 15-20min but once everything is loaded it runs at a manageable speed which is better than what i had before i made my first post
The main thing with the startup is an issue of loading the neccessary service i think because it takes just approx 2min for the system to boot up to the welcome screen but once itz in desktop, i literally cant do anything until 15min is passed or so, coz the system will be super slow and sometimes as i posted earlier it might hang if i rush into it
when i said hang i mean if i right click to refresh on desktop the pointer will rotate continuously and if i clicked the desktop during this time the whole window will go transparent white like the desktop is "not responding".
but once itz passed as in once it loads action center or windows update in the tray then i know im good to go
The main thing with the startup is an issue of loading the neccessary service i think because it takes just approx 2min for the system to boot up to the welcome screen but once itz in desktop, i literally cant do anything until 15min is passed or so, coz the system will be super slow and sometimes as i posted earlier it might hang if i rush into it
when i said hang i mean if i right click to refresh on desktop the pointer will rotate continuously and if i clicked the desktop during this time the whole window will go transparent white like the desktop is "not responding".
but once itz passed as in once it loads action center or windows update in the tray then i know im good to go
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
