PC Dead Slow and Disk Space decreased automatically

[piyushsangawat]

Hi,

 

Last three days I have been struggling hard and trying to save myself have my system formatted and re-install all my work and softwares. I did purchase Malware bytes, Avast antivirus and already have corporate Mcafee on my PC but all in vain.

One fine day the pC c drive space reduced from 70 to 55 GB :-( I am nuts..have run Malwarbytes, AVG and it removed few viruses like bit coiner and AutoRun, its much better now but still slow. I did see miner folder and a service nircmd.exe. I deleted that from services.

 

Need your help to fix my PC. attaching DDS logs.

 

Thanks,

Piyush

 

DDS.txt

Attach.txt

[Maniac]

Hello Piyush and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

I notice that you are using more than one antivirus program.

• avast! Internet Security
• McAfee VirusScan Enterprise

This is very dangerous, as multiple Antivirus programs can interfere with one another and actually allow more viruses to get through. It is important that only one antivirus program is running realtime protection. I suggest you to uninstall McAfee and every application related to it. Finally, restart your computer.

After that, generate a new fresh DDS log files and post them in your next reply. Also, let me know how are things there.

[piyushsangawat]

Is it OK if I keep Avast and disable it and re-enable whenever I need it, Its my corporate PC so I cannot uninstall the McAfee. Please suggest so that I can redo dds and post it.

[Maniac]

So you don't have admin rights? Without them we can't do anything at all.

[piyushsangawat]

I have admin rights on my PC but cant uninstall Mcafee enterprise edition so I went ahead and uninstalled Avast. Thats the option I have, I will run dds and upload required details.

 

Thanks,Piyush

[piyushsangawat]

Attached DDS

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 9.0.8112.16490

Run by pj185009 at 3:44:46 on 2013-07-14

Microsoft Windows 7 Professional   6.1.7601.1.1252.91.1033.18.1959.621 [GMT 5.5:30]

.

AV: McAfee VirusScan Enterprise *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Host Intrusion Prevention Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\windows\system32\WLANExt.exe

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\taskeng.exe

C:\windows\System32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k AcfXAudioService

C:\windows\system32\crypserv.exe

C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\DLP\Agent\fcags.exe

C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\windows\system32\mfevtps.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe

C:\windows\system32\svchost.exe -k regsvc

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

C:\Program Files\McAfee\DLP\Agent\fcagswd.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\windows\SysWOW64\CCM\CcmExec.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\windows\system32\msiexec.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\sysWOW64\wbem\wmiprvse.exe

C:\windows\sysWOW64\wbem\wmiprvse.exe

C:\windows\system32\wbem\WmiApSrv.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\sysWOW64\wbem\wmiprvse.exe

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files (x86)\Microsoft Lync\communicator.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe

C:\Windows\system32\igfxext.exe

C:\windows\sysWOW64\wbem\wmiprvse.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\Program Files\McAfee\DLP\Agent\fcag.exe

C:\NCRAPPS\UTILS\MAKECONN.EXE

C:\Program Files\McAfee\DLP\Agent\FCAGTE.EXE

C:\Program Files\McAfee\DLP\Agent\FCAGTE.EXE

C:\Program Files\McAfee\DLP\Agent\FCAGTE.EXE

C:\windows\sysWOW64\wbem\wmiprvse.exe

C:\Program Files (x86)\Microsoft Lync\UcMapi.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\windows\system32\sppsvc.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = about:blank

uProxyOverride = <local>

BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130608145644.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll

TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey

mRun: [McAfee Tray] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe

mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

mRun: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLSY~1.LNK - C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:255

uPolicies-Explorer: Btn_Home = dword:1

uPolicies-Explorer: SpecifyDefaultButtons = dword:1

uPolicies-Explorer: Btn_Tools = dword:1

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoMSAppLogo5ChannelNotify = dword:1

mPolicies-Explorer: HideSCAHealth = dword:1

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoPublishingWizard = dword:1

mPolicies-Explorer: NoWebServices = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: dontdisplaylastusername = dword:1

mPolicies-System: FilterAdministratorToken = dword:1

mPolicies-Windows\System: AllowX-ForestPolicy-and-RUP = dword:1

IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: adobe.com

Trusted Zone: centra.com

Trusted Zone: fidelity.com

Trusted Zone: macromedia.com

Trusted Zone: microsoft.com

Trusted Zone: radiantsystems.com

Trusted Zone: skillport.com

Trusted Zone: skillwsa.com

TCP: NameServer = 131.222.10.30 192.127.152.103

TCP: Interfaces\{A2D2BB2D-1C8A-4217-872D-8844B344ECE1} : DHCPNameServer = 131.222.10.30 192.127.152.103

TCP: Interfaces\{A2D2BB2D-1C8A-4217-872D-8844B344ECE1}\059697573786 : DHCPNameServer = 10.0.0.1

Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Quest Software\Toad for Oracle\RNetPin.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = about:blank

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130608145644.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

x64-Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe

x64-Run: [McAfee Host Intrusion Prevention Tray] "C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-Trusted Zone: adobe.com

x64-Trusted Zone: centra.com

x64-Trusted Zone: fidelity.com

x64-Trusted Zone: macromedia.com

x64-Trusted Zone: microsoft.com

x64-Trusted Zone: radiant.com

x64-Trusted Zone: radiantsystems.com

x64-Trusted Zone: skillport.com

x64-Trusted Zone: skillwsa.com

x64-Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2013-6-8 673624]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2013-6-8 305536]

R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\windows\System32\drivers\stdcfltn.sys [2011-12-22 22128]

R1 hdlpflt;hdlpflt;C:\windows\System32\drivers\hdlpflt.sys [2013-6-18 128840]

R1 hdlpnetf;hdlpnetf;C:\windows\System32\drivers\hdlpnetf.sys [2012-4-1 43848]

R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\System32\drivers\mfenlfk.sys [2013-6-18 76224]

R2 CipcCdp;Cisco IP Communicator driver for CDP;C:\windows\System32\drivers\CipcCdp.sys [2013-5-27 27392]

R3 Acceler;Accelerometer Service;C:\windows\System32\drivers\accelern.sys [2011-12-22 27760]

R3 hdlpctrl;hdlpctrl;C:\windows\System32\drivers\hdlpctrl.sys [2012-4-1 37704]

R3 hdlpdbk;hdlpdbk;C:\windows\System32\drivers\hdlpdbk.sys [2012-4-1 27976]

R3 hdlpevnt;hdlpevnt;C:\windows\System32\drivers\hdlpevnt.sys [2012-4-1 24904]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-22 317440]

R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-7-12 25928]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2013-6-8 282736]

R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2013-6-18 496592]

R3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]

R3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]

R3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]

S0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-12-22 55856]

S3 acfva;acfva;C:\windows\System32\drivers\ACFVA64.sys [2011-12-22 123008]

S3 androidusb;Google Device Driver;C:\windows\System32\drivers\wsadb.sys [2013-6-22 40232]

S3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2011-12-22 349736]

S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-12-22 39464]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2013-5-27 99384]

S3 dgcfltr;DGC Filter Driver;C:\windows\System32\drivers\ACFDCP64.sys [2011-12-22 34944]

S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-21 71168]

S3 FireNfcp;McAfee Inc. FireNfcp;C:\windows\System32\drivers\FireNfcp.sys [2013-6-18 52992]

S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2013-6-18 197576]

S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2013-6-8 101200]

S3 mfesmfk;McAfee Inc. mfesmfk;C:\windows\System32\drivers\mfesmfk.sys [2013-6-18 77880]

S3 O2MDFRDR;O2MDFRDR;C:\windows\System32\drivers\o2mdfw7x64.sys [2011-1-4 72808]

S3 O2MDRRDR;O2MDRRDR;C:\windows\System32\drivers\O2MDRw7x64.sys [2011-1-4 74984]

S3 O2SDJRDR;O2SDJRDR;C:\windows\System32\drivers\o2sdjw7x64.sys [2011-3-24 83560]

S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2013-5-27 203320]

.

=============== Created Last 30 ================

.

2013-07-12 17:15:09 -------- d-----w- C:\avast! sandbox

2013-07-12 05:42:29 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-07-12 05:42:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-07-12 05:19:20 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-07-12 04:59:29 -------- d-----w- C:\$RECYCLE.BIN

2013-07-12 04:45:34 98816 ----a-w- C:\windows\sed.exe

2013-07-12 04:45:34 256000 ----a-w- C:\windows\PEV.exe

2013-07-12 04:45:34 208896 ----a-w- C:\windows\MBR.exe

2013-07-12 04:45:25 -------- d-----w- C:\ComboFix

2013-07-11 02:48:43 -------- d-----w- C:\Users\pj185009\AppData\Roaming\Malwarebytes

2013-07-11 02:48:25 -------- d-----w- C:\ProgramData\Malwarebytes

2013-07-10 17:26:41 -------- d-s---w- C:\windows\SysWow64\Microsoft

2013-07-10 13:13:26 -------- d-----w- C:\Program Files\AVAST Software

2013-07-10 13:12:15 -------- d-----w- C:\ProgramData\AVAST Software

2013-07-10 07:24:10 -------- d--h--w- C:\Users\pj185009\PWWEH

2013-07-10 07:08:22 -------- d-----w- C:\Users\pj185009\AppData\Roaming\NVIDIA

2013-07-10 05:53:55 751104 ----a-w- C:\windows\System32\win32spl.dll

2013-07-10 05:53:54 492544 ----a-w- C:\windows\SysWow64\win32spl.dll

2013-07-06 19:24:56 -------- d-----w- C:\ProgramData\Connectify

2013-07-06 19:24:55 -------- d-----w- C:\Program Files (x86)\Connectify

2013-07-06 19:23:16 -------- d-----w- C:\ProgramData\Package Cache

2013-07-06 19:04:34 -------- d-----w- C:\Program Files (x86)\DC-Unlocker

2013-07-06 14:36:59 -------- d-----w- C:\mwagui

2013-07-06 13:17:41 -------- d-----w- C:\windows\pss

2013-07-06 08:55:05 -------- d-----w- C:\ProgramData\Seagate

2013-07-06 08:55:05 -------- d-----w- C:\Program Files (x86)\Seagate

2013-07-06 08:46:06 -------- d-sh--w- C:\windows\ftpcache

2013-07-06 08:10:00 -------- d-----w- C:\Users\pj185009\AppData\Local\Western_Digital

2013-07-06 08:04:31 -------- d-----w- C:\ProgramData\Western Digital

2013-07-06 08:04:31 -------- d-----w- C:\Program Files\Western Digital

2013-07-06 08:03:07 -------- d-----w- C:\Program Files (x86)\Common Files\Western Digital

2013-07-06 08:03:06 -------- d-----w- C:\Program Files (x86)\Western Digital

2013-07-06 04:27:34 -------- d-----w- C:\Program Files\SAMSUNG

2013-07-06 03:44:59 -------- d-----w- C:\Users\pj185009\AppData\Roaming\ProgSense

2013-07-06 03:44:55 -------- d-----w- C:\Users\pj185009\AppData\Roaming\GrabPro

2013-07-06 03:44:55 -------- d-----w- C:\downloads

2013-07-06 03:44:33 -------- d-----w- C:\Program Files (x86)\Orbitdownloader

2013-07-04 15:43:54 -------- d-----w- C:\Users\pj185009\AppData\Roaming\miner

2013-07-04 15:22:30 -------- d-----w- C:\Quarantine

2013-07-04 04:49:33 -------- d--h--w- C:\Users\pj185009\SXGFL

2013-06-25 15:34:18 -------- d-----w- C:\Program Files (x86)\Citrix

2013-06-25 15:29:57 -------- d-----w- C:\Users\pj185009\AppData\Local\Citrix

2013-06-24 05:34:49 -------- d--h--w- C:\windows\AxInstSV

2013-06-22 14:00:04 40232 ----a-w- C:\windows\System32\drivers\wsadb.sys

2013-06-22 14:00:04 1489704 ----a-w- C:\windows\System32\WdfCoInstaller01007.dll

2013-06-22 04:47:18 -------- d-----w- C:\Users\pj185009\mcafee dlp quarantined files

2013-06-18 05:45:48 77880 ----a-w- C:\windows\System32\drivers\mfesmfk.sys

2013-06-18 05:44:47 128840 ----a-w- C:\windows\System32\drivers\hdlpflt.sys

2013-06-18 02:39:25 197576 ----a-w- C:\windows\System32\drivers\HipShieldK.sys

2013-06-18 02:39:24 52992 ----a-w- C:\windows\System32\drivers\FireNfcp.sys

2013-06-18 02:39:17 496592 ----a-w- C:\windows\System32\drivers\mfefirek.sys

2013-06-18 02:39:08 76224 ----a-w- C:\windows\System32\drivers\mfenlfk.sys

2013-06-18 02:38:49 -------- d-----w- C:\Program Files\McAfee

2013-06-17 09:48:51 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys

2013-06-17 09:48:46 3153920 ----a-w- C:\windows\System32\win32k.sys

2013-06-17 09:44:11 983400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys

2013-06-17 09:44:11 265064 ----a-w- C:\windows\System32\drivers\dxgmms1.sys

2013-06-17 09:44:11 144384 ----a-w- C:\windows\System32\cdd.dll

2013-06-16 10:42:20 -------- d-----w- C:\Users\pj185009\AppData\Local\CutePDF Writer

2013-06-16 10:40:30 -------- d-----w- C:\Program Files (x86)\GPLGS

2013-06-16 10:34:32 87152 ----a-w- C:\windows\System32\cpwmon64.dll

2013-06-16 10:34:29 -------- d-----w- C:\Program Files (x86)\Acro Software

2013-06-15 06:59:57 -------- d-----w- C:\Program Files (x86)\VideoLAN

.

==================== Find3M  ====================

.

2013-06-08 11:10:20 71024 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-08 11:10:20 691568 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-06-08 09:26:17 99352 ----a-w- C:\windows\System32\MfeOtlkAddin.dll

2013-06-08 09:26:17 10288 ----a-w- C:\windows\System32\drivers\mfeclnk.sys

2013-06-08 09:26:17 101200 ----a-w- C:\windows\System32\drivers\mferkdet.sys

2013-06-08 09:26:15 75656 ----a-w- C:\windows\SysWow64\MfeOtlkAddin.dll

2013-06-08 09:26:15 23112 ----a-w- C:\windows\SysWow64\MFEOtlk.dll

2013-06-05 06:30:58 234544 ----a-w- C:\windows\RegBootClean64.exe

2013-06-05 06:30:54 181808 ----a-w- C:\windows\RegBootClean.exe

2013-05-27 13:50:35 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll

2013-05-27 13:39:00 86528 ----a-w- C:\windows\SysWow64\iesysprep.dll

2013-05-27 13:39:00 76800 ----a-w- C:\windows\SysWow64\SetIEInstalledDate.exe

2013-05-27 13:39:00 74752 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe

2013-05-27 13:39:00 74752 ----a-w- C:\windows\SysWow64\iesetup.dll

2013-05-27 13:39:00 63488 ----a-w- C:\windows\SysWow64\tdc.ocx

2013-05-27 13:39:00 48640 ----a-w- C:\windows\SysWow64\mshtmler.dll

2013-05-27 13:39:00 367104 ----a-w- C:\windows\SysWow64\html.iec

2013-05-27 13:39:00 23552 ----a-w- C:\windows\SysWow64\licmgr10.dll

2013-05-27 13:39:00 161792 ----a-w- C:\windows\SysWow64\msls31.dll

2013-05-27 13:39:00 152064 ----a-w- C:\windows\SysWow64\wextract.exe

2013-05-27 13:39:00 150528 ----a-w- C:\windows\SysWow64\iexpress.exe

2013-05-27 13:39:00 110592 ----a-w- C:\windows\SysWow64\IEAdvpack.dll

2013-05-17 03:09:56 2312704 ----a-w- C:\windows\System32\jscript9.dll

2013-05-17 03:02:29 1392128 ----a-w- C:\windows\System32\wininet.dll

2013-05-17 03:01:13 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2013-05-17 02:56:09 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2013-05-17 02:56:00 599040 ----a-w- C:\windows\System32\vbscript.dll

2013-05-17 02:51:27 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2013-05-16 22:39:39 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2013-05-16 22:28:26 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2013-05-16 22:27:30 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2013-05-16 22:21:37 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2013-05-16 22:20:30 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2013-05-16 22:16:57 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

.

============= FINISH:  3:46:18.38 ===============

 

Let me know if you need attach as well. 

[Maniac]

As a business computer you need to have a license for using MBAM. Contact the Corporate support they will take care:

http://www.malwarebytes.org/support/corporate/

[piyushsangawat]

Thanks. Looks like I have fight my battle on my own :-), Thanks I will learn more.

[Maniac]

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!