PDA

View Full Version : Super Slow browsing



gjax21
2013-08-22, 21:07
I think I am infected because my usually super fast internet (University of Illinois Research Hall) was so slow it basically didn't work. Many pages simply failed to load. Despite slow page loading, speedtest is up in the 80 Mbps range.

I have had following programs
Avast
Commodo
SpywareBlaster
Malwarbytes

Added

Combofix
MSE

to try and clean the problem




I ran a bootime Avast scan and got three entries.

Threat:Win32:Adware-gen [Adw]----------deleted
PUP:Win32:Toolbar-N [PUP]-------------deleted
PUP: Win32:Toolbar-N{PUP]------------Error:Error
------------

Ran Malwarebytes and found nothing

I then stupidly ran combofix and I think it did find some things and deleted them

----------------------------

Ran MSE and found nothing

----------------------------------



---------------------

DDS log


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16502 BrowserJavaVersion: 10.13.2
Run by KAS at 11:46:29 on 2013-08-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6088.3651 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\KAS\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://lenovo.msn.com
mStart Page = hxxp://lenovo.msn.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 130.126.2.131
TCP: Interfaces\{00E35BEC-233D-46C2-8B06-4A135AE72A68} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{00E35BEC-233D-46C2-8B06-4A135AE72A68} : DHCPNameServer = 130.126.2.131
TCP: Interfaces\{0D3FABA4-F402-4271-85CE-20D4ED48F960} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{0D3FABA4-F402-4271-85CE-20D4ED48F960} : DHCPNameServer = 64.185.96.68 64.185.96.4
TCP: Interfaces\{4F07A7AD-271F-4D3D-99C3-AE5AB5E5809A}\D416272796F64747F534F4E464 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{9149E5CB-1FA9-4137-880D-DD74F7CB3523} : DHCPNameServer = 77.234.40.79
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\guard32.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://lenovo.msn.com
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\KAS\AppData\Roaming\Mozilla\Firefox\Profiles\wrw0g1wk.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\windows\System32\drivers\aswRvrt.sys [2013-6-2 65336]
R0 aswVmm;aswVmm;C:\windows\System32\drivers\aswVmm.sys [2013-6-2 189936]
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-8-25 57952]
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-8-25 39008]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2011-11-2 1030952]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2011-11-2 378944]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-8-25 13408]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\windows\System32\drivers\cmdGuard.sys [2011-10-7 574216]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\windows\System32\drivers\cmdhlp.sys [2011-10-7 43248]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-8-25 203776]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2011-11-2 33400]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2011-11-2 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-6-2 46808]
R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-25 13336]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-25 2656280]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
R3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2011-8-25 349224]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-8-25 39464]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-1-28 31088]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-8-25 317440]
R3 intelkmd;intelkmd;C:\windows\System32\drivers\igdpmd64.sys [2011-8-25 12262336]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-8-25 76912]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
S2 CLKMSVC10_3A60B698;CyberLink Product - 2011/08/26 03:17:30;C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [2011-2-24 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 athur;Wireless Network Adapter Service;C:\windows\System32\drivers\athurx.sys [2012-6-8 1847296]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-8-25 299520]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-9-25 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-21 21:45:22 -------- d-----w- C:\f1449519b8848781fa11
2013-08-21 21:40:16 661184 ----a-w- C:\autoruns.exe
2013-08-21 21:40:16 579264 ----a-w- C:\autorunsc.exe
2013-08-21 21:36:37 -------- d-----w- C:\AdwCleaner
2013-08-21 21:13:24 -------- d-sh--w- C:\$RECYCLE.BIN
2013-08-21 20:49:57 98816 ----a-w- C:\windows\sed.exe
2013-08-21 20:49:57 256000 ----a-w- C:\windows\PEV.exe
2013-08-21 20:49:57 208896 ----a-w- C:\windows\MBR.exe
2013-08-19 20:30:03 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6A74D857-FA61-417D-84AF-C7CEE36DB0D9}\mpengine.dll
2013-08-15 15:55:21 -------- d-----w- C:\windows\System32\MRT
2013-08-15 15:50:58 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2013-08-15 15:50:58 104448 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-08-15 15:50:57 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2013-08-15 15:50:56 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2013-08-15 15:50:56 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2013-08-14 20:03:29 1472512 ----a-w- C:\windows\System32\crypt32.dll
2013-08-14 20:03:28 224256 ----a-w- C:\windows\System32\wintrust.dll
2013-08-14 20:03:28 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-08-14 20:03:28 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-08-14 20:03:28 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-08-14 20:03:28 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-08-14 20:03:27 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-08-14 20:03:27 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-08-14 20:03:06 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-08-14 20:03:06 2048 ----a-w- C:\windows\System32\tzres.dll
2013-08-14 20:01:58 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-08-12 01:25:14 230400 ----a-w- C:\windows\System32\Spool\prtprocs\x64\hpzppw71.dll
2013-07-31 19:04:25 -------- d-----w- C:\Program Files\Common Files\Corel
2013-07-31 19:03:54 -------- d-----w- C:\Program Files\Common Files\Protexis
2013-07-31 19:03:49 -------- d-----w- C:\ProgramData\Corel
2013-07-31 18:56:27 -------- d-----w- C:\Program Files\Corel
.
==================== Find3M ====================
.
2013-08-21 22:01:53 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 22:01:53 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-25 03:37:25 2312704 ----a-w- C:\windows\System32\jscript9.dll
2013-07-25 03:30:49 1392128 ----a-w- C:\windows\System32\wininet.dll
2013-07-25 03:29:41 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2013-07-25 03:28:46 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2013-07-25 03:28:31 599040 ----a-w- C:\windows\System32\vbscript.dll
2013-07-25 03:27:20 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2013-07-25 02:32:35 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-07-25 02:26:10 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2013-07-25 02:25:30 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-07-25 02:23:59 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2013-07-25 02:23:58 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2013-07-25 02:22:35 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-07-09 06:03:30 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\windows\System32\wow64.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\windows\System32\rpcrt4.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-07-09 04:45:07 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-06-29 02:13:55 189936 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-06-29 02:13:54 1030952 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2013-06-15 04:32:16 39936 ----a-w- C:\windows\System32\drivers\tssecsrv.sys
2013-06-10 00:13:01 545200 ----a-w- C:\windows\System32\npdeployJava1.dll
2013-06-10 00:13:01 526768 ----a-w- C:\windows\System32\deployJava1.dll
2013-06-05 03:34:27 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\windows\SysWow64\qedit.dll
.
============= FINISH: 11:51:58.41 ===============



--------------


aswMBR Log

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-22 12:41:19
-----------------------------
12:41:19.635 OS Version: Windows x64 6.1.7601 Service Pack 1
12:41:19.636 Number of processors: 4 586 0x2A07
12:41:19.642 ComputerName: KAS-PC UserName: KAS
12:41:23.005 Initialize success
12:41:23.559 AVAST engine defs: 13082200
12:43:07.441 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:43:07.451 Disk 0 Vendor: WDC_WD75 02.0 Size: 715404MB BusType: 3
12:43:07.571 Disk 0 MBR read successfully
12:43:07.581 Disk 0 MBR scan
12:43:07.591 Disk 0 Windows 7 default MBR code
12:43:07.601 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
12:43:07.621 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 670402 MB offset 411648
12:43:07.631 Disk 0 Partition - 00 0F Extended LBA 29693 MB offset 1373394944
12:43:07.661 Disk 0 Partition 3 00 12 Compaq diag NTFS 15108 MB offset 1434206208
12:43:07.701 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29692 MB offset 1373396992
12:43:07.781 Disk 0 scanning C:\windows\system32\drivers
12:43:20.541 Service scanning
12:43:54.536 Modules scanning
12:43:54.896 Disk 0 trace - called modules:
12:43:54.926 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:43:54.936 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e53060]
12:43:54.956 3 CLASSPNP.SYS[fffff88001b4543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f58050]
12:43:56.888 AVAST engine scan C:\windows
12:44:01.686 AVAST engine scan C:\windows\system32
12:47:35.927 AVAST engine scan C:\windows\system32\drivers
12:47:53.431 AVAST engine scan C:\Users\KAS
12:48:58.592 Disk 0 MBR has been saved successfully to "C:\Users\KAS\Desktop\MBR.dat"
12:48:58.608 The log file has been saved successfully to "C:\Users\KAS\Desktop\aswMBR.txt"





Many Thanks

shelf life
2013-08-25, 20:24
hi gjax21,

Sorry for the delay. If you still need help simply reply back.

gjax21
2013-08-26, 18:07
Hi. I can access the internet now but I think it is still infected, it tends to slow down a lot sometimes. My text often does not appear as soon as I type it. There are random slow hangs. The computer and internet are pretty quick, so this should not be happening. Do you guys think I am still infected?

Thanks!

shelf life
2013-08-27, 01:21
hi,

Dont recognize any malware in the logs and you have run several tools.
One thing: Does COMODO Defense+ have a antivirus component bundled in it? Only need one AV per machine. You have Avast and Comodo defense would make two AV if it does have one.

A lot of "all in one" suites can have multiply components: AV, antimalware, "Web shields", antiphising, etc etc. Install two of these and you could have overlapping features that accomplish the same thing. This could chew up your CPU cycles/resources.

gjax21
2013-08-27, 22:33
Thanks!

My commodo looks like it is just a firewall but I am wondering if it is actually what is slowing it down. I might try disabling it and using another firewall. Do you think I would significantly compromise my system if I operated with just the windows firewall?

The only other program I know that might be causing a problem is spyware blaster. Do you think this is possible? Is there any point to keeping it around with everything else I have?




hi,

Dont recognize any malware in the logs and you have run several tools.
One thing: Does COMODO Defense+ have a antivirus component bundled in it? Only need one AV per machine. You have Avast and Comodo defense would make two AV if it does have one.

A lot of "all in one" suites can have multiply components: AV, antimalware, "Web shields", antiphising, etc etc. Install two of these and you could have overlapping features that accomplish the same thing. This could chew up your CPU cycles/resources.

shelf life
2013-08-27, 23:57
I went to the Comodo site and I really couldnt tell if its just a firewall or has other functions. Does its GUI have other functions besides what a FW would have?
In any case Windows native FW is good enough. Most likely you are also behind a local area network which makes it even better. Look in add/remove programs panel and uninstall anything Comodo, reboot machine and see if things improve.