dpHaxR
2010-08-24, 13:01
Hey guys,
from 1 week my main computer is having some serious heavy slow Internet connection speed. My Internet speed is 7 MB/s but i don't know why now it's actually from 0.30 MB/s to 0.80 MB/s.
I already contacted my ISP provider and they told me that there were no problems in the area where i live.
I'm living in north Italy and using provider TeleTu.
Anyway i already scanned multiple times my main computer with Spybot S&D, Malwarebytes Anti-Malware and Kaspersky Pure.
I ran Malwarebytes firstly and it found 30 infected objects. Then i ran Spybot and it found 1 infected object and then Kaspersky which didn't find anything.
I also run a disk defrag and a registry clean and the registry clean found in total 22 errors in the registry. But my Internet connection was still slow and i was like "WTF?!"...
So i ran some speed tests with my other computers, phones and everything it had an Internet connection. They all had around 2.00 - 2.30 MB/s in download speed which it's not normal but at least i could listen to YouTube videos without waiting 1 hour to listen a 10 minutes song.
So i decided to format the whole main PC with Windows 7 Eternity Edition. I took that mod because i had Windows 8 Xtreme Edition and i thought that it could have been its fault of such slow connection speed.
After 5 hours of backup and re-installing the OS, i decided to run again a speed test at speedtest.net... Do you what? I was like "WTF?!" x 10 times, how the hell! My connection speed was still from 0.30 MB/s to 0.80 MB/s!
I then re-contacted my ISP provider for the sixth time but then it said that there were no problems in the area of where i live. I told all the messed up story, that my main PC is maybe caused by some malware but i told them that the other computer had a download speed from 2.00 MB/s to 2.30 MB/s which is not NORMAL since the previous week, i had some average 7.00-7.25 MB/s speed!
Please guys, you're the only ones who can help me since these dumb providers can't even send a tech assistance to my house...
Here's my DDS.txt log:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Dinh at 11:36:11,22 on 24/08/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1033.18.1024.182 [GMT 2:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Windows\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Users\Dinh\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://search.orbitdownloader.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky pure\ievkbd.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRunOnce: [DeleteGrabPro] rundll32.exe advpack.dll,DelNodeRunDLL32 "c:\program files\orbitdownloader\GrabPro.dll"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky pure\avp.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [gidle] "c:\users\dinh\appdata\local\temp\gidle.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [Welcome Center] c:\windows\system32\rundll32.exe c:\windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rocket~1.lnk - c:\program files\rocketdock\RocketDock.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMBalloonTip = 1 (0x1)
IE: Aggiungi ad Anti-Banner - c:\program files\kaspersky lab\kaspersky pure\ie_banner_deny.htm
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\dinh\appdata\roaming\mozilla\firefox\profiles\rkcyguo5.default\
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2010-8-23 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2010-8-23 39352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
=============== Created Last 30 ================
2010-08-24 09:32:09 0 d-----w- c:\program files\Trend Micro
2010-08-24 09:22:05 0 d-----w- c:\users\dinh\appdata\roaming\Malwarebytes
2010-08-24 09:21:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-24 09:21:44 0 d-----w- c:\programdata\Malwarebytes
2010-08-24 09:21:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-24 09:21:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-24 09:19:49 480 --sha-w- c:\windows\KLIF.spi
2010-08-24 08:20:00 0 d-----w- c:\program files\CCleaner
2010-08-24 07:05:51 38 ----a-w- c:\windows\avisplitter.ini
2010-08-24 07:05:51 165376 ----a-w- c:\windows\system32\unrar.dll
2010-08-24 07:05:49 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-08-24 07:05:49 232448 ----a-w- c:\windows\system32\mp3fhg.acm
2010-08-24 07:05:49 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-08-24 07:05:48 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2010-08-24 07:05:48 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-08-24 07:05:48 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-08-24 07:05:44 0 d-----w- c:\program files\K-Lite Codec Pack
2010-08-24 00:54:38 0 d-----w- c:\windows\Panther
2010-08-24 00:54:26 8192 --sha-r- C:\BOOTSECT.BAK
2010-08-24 00:54:24 383562 --sha-r- C:\bootmgr
2010-08-24 00:54:24 0 d-sh--w- C:\Boot
2010-08-23 22:23:37 0 d-----w- c:\programdata\Sun
2010-08-23 22:23:18 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-23 22:20:05 0 d-----w- c:\programdata\Adobe
2010-08-23 22:09:51 0 d-----w- c:\program files\Unlocker
2010-08-23 22:04:27 0 d-----w- c:\windows\system32\Adobe
2010-08-23 21:25:50 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-08-23 20:52:53 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-08-23 20:52:53 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-08-23 20:52:17 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2010-08-23 20:52:17 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2010-08-23 20:51:42 0 d-----w- c:\program files\common files\InfoWatch
2010-08-23 20:51:41 0 d-----w- c:\programdata\Kaspersky Lab
2010-08-23 20:51:41 0 d-----w- c:\program files\Kaspersky Lab
2010-08-23 20:47:00 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-08-23 16:56:32 335478 ----a-w- c:\windows\system32\perfi010.dat
2010-08-23 16:56:31 697040 ----a-w- c:\windows\system32\perfh010.dat
2010-08-23 16:56:31 37534 ----a-w- c:\windows\system32\perfd010.dat
2010-08-23 16:56:31 127072 ----a-w- c:\windows\system32\perfc010.dat
2010-08-23 16:53:26 0 d-----w- c:\windows\it-IT
2010-08-23 16:53:11 0 d-----w- c:\windows\system32\XPSViewer
2010-08-23 16:53:10 0 d-----w- c:\windows\system32\drivers\it-IT
2010-08-23 16:53:10 0 d-----w- c:\windows\system32\0410
2010-08-23 16:53:03 0 d-----w- c:\windows\system32\wbem\it-IT
2010-08-23 16:53:03 0 d-----w- c:\windows\system32\it
2010-08-23 16:26:39 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-08-23 16:24:25 0 d-sh--w- c:\windows\Installer
2010-08-23 16:23:31 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-23 16:23:31 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-23 16:23:31 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-08-23 16:23:31 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-23 16:23:31 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-08-23 16:23:11 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-08-23 15:54:22 0 d-----w- c:\programdata\regid.1986-12.com.adobe
2010-08-23 15:23:32 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-08-23 15:23:29 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-08-23 15:23:29 507568 ----a-w- c:\windows\system32\winload.exe
2010-08-23 15:23:29 442920 ----a-w- c:\windows\system32\winresume.exe
2010-08-23 15:23:29 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-08-23 15:19:57 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-08-23 15:12:55 1541382 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-08-23 15:11:00 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-08-23 15:10:51 0 d-----w- c:\windows\system32\wbem\Performance
2010-08-23 15:10:08 132608 ----a-w- c:\windows\system32\cabview.dll
2010-08-23 15:04:06 0 d-----w- c:\users\dinh\appdata\roaming\GrabPro
2010-08-23 15:04:06 0 d-----w- C:\downloads
2010-08-23 14:57:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
==================== Find3M ====================
2010-08-23 16:33:25 37534 ----a-w- c:\windows\inf\perflib\0410\perfd.dat
2010-08-23 16:33:25 37534 ----a-w- c:\windows\inf\perflib\0410\perfc.dat
2010-08-23 16:33:25 335478 ----a-w- c:\windows\inf\perflib\0410\perfi.dat
2010-08-23 16:33:25 335478 ----a-w- c:\windows\inf\perflib\0410\perfh.dat
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07:18 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48:35 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-08 06:02:06 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 11:42:58,31 ===============I also attached the "Attach.zip".
Thanks in advance!
---------------------------------------
Sorry for disturb but i'm still stuck and i'll really appreciate who can give me some support.
Thanks in advance.
---------------------------------------
Waiting for help in the Malware Forum FOUR days or longer? (http://forums.spybot.info/showthread.php?t=1137)
from 1 week my main computer is having some serious heavy slow Internet connection speed. My Internet speed is 7 MB/s but i don't know why now it's actually from 0.30 MB/s to 0.80 MB/s.
I already contacted my ISP provider and they told me that there were no problems in the area where i live.
I'm living in north Italy and using provider TeleTu.
Anyway i already scanned multiple times my main computer with Spybot S&D, Malwarebytes Anti-Malware and Kaspersky Pure.
I ran Malwarebytes firstly and it found 30 infected objects. Then i ran Spybot and it found 1 infected object and then Kaspersky which didn't find anything.
I also run a disk defrag and a registry clean and the registry clean found in total 22 errors in the registry. But my Internet connection was still slow and i was like "WTF?!"...
So i ran some speed tests with my other computers, phones and everything it had an Internet connection. They all had around 2.00 - 2.30 MB/s in download speed which it's not normal but at least i could listen to YouTube videos without waiting 1 hour to listen a 10 minutes song.
So i decided to format the whole main PC with Windows 7 Eternity Edition. I took that mod because i had Windows 8 Xtreme Edition and i thought that it could have been its fault of such slow connection speed.
After 5 hours of backup and re-installing the OS, i decided to run again a speed test at speedtest.net... Do you what? I was like "WTF?!" x 10 times, how the hell! My connection speed was still from 0.30 MB/s to 0.80 MB/s!
I then re-contacted my ISP provider for the sixth time but then it said that there were no problems in the area of where i live. I told all the messed up story, that my main PC is maybe caused by some malware but i told them that the other computer had a download speed from 2.00 MB/s to 2.30 MB/s which is not NORMAL since the previous week, i had some average 7.00-7.25 MB/s speed!
Please guys, you're the only ones who can help me since these dumb providers can't even send a tech assistance to my house...
Here's my DDS.txt log:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Dinh at 11:36:11,22 on 24/08/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1033.18.1024.182 [GMT 2:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskhost.exe
C:\Windows\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Users\Dinh\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://search.orbitdownloader.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky pure\ievkbd.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRunOnce: [DeleteGrabPro] rundll32.exe advpack.dll,DelNodeRunDLL32 "c:\program files\orbitdownloader\GrabPro.dll"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky pure\avp.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [gidle] "c:\users\dinh\appdata\local\temp\gidle.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [Welcome Center] c:\windows\system32\rundll32.exe c:\windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rocket~1.lnk - c:\program files\rocketdock\RocketDock.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMBalloonTip = 1 (0x1)
IE: Aggiungi ad Anti-Banner - c:\program files\kaspersky lab\kaspersky pure\ie_banner_deny.htm
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky pure\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\dinh\appdata\roaming\mozilla\firefox\profiles\rkcyguo5.default\
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [2010-8-23 88632]
R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [2010-8-23 39352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
=============== Created Last 30 ================
2010-08-24 09:32:09 0 d-----w- c:\program files\Trend Micro
2010-08-24 09:22:05 0 d-----w- c:\users\dinh\appdata\roaming\Malwarebytes
2010-08-24 09:21:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-24 09:21:44 0 d-----w- c:\programdata\Malwarebytes
2010-08-24 09:21:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-24 09:21:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-24 09:19:49 480 --sha-w- c:\windows\KLIF.spi
2010-08-24 08:20:00 0 d-----w- c:\program files\CCleaner
2010-08-24 07:05:51 38 ----a-w- c:\windows\avisplitter.ini
2010-08-24 07:05:51 165376 ----a-w- c:\windows\system32\unrar.dll
2010-08-24 07:05:49 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-08-24 07:05:49 232448 ----a-w- c:\windows\system32\mp3fhg.acm
2010-08-24 07:05:49 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-08-24 07:05:48 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2010-08-24 07:05:48 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-08-24 07:05:48 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-08-24 07:05:44 0 d-----w- c:\program files\K-Lite Codec Pack
2010-08-24 00:54:38 0 d-----w- c:\windows\Panther
2010-08-24 00:54:26 8192 --sha-r- C:\BOOTSECT.BAK
2010-08-24 00:54:24 383562 --sha-r- C:\bootmgr
2010-08-24 00:54:24 0 d-sh--w- C:\Boot
2010-08-23 22:23:37 0 d-----w- c:\programdata\Sun
2010-08-23 22:23:18 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-23 22:20:05 0 d-----w- c:\programdata\Adobe
2010-08-23 22:09:51 0 d-----w- c:\program files\Unlocker
2010-08-23 22:04:27 0 d-----w- c:\windows\system32\Adobe
2010-08-23 21:25:50 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-08-23 20:52:53 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-08-23 20:52:53 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-08-23 20:52:17 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2010-08-23 20:52:17 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2010-08-23 20:51:42 0 d-----w- c:\program files\common files\InfoWatch
2010-08-23 20:51:41 0 d-----w- c:\programdata\Kaspersky Lab
2010-08-23 20:51:41 0 d-----w- c:\program files\Kaspersky Lab
2010-08-23 20:47:00 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-08-23 16:56:32 335478 ----a-w- c:\windows\system32\perfi010.dat
2010-08-23 16:56:31 697040 ----a-w- c:\windows\system32\perfh010.dat
2010-08-23 16:56:31 37534 ----a-w- c:\windows\system32\perfd010.dat
2010-08-23 16:56:31 127072 ----a-w- c:\windows\system32\perfc010.dat
2010-08-23 16:53:26 0 d-----w- c:\windows\it-IT
2010-08-23 16:53:11 0 d-----w- c:\windows\system32\XPSViewer
2010-08-23 16:53:10 0 d-----w- c:\windows\system32\drivers\it-IT
2010-08-23 16:53:10 0 d-----w- c:\windows\system32\0410
2010-08-23 16:53:03 0 d-----w- c:\windows\system32\wbem\it-IT
2010-08-23 16:53:03 0 d-----w- c:\windows\system32\it
2010-08-23 16:26:39 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-08-23 16:24:25 0 d-sh--w- c:\windows\Installer
2010-08-23 16:23:31 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-08-23 16:23:31 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-08-23 16:23:31 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-08-23 16:23:31 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-08-23 16:23:31 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-08-23 16:23:11 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-08-23 15:54:22 0 d-----w- c:\programdata\regid.1986-12.com.adobe
2010-08-23 15:23:32 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-08-23 15:23:29 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-08-23 15:23:29 507568 ----a-w- c:\windows\system32\winload.exe
2010-08-23 15:23:29 442920 ----a-w- c:\windows\system32\winresume.exe
2010-08-23 15:23:29 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-08-23 15:19:57 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-08-23 15:12:55 1541382 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-08-23 15:11:00 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-08-23 15:10:51 0 d-----w- c:\windows\system32\wbem\Performance
2010-08-23 15:10:08 132608 ----a-w- c:\windows\system32\cabview.dll
2010-08-23 15:04:06 0 d-----w- c:\users\dinh\appdata\roaming\GrabPro
2010-08-23 15:04:06 0 d-----w- C:\downloads
2010-08-23 14:57:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
==================== Find3M ====================
2010-08-23 16:33:25 37534 ----a-w- c:\windows\inf\perflib\0410\perfd.dat
2010-08-23 16:33:25 37534 ----a-w- c:\windows\inf\perflib\0410\perfc.dat
2010-08-23 16:33:25 335478 ----a-w- c:\windows\inf\perflib\0410\perfi.dat
2010-08-23 16:33:25 335478 ----a-w- c:\windows\inf\perflib\0410\perfh.dat
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07:18 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48:35 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-08 06:02:06 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 11:42:58,31 ===============I also attached the "Attach.zip".
Thanks in advance!
---------------------------------------
Sorry for disturb but i'm still stuck and i'll really appreciate who can give me some support.
Thanks in advance.
---------------------------------------
Waiting for help in the Malware Forum FOUR days or longer? (http://forums.spybot.info/showthread.php?t=1137)