Inactive HJT logfile please help me diagnose

[RyanGentleman]

Hello,

So I've noticed my bandwidth is really low and my C always shortens on disc space every few mins when I'm online,I've tried all possible anti malware programs with no help,so HJT and you guys are my last resort cause it's really important to me that I don't have to format my C,so here's the logfile and thank you in advance!

Ryan

[HJT log removed by Broni]

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[RyanGentleman]

Hello,

Sorry I thought only HJT logfile was enough,anyways I have the logs u asked for..

Malwarebytes Log file

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.20.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Ryan :: RYANPC [administrator]

4/20/2013 9:11:23 PM
mbam-log-2013-04-20 (21-11-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237677
Time elapsed: 2 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.17.2
Run by Ryan at 21:18:48 on 2013-04-20
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8190.6118 [GMT 3:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Vtune\TBPANEL.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
F:\League of Legends\RADS\system\rads_user_kernel.exe
F:\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.134\deploy\LoLLauncher.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
F:\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.0\deploy\LolClient.exe
C:\Users\Ryan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
uRun: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe /A
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: %SystemRoot%\system32\WTFastDrv.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{343BB0EC-E13B-4AA1-97A4-7326EDEE28F4} : NameServer = 172.16.20.130 172.16.0.12
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-8-14 21104]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-12-21 283200]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-8-1 41704]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2012-8-14 68136]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\System32\drivers\anvsnddrv.sys [2012-12-6 33872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-8-14 413800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe --> C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [?]
S2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [?]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-4-16 102936]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-4-16 37344]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2012-1-9 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2012-1-9 171008]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-12-2 31800]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-4-16 203544]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WinRing0_1_2_0;WinRing0_1_2_0;F:\PlayClaw3\WinRing0x64.sys [2012-8-29 14544]
.
=============== Created Last 30 ================
.
2013-04-20 18:08:5225928----a-w-C:\Windows\System32\drivers\mbam.sys
2013-04-20 18:08:52--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-20 15:35:25--------d-----w-C:\Users\Ryan\AppData\Roaming\Rokario
2013-04-20 15:35:23--------d-----w-C:\Program Files (x86)\Rokario
2013-04-20 15:22:39--------d-----w-C:\Users\Ryan\AppData\Roaming\NetSpeedMonitor
2013-04-20 15:22:26--------d-----w-C:\Program Files\NetSpeedMonitor
2013-04-19 17:55:15--------d-----w-C:\Windows\PCHEALTH
2013-04-19 17:53:35--------d-----w-C:\Program Files (x86)\Microsoft Visual Studio 8
2013-04-19 17:53:03--------d-----w-C:\Users\Ryan\AppData\Local\Microsoft Help
2013-04-19 11:01:00--------d-----w-C:\$RECYCLE.BIN
2013-04-19 10:53:1998816----a-w-C:\Windows\sed.exe
2013-04-19 10:53:19256000----a-w-C:\Windows\PEV.exe
2013-04-19 10:53:19208896----a-w-C:\Windows\MBR.exe
2013-04-17 15:09:39--------d-----w-C:\Users\Ryan\AppData\Roaming\RealNetworks
2013-04-17 15:09:27--------d-----w-C:\Program Files (x86)\RealNetworks
2013-04-17 15:09:25--------d-----w-C:\ProgramData\RealNetworks
2013-04-17 15:09:18--------d-----w-C:\Program Files (x86)\Common Files\xing shared
2013-04-17 15:09:10499712----a-w-C:\Windows\SysWow64\msvcp71.dll
2013-04-17 15:09:10348160----a-w-C:\Windows\SysWow64\msvcr71.dll
2013-04-16 16:35:34--------d-----w-C:\Users\Ryan\AppData\Local\Skymonk2
2013-04-16 11:00:48--------d-----w-C:\Users\Ryan\.android
2013-04-16 11:00:43--------d-----w-C:\Users\Ryan\AppData\Roaming\ApkInstaller
2013-04-15 22:43:26203544----a-w-C:\Windows\System32\drivers\ssudmdm.sys
2013-04-15 22:43:26102936----a-w-C:\Windows\System32\drivers\ssudbus.sys
2013-04-15 22:39:3137344----a-w-C:\Windows\SysWow64\FsUsbExDisk.Sys
2013-04-15 22:39:31233472----a-w-C:\Windows\SysWow64\FsUsbExService.Exe
2013-04-15 22:39:31110592----a-w-C:\Windows\SysWow64\FsUsbExDevice.Dll
2013-04-08 18:49:33--------d-----w-C:\Users\Ryan\AppData\Local\Programs
2013-03-28 17:38:32--------d-----w-C:\ProgramData\SoftSafe
2013-03-28 17:37:37--------d-----w-C:\Program Files (x86)\BrowseToSave
2013-03-28 17:36:47--------d-----w-C:\ProgramData\InstallMate
.
==================== Find3M ====================
.
2013-04-20 15:59:5825640----a-w-C:\Windows\gdrv.sys
2013-04-12 18:13:5171048----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-12 18:13:51691592----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-15 04:16:183477280----a-w-C:\Windows\System32\nvsvc64.dll
2013-03-15 04:16:176398240----a-w-C:\Windows\System32\nvcpl.dll
2013-03-15 04:16:10877856----a-w-C:\Windows\System32\nvvsvc.exe
2013-03-15 04:16:1063776----a-w-C:\Windows\System32\nvshext.dll
2013-03-15 04:16:10237856----a-w-C:\Windows\System32\nvmctray.dll
2013-03-14 19:07:52559904----a-w-C:\Windows\SysWow64\nvStreaming.exe
2013-03-13 16:24:013065455----a-w-C:\Windows\System32\nvcoproc.bin
2013-03-11 17:52:4395648----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-11 17:52:43861088----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2013-03-11 17:52:43782240----a-w-C:\Windows\SysWow64\deployJava1.dll
2013-02-11 13:45:31281520----a-w-C:\Windows\SysWow64\PnkBstrB.xtr
2013-02-11 13:45:31281520----a-w-C:\Windows\SysWow64\PnkBstrB.exe
2013-02-10 03:25:271807136----a-w-C:\Windows\System32\nvdispco6420294.dll
2013-02-10 03:25:271510176----a-w-C:\Windows\System32\nvdispgenco6420162.dll
2013-01-21 13:46:49281520----a-w-C:\Windows\SysWow64\PnkBstrB.ex0
.
============= FINISH: 21:19:06.61 ===============
DDS attach
.

Many thanks in advance,and if I missed something,please let me know,It's my first time I report this issue.

Ryan

 

[Broni]

I don't see any AV program running...
Install ONE of these:

- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
Note for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
You can keep it or you have to disable it before installing another AV program. How to...

- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php

Update, run full scan, report on any findings.

Download RogueKiller on the desktop

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[RyanGentleman]

I had Avira AV and I unistalled it just couple hours ago because I couldn't finish it's update,it just never finishes updating..Ill work on the other programs you provided,thank you again..I'll update you as soon as I finish these steps..

 

[RyanGentleman]

Hi again,

My download is so slow that I barely downloaded Windows Essentials and updated it and run scan with no harm detected,then downloaded RogueKiller and run scan and delete as mentioned above and here's the log
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ryan [Admin rights]
Mode : Remove -- Date : 04/20/2013 22:20:25
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{343BB0EC-E13B-4AA1-97A4-7326EDEE28F4} : NameServer (172.16.20.130 172.16.0.12) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAKS-00L9A0 ATA Device +++++
--- User ---
[MBR] 78bc7d911ff6ab92ae641b86f77d96d7
[BSP] bd8439a60270113cdadcd7ba2eddee7c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 84249 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 172544000 | Size: 73665 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 323409920 | Size: 73664 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 474273792 | Size: 73665 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_04202013_02d2220.txt >>
RKreport[1]_S_04202013_02d2218.txt ; RKreport[2]_D_04202013_02d2220.txt


As for MB Anti rootkit,I couldnt finish download it because the speed goes to bytes and tried to redownload many times with no help..something really bad taking all my bandwidth and just makes me want to give up and format right away..hope this is enough info for what you because I can't download anything else with the speed..

 

[Broni]

Do you have other computers in your household?
If so do they have any internet speed issues?

So far your logs look clean.

 

[RyanGentleman]

Yes I do,but the reason I'm suspecious is that because I used NetSpeedMonitor to monitor my connection traffic and to see why my C drive loses some space every now and then when I'm online...also monitored my bandwidth via avira firewall and noticed a constant ~74 Kbps down speed are being used and upload is reading high as well,I'm not sure what's going on,I've tried every possible AV on google and none found a trojan/worm or anything..I've read it somewhere saying that this type of virus set up FTP servers on ur PC and send and collects data via ur PC,but wouldn't that type of virus be detected,or is it too OP to be found?

Thank u again
Ryan

 

[Broni]

Well, you didn't really answer my question.
Are the other computers OK?
Is this the only one affected?

 

[RyanGentleman]

Yes,other computers are fine,normal speed and C doesnt eat space..

 

[Broni]

As for MB Anti rootkit,I couldnt finish download it because the speed goes to bytes

Download it with a different computer and transfer it to this computer using USB flash drive.

 

[RyanGentleman]

I don't think MB anti rootkit will solve my problem,sorry for wasting your time,I'm really tired of it and might format..thank you again and you can close the thread.

Ryan

 

[Broni]

Thanks for letting me know.