Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware / virus slowing down internet


  • This topic is locked This topic is locked
2 replies to this topic

#1 radmarsh

radmarsh

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 31 March 2011 - 05:25 AM

Hi,

Firstly respect for an awesome site I often point my friends in this direction when they are having issues...now its my turn.

I noticed that my internet connection severely slowed down so I followed the malware removal process as recommended by majorgeeks (http://forums.majorgeeks.com/showthread.php?t=139681). The whole process found and removed several pieces of spywear and I thought my system clean. However, my internet keeps slowing down and also I have noticed an icon (from a hardware detector program downloaded from the acer website) appearing in my system tray and then disappearing...I guess its a piece of malware pinching the icon and running something. Also, whenever I run Rkill it finds and stops several process's (below is an example).

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 31/03/2011 at 20:27:41.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Users\Melvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Melvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Melvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Melvin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\runonce.exe


Rkill completed on 31/03/2011 at 20:27:48.


I have ran Malwarebytes several times before and after running rkill, in safe mode and in normal mode but it doesn't find anything.

I have also run the eset NOD32 online scanner which also found nothing.

I have run several Avast thorough virus scans including boot scans which found nothing aside from some corrupted rar files.

I also ran HijackThis and went through the log, I'm only a beginner but nothing came up as malicious when I googled it.

I am running Windows 7 home premium and using the free version of Avast, Spybot S&D, and Comodo firewall.

If someone has the time to go through my DDS log and shed any light on my problem I would be much appreciative.

One other thing...I'm running virtual clone drive and used Defooger to disable it but I'm not sure it did the job as it didn't want to restart the machine.

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Melvin at 20:47:00.44 on 31/03/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3767.2202 [GMT 11:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Disabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\OneTouchAccess.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe
C:\Users\Melvin\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741&r=27360311b125l0484z1m5t5672j09s
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741&r=27360311b125l0484z1m5t5672j09s
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Google Update] "C:\Users\Melvin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel
IE: Se&nd to OneNote
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: {9D71B0C4-EDC2-4899-B30A-17EAC2963F23} = 198.142.0.51 61.88.88.88
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [PLFSetI] C:\Windows\PLFSetI.exe
mRun-x64: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
mRun-x64: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
AppInit_DLLs-X64: C:\Windows\System32\guard64.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-18 505176]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-3-18 280408]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2010-9-10 250008]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2010-9-10 39888]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-18 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-18 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-30 128752]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-3-18 22360]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-3-18 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-3-18 42184]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-5-6 312400]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-3-18 867360]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-9 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-18 13336]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-9 250368]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-3-18 1153368]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-5-6 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-5-6 243232]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-6 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-5-6 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-5-6 271872]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-3-21 321064]
R3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\ccdcmbox64.sys [2010-2-26 25088]
R3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2010-2-26 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-6 245280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-18 136176]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-3-25 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-3-25 9096]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-19 1255736]
.
=============== Created Last 30 ================
.
2011-03-31 01:39:20 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{32BDD4A0-D6BC-436D-818B-A7F5F132849E}\mpengine.dll
2011-03-30 00:21:58 -------- d-----w- C:\Users\Melvin\AppData\Local\QuickPar
2011-03-29 20:36:36 -------- d-sh--w- C:\$RECYCLE.BIN
2011-03-29 06:11:42 -------- d-----w- C:\Program Files (x86)\ESET
2011-03-29 05:47:58 -------- d-----w- C:\HijackThis
2011-03-28 13:25:51 -------- d-----w- C:\MGtools
2011-03-28 11:30:41 98816 ----a-w- C:\Windows\sed.exe
2011-03-28 11:30:41 89088 ----a-w- C:\Windows\MBR.exe
2011-03-28 11:30:41 256512 ----a-w- C:\Windows\PEV.exe
2011-03-28 11:30:41 161792 ----a-w- C:\Windows\SWREG.exe
2011-03-28 09:47:04 -------- d-----w- C:\Users\Melvin\AppData\Local\Microsoft Games
2011-03-27 10:18:12 -------- d-----w- C:\Users\Melvin\AppData\Roaming\SUPERAntiSpyware.com
2011-03-27 10:18:12 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2011-03-27 10:18:00 -------- d-----w- C:\PROGRA~3\!SASCORE
2011-03-27 10:17:58 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-03-25 01:44:47 9096 ----a-w- C:\Windows\System32\EuGdiDrv.sys
2011-03-25 01:44:47 86408 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe
2011-03-25 01:44:47 8456 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys
2011-03-25 01:44:47 2913920 ----a-w- C:\Windows\System32\BootMan.exe
2011-03-25 01:44:47 2336384 ----a-w- C:\Windows\SysWow64\BootMan.exe
2011-03-25 01:44:47 16776 ----a-w- C:\Windows\System32\epmntdrv.sys
2011-03-25 01:44:47 14848 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll
2011-03-25 01:44:47 14216 ----a-w- C:\Windows\SysWow64\epmntdrv.sys
2011-03-25 01:44:47 11264 ----a-w- C:\Windows\System32\EuEpmGdi.dll
2011-03-25 01:44:47 100232 ----a-w- C:\Windows\System32\setupempdrvx64.exe
2011-03-25 01:44:37 -------- d-----w- C:\Program Files (x86)\EASEUS
2011-03-23 00:54:39 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-03-23 00:53:17 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-03-22 11:21:18 -------- d-----w- C:\Users\Melvin\AppData\Roaming\Malwarebytes
2011-03-22 11:21:13 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-22 11:21:12 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-03-22 11:21:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-22 11:21:12 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-03-22 07:23:18 8424784 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-03-22 07:22:45 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-03-22 07:22:45 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-03-22 07:22:45 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-03-22 07:22:45 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-03-20 09:04:12 32768 ----a-w- C:\Windows\System32\drivers\usbser.sys
2011-03-20 09:01:01 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-03-19 04:32:44 -------- d-----w- C:\Users\Melvin\AppData\Local\ElevatedDiagnostics
2011-03-19 04:15:36 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-03-19 04:15:36 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-03-19 04:15:35 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-03-19 04:15:34 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-03-19 04:15:33 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-03-19 04:02:22 -------- d-----w- C:\Users\Melvin\AppData\Roaming\GlarySoft
2011-03-19 03:54:26 -------- d-----w- C:\Program Files (x86)\Glary Utilities
2011-03-19 03:39:05 -------- d-----w- C:\Windows\Replay Music
2011-03-19 03:39:05 -------- d-----w- C:\Program Files (x86)\Replay Music 3
2011-03-19 03:36:30 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2011-03-19 03:36:29 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2011-03-19 03:35:48 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2011-03-19 03:35:37 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-03-19 03:34:13 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-03-19 03:33:49 -------- d-----w- C:\Program Files (x86)\QuickPar
2011-03-19 03:32:48 -------- d-----w- C:\Program Files (x86)\uTorrent
2011-03-19 03:32:24 -------- d-----w- C:\Users\Melvin\AppData\Roaming\uTorrent
2011-03-19 02:31:17 -------- d-----w- C:\Windows\NAPP_Dism_Log
2011-03-19 01:57:01 14744 ----a-w- C:\Users\Melvin\AppData\Roaming\Microsoft\IdentityCRL\production\ppcrlconfig.dll
2011-03-19 01:49:16 -------- d-----w- C:\Windows\en
2011-03-19 01:47:28 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-03-19 01:47:28 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-03-19 01:47:28 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-03-19 01:47:28 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-03-19 01:44:52 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3c95f9521cbe5d72d\InstallManager_WLE_WLE.exe
2011-03-19 01:44:34 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3288c9c91cbe5d722\MeshBetaRemover.exe
2011-03-19 01:44:19 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\297f103f1cbe5d71a\DSETUP.dll
2011-03-19 01:44:19 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\297f103f1cbe5d71a\DXSETUP.exe
2011-03-19 01:44:19 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\297f103f1cbe5d71a\dsetup32.dll
2011-03-19 01:44:18 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2882be621cbe5d719\DSETUP.dll
2011-03-19 01:44:18 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2882be621cbe5d719\DXSETUP.exe
2011-03-19 01:44:18 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2882be621cbe5d719\dsetup32.dll
2011-03-19 01:43:31 -------- d-----w- C:\Users\Melvin\AppData\Local\Windows Live
2011-03-19 01:43:00 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2011-03-19 01:43:00 206848 ----a-w- C:\Windows\System32\mfps.dll
2011-03-19 01:42:59 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2011-03-19 01:42:59 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2011-03-19 01:42:58 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2011-03-19 01:42:57 4068864 ----a-w- C:\Windows\System32\mf.dll
2011-03-19 01:42:56 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2011-03-19 01:37:30 3 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2011-03-19 01:36:25 -------- d-----w- C:\Program Files\Common Files\Intel
2011-03-19 01:36:25 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2011-03-19 00:30:52 -------- d-----w- C:\Users\Melvin\AppData\Roaming\GrabIt
2011-03-19 00:27:41 -------- d-----w- C:\Program Files (x86)\GrabIt
2011-03-19 00:26:04 -------- d-----w- C:\PROGRA~3\regid.1986-12.com.adobe
2011-03-19 00:24:12 -------- d-----w- C:\Users\Melvin\AppData\Local\Adobe
2011-03-19 00:12:09 -------- d-----w- C:\Windows\SysWow64\Wat
2011-03-19 00:12:09 -------- d-----w- C:\Windows\System32\Wat
2011-03-18 10:32:56 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-03-18 10:32:56 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-03-18 10:21:58 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-03-18 10:21:58 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-03-18 10:21:58 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-03-18 10:21:58 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-03-18 10:21:58 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-03-18 10:21:58 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-03-18 10:21:58 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-03-18 10:21:58 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-03-18 10:21:58 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-03-18 10:21:58 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-03-18 10:17:34 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-03-18 10:17:34 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2011-03-18 09:52:24 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-03-18 09:51:59 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2011-03-18 09:50:57 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-03-18 09:49:24 112000 ----a-w- C:\Windows\System32\consent.exe
2011-03-18 09:36:56 -------- d-----w- C:\Program Files (x86)\Common Files\PCSuite
2011-03-18 09:33:23 -------- d-----w- C:\PROGRA~3\Nokia
2011-03-18 09:19:00 25600 ----a-w- C:\Windows\System32\drivers\pccsmcfdx64.sys
2011-03-18 09:18:53 -------- d-----w- C:\Program Files (x86)\PC Connectivity Solution
2011-03-18 09:18:44 69120 ----a-w- C:\Windows\System32\nmwcdclsx64.dll
2011-03-18 09:18:18 -------- d-----w- C:\Program Files (x86)\Nokia
2011-03-18 09:18:18 -------- d-----w- C:\Program Files (x86)\Common Files\Nokia
2011-03-18 09:12:02 -------- d-----w- C:\Program Files (x86)\MSECache
2011-03-18 08:56:45 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-03-18 08:52:39 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-03-18 08:48:17 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-03-18 08:46:49 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-03-18 08:46:16 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-03-18 08:46:05 -------- d-----w- C:\Users\Melvin\AppData\Local\Microsoft Help
2011-03-18 08:43:43 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2011-03-18 08:41:46 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-03-18 08:41:46 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-03-18 08:35:23 -------- d-----w- C:\Program Files\COMODO
2011-03-18 08:35:00 -------- d-----w- C:\PROGRA~3\Comodo
2011-03-18 08:33:29 -------- d-----w- C:\Users\Melvin\AppData\Local\Google
2011-03-18 08:33:28 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-03-18 08:33:09 40648 ----a-w- C:\Windows\avastSS.scr
2011-03-18 08:33:07 -------- d-----w- C:\PROGRA~3\Alwil Software
2011-03-18 08:15:49 -------- d-----w- C:\Users\Melvin\AppData\Roaming\Intel Corporation
2011-03-18 08:05:12 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-03-18 08:05:12 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-03-18 08:05:01 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-03-18 08:03:45 -------- d-----w- C:\Windows\PCHEALTH
2011-03-18 08:03:05 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-03-18 08:01:16 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink
2011-03-18 08:00:17 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-03-18 08:00:17 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-03-18 08:00:17 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-03-18 07:58:38 206208 ----a-w- C:\Windows\PLFSetI.exe
2011-03-18 07:58:37 9168 ----a-w- C:\Windows\Suyin.reg
2011-03-18 07:58:37 632056 ----a-w- C:\Windows\Image.dll
2011-03-18 07:58:37 49464 ----a-w- C:\Windows\AutosetFrequency.exe
2011-03-18 07:58:37 25848 ----a-w- C:\Windows\USB_VIDEO_REG.exe
2011-03-18 07:58:37 1664248 ----a-w- C:\Windows\Acer Crystal Eye webcam.exe
2011-03-18 07:58:13 -------- d-----w- C:\Program Files\Synaptics
2011-03-18 07:54:49 -------- d-----w- C:\Program Files (x86)\Launch Manager
2011-03-18 07:50:22 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-03-18 07:50:22 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-03-18 07:50:22 125952 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-03-18 07:48:41 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-03-18 07:48:41 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-03-18 07:48:13 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-03-18 07:48:13 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-03-18 07:47:47 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2011-03-18 07:47:02 -------- d---a-w- C:\book
2011-03-18 07:47:02 -------- d-----w- C:\Users\Melvin\AppData\Local\EgisTec IPS
2011-03-18 07:46:34 -------- d-----w- C:\Users\Melvin\AppData\Local\VirtualStore
2011-03-18 07:41:21 -------- d-----w- C:\Recovery
.
==================== Find3M ====================
.
2011-03-22 00:55:21 362784 ----a-w- C:\Windows\System32\guard64.dll
2011-03-22 00:55:18 285480 ----a-w- C:\Windows\SysWow64\guard32.dll
2011-03-22 00:55:13 39888 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2011-03-22 00:55:11 250008 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2011-03-22 00:55:11 14184 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2011-01-07 08:07:24 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-01-07 08:07:24 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-01-07 07:31:10 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 20:47:44.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 radmarsh

radmarsh
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 03 April 2011 - 12:52 AM

Hi,

I decided to reformat my machine and be done with it so not to worry. Keep up the good work :thumbup2:

#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:03:47 AM

Posted 03 April 2011 - 01:10 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users