Jump to content

stdrt.exe process.

FlashDT

By FlashDT
in Resolved Malware Removal Logs

 Share

Recommended Posts

FlashDT

FlashDT

Posted
Posted

Earlier today I found that my internet was behaving slower than usual, and decided to check my resource monitor to see if any processes were updating in the background. I saw the process stdrt.exe was taking up massive tons of bandwidth and searched for it online.

I tried using MalwareBytes to find a remove the problem, but this didn't work.

I found that people see stdrt.exe running in their task manager processes, but this is not the case for me. I am only able to see it running from the resource monitor.

I also found that each time my computer is restarted another copy of stdrt.exe is created, leaving multiple copies of the .exe in my temp folder.

Finally, when I disconnected from the internet to do the DDS scan, the stdrt.exe vanished from my resource monitor and reappeared shortly after reconnecting.

If required I will also do a DDS scan while connected as well.

Here is the DDS.txt requested in the pinned thread.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_29

Run by Family at 12:51:33 on 2012-02-02

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1790.876 [GMT -3.5:30]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Windows\System32\ctfmon.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Users\Family\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Users\Family\AppData\Local\Akamai\netsession_win.exe

C:\Windows\system32\taskeng.exe

C:\Windows\TEMP\mrtFD13.tmp\stdrt.exe

C:\Windows\system32\conime.exe

C:\Windows\System32\svchost.exe -k Akamai

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe

C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.searchqu.com/406

uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=1009&s=1&o=vb32&d=0910&m=el1300

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=1009&s=1&o=vb32&d=0910&m=el1300

mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=1009&s=1&o=vb32&d=0910&m=el1300

uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>;*.local;127.0.0.1:9421;

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {437C4386-9237-441F-A940-009430030EE0} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [AdobeBridge]

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\users\family\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [Akamai NetSession Interface] "c:\users\family\appdata\local\akamai\netsession_win.exe"

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [eRecoveryService]

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [<NO NAME>]

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9f.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{82A7EA98-253B-4E2F-89B2-578E249DFBFE} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{82A7EA98-253B-4E2F-89B2-578E249DFBFE} : DhcpNameServer = 192.168.2.1 192.168.2.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\family\appdata\roaming\mozilla\firefox\profiles\iypnc3ov.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2535290&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406

FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\byond\bin\npbyond.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\sony\readerdesktop\npreaderdetectmoz.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\family\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll

FF - plugin: c:\users\family\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\users\family\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-24 435032]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-24 314456]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-23 36000]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-24 20568]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-24 55128]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-24 44768]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-6-7 21992]

R2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2010-9-3 24576]

R2 Freemake Improver;Freemake Improver;c:\programdata\freemake\freemakeutilsservice\FreemakeUtilsService.exe [2011-12-5 74752]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-1 34384]

S2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\system32\adbcnsl.exe [2012-1-4 689492]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 EMSLink;EMS Inter-Link driver;c:\windows\system32\drivers\EMSLink.sys [2002-10-9 10490]

S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-4 135664]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-11-28 2253120]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-11-3 23456]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-3-24 14216]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-3-24 8456]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-4 135664]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 42368]

S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2012-2-2 24416]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-02-02 12:46:13 24416 ----a-w- c:\windows\system32\drivers\regguard.sys

2012-02-02 12:32:23 39184 ----a-w- c:\windows\system32\Partizan.exe

2012-02-02 12:32:23 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys

2012-02-02 12:30:55 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys

2012-02-02 12:30:48 -------- d-----w- c:\program files\UnHackMe

2012-02-01 19:23:33 -------- d-----w- c:\users\family\appdata\roaming\X-Chat 2

2012-02-01 19:17:16 -------- d-----w- c:\program files\X-Chat 2

2012-01-31 16:47:19 -------- d-----w- c:\users\family\appdata\roaming\Malwarebytes

2012-01-31 16:47:09 -------- d-----w- c:\programdata\Malwarebytes

2012-01-31 16:47:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-31 16:47:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-01-30 22:18:18 -------- d-----w- c:\program files\WolfQuest

2012-01-26 23:01:27 -------- d-----w- c:\users\family\appdata\roaming\MoreTerra

2012-01-24 23:45:16 -------- d-----w- c:\program files\Elaborate Bytes

2012-01-22 16:19:12 -------- d-----w- c:\users\family\Foxit.Phantom.PDF.Suite.v2.2.4.0225.ZWT.[32.&.64bit][incl.manual]

2012-01-22 16:03:48 -------- d-----w- c:\users\family\appdata\roaming\Softland

2012-01-22 15:54:59 -------- d-----w- c:\users\family\appdata\roaming\PrimoPDF

2012-01-22 15:54:04 180624 ----a-w- c:\windows\system32\Primomonnt.dll

2012-01-22 15:53:54 -------- d-----w- c:\program files\Nitro PDF

2012-01-22 01:11:07 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)

2012-01-21 03:50:03 -------- d-----w- c:\users\family\Calibre Library

2012-01-21 03:49:44 -------- d-----w- c:\users\family\appdata\roaming\calibre

2012-01-21 03:39:28 -------- d-----w- c:\program files\Cbr to Pdf converter

2012-01-21 03:07:39 -------- d-----w- c:\users\family\appdata\roaming\jomic

2012-01-21 03:06:34 -------- d-----w- c:\program files\Jomic

2012-01-20 22:48:53 -------- d-----w- c:\programdata\kinoma

2012-01-20 22:17:49 -------- d-----w- c:\programdata\Sony Corporation

2012-01-20 22:17:41 -------- d-----w- c:\users\family\appdata\local\kinoma

2012-01-20 22:14:14 -------- d-----w- c:\users\family\appdata\local\Sony Corporation

2012-01-20 22:14:01 -------- d-----w- c:\program files\Sony

2012-01-20 22:14:01 -------- d-----w- c:\program files\common files\Sony Shared

2012-01-19 05:17:05 -------- d-----w- c:\program files\VirtualDJ

2012-01-18 00:07:05 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll

2012-01-18 00:07:05 528216 ----a-w- c:\windows\system32\XAudio2_6.dll

2012-01-18 00:07:04 238936 ----a-w- c:\windows\system32\xactengine3_6.dll

2012-01-18 00:07:04 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll

2012-01-18 00:07:03 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll

2012-01-18 00:07:02 81768 ----a-w- c:\windows\system32\xinput1_3.dll

2012-01-18 00:07:01 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll

2012-01-18 00:06:50 -------- d-----w- c:\program files\Microsoft XNA

2012-01-17 22:28:57 -------- d-----w- c:\users\family\appdata\roaming\CDisplayEx

2012-01-17 22:28:48 -------- d-----w- c:\program files\CDisplayEx

2012-01-15 04:24:09 -------- d-----w- c:\users\family\appdata\local\JSR-Productions

2012-01-11 20:38:58 -------- d-----w- c:\program files\EA GAMES

2012-01-11 20:38:42 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2012-01-09 02:20:21 -------- d-----w- c:\users\family\appdata\roaming\Songbird2

2012-01-08 22:47:22 -------- d-----w- c:\program files\iPod

2012-01-08 22:47:16 -------- d-----w- c:\program files\iTunes

2012-01-07 19:22:39 -------- d-----w- c:\users\family\appdata\roaming\Image-Line

2012-01-06 13:37:58 384 ----a-w- c:\windows\system32\checkOS.bat

2012-01-05 17:58:02 -------- d-----w- c:\program files\VisiPics

2012-01-05 17:47:44 -------- d-----w- c:\users\family\appdata\roaming\XnView

2012-01-05 17:45:55 -------- d-----w- c:\users\family\appdata\local\Ashisoft

2012-01-05 17:45:19 -------- d-----w- c:\users\family\appdata\roaming\Ashisoft

2012-01-05 17:43:32 -------- d-----w- c:\program files\Duplicate Finder

2012-01-05 17:27:50 -------- d-----w- c:\users\family\appdata\local\MindGems

2012-01-05 17:27:30 -------- d-----w- c:\program files\Visual Similarity Duplicate Image Finder

2012-01-04 23:35:42 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll

2012-01-04 23:35:42 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll

2012-01-04 23:35:42 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll

2012-01-04 23:35:41 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll

2012-01-04 19:41:57 1554944 ----a-w- c:\windows\system32\vorbis.acm

2012-01-04 19:36:36 689492 ----a-w- c:\windows\system32\adbcnsl.exe

.

==================== Find3M ====================

.

2012-02-02 12:31:02 26 ----a-w- c:\windows\winstart.bat

2011-12-24 21:35:10 1682 --sha-w- c:\programdata\KGyGaAvL.sys

2011-12-24 21:33:38 88 --sh--r- c:\programdata\04CC15E387.sys

2011-12-01 16:47:26 499712 ----a-w- c:\windows\system32\msvcp71.dll

2011-12-01 16:47:26 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr

2011-11-28 18:01:25 41184 ----a-w- c:\windows\ava3217.tmp

2011-11-28 18:01:23 199816 ----a-w- c:\windows\system32\asw2ED6.tmp

2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-28 17:52:07 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-11-27 15:51:19 1174979 ----a-w- c:\windows\apppatch\unins000.exe

2011-11-14 15:42:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-10 00:51:17 24544 ----a-w- c:\windows\system32\DriveCleanup.exe

.

============= FINISH: 12:55:34.26 ===============

Attach.txt

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum.

Please remove any usb or external drives from the computer before you run these scan!

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

-------------

Next..........

Please download and run RogueKiller.

Click Scan to scan the system (don't run any other options)

Post back the report.

-------------------------

Last.......

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.