Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unspecified Cause for Low Bandwidth


  • This topic is locked This topic is locked
11 replies to this topic

#1 scoutnj19

scoutnj19

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 24 September 2011 - 12:40 PM

I am having slow connection speed.

Now, I understand that there are a number of factors that play into slow bandwidth. The number of devices connected and sharing the router output, programs on each that require access, etc.

However, in recent weeks, I have noticed a significant decrease in speed when attempting to view videos on YouTube, or downloading files from my medical school online server, etc. I cannot pinpoint any specific change or event that might have caused this.

I have performed all suggested and pertinent steps in the Preparation Guide. I have not noticed any improvement.

Please find my logs below. I greatly appreciate any support y'all might be able to offer!

------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by bbjornsen at 11:22:24 on 2011-09-24
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.2972.849 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe
C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\McAfee\Endpoint Encryption for PC\SbTokWatch.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\snuvcdsm.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\system32\rpcnet.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\WebDrive\wdService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Endpoint Encryption for PC\SbTokWatch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe
C:\Program Files\SugarSync\SugarSyncManager.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\bbjornsen\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\bbjornsen\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SafeBootTokWatch] "c:\program files\mcafee\endpoint encryption for pc\SbTokWatch.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [TK8 StickyNotes] "c:\program files\tk8 stickynotes\TK8StickyNotes.exe"
uRun: [Google Update] "c:\users\bbjornsen\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SafeBootTrayManager] "c:\program files\safeboot tray manager\SbTrayManager.exe"
mRun: [SafeBootTokenWatcher] "c:\program files\mcafee\endpoint encryption for pc\SbTokWatch.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SNUVCDSM] c:\windows\snuvcdsm.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\bbjorn~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\bbjornsen\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\bbjorn~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\bbjorn~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.kumc.edu/CACHE/stc/11/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{61524615-3129-4ABF-979A-7E8438E124BB} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B7165EBD-C7AE-458A-ACC5-5E946BE37AC8} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B7165EBD-C7AE-458A-ACC5-5E946BE37AC8}\7416C6C6966627564786 : DhcpNameServer = 192.168.1.146 76.85.229.110 76.85.229.111
TCP: Interfaces\{B7165EBD-C7AE-458A-ACC5-5E946BE37AC8}\7416C6C6966627564786F5537484A7 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B7165EBD-C7AE-458A-ACC5-5E946BE37AC8}\77962756C6563737E2A6F636F6C6962627162797 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{B7165EBD-C7AE-458A-ACC5-5E946BE37AC8}\A457374796E6723702D41636 : DhcpNameServer = 76.85.229.110 76.85.229.111
TCP: Interfaces\{B7165EBD-C7AE-458A-ACC5-5E946BE37AC8}\A4F634F6C496262716279702055726C696360275962756C6563737 : DhcpNameServer = 192.168.91.1
TCP: Interfaces\{B7165EBD-C7AE-458A-ACC5-5E946BE37AC8}\B657D636D2375636572756 : DhcpNameServer = 10.22.2.5 10.22.2.6 10.22.2.11
TCP: Interfaces\{B7165EBD-C7AE-458A-ACC5-5E946BE37AC8}\C696E6B6379737 : DhcpNameServer = 76.85.228.100 76.85.228.101
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = SbNp scecli
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bbjornsen\appdata\roaming\mozilla\firefox\profiles\71hn5h94.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\users\bbjornsen\appdata\roaming\mozilla\firefox\profiles\71hn5h94.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\users\bbjornsen\appdata\roaming\mozilla\firefox\profiles\71hn5h94.default\extensions\ozymandias@securityheroes.com\components\ozymandias-ff.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npActiveGS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOFF12.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\bbjornsen\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\users\bbjornsen\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\bbjornsen\appdata\roaming\electronic arts\game face\npGameFacePlugin.dll
FF - plugin: c:\users\bbjornsen\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\bbjornsen\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SBAlg;SBAlg;c:\windows\system32\drivers\SbAlg.sys [2008-8-13 44976]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2009-11-24 6496]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-26 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-29 320856]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\RsvLock.sys [2009-11-24 33328]
R1 SbFlop;SbFlop;c:\windows\system32\drivers\SbFlop.sys [2009-11-24 34480]
R1 SbRegFlt;SbRegFlt;c:\windows\system32\drivers\SbRegFlt.sys [2009-11-24 14664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-29 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-8-29 54616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-9-16 44768]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-5-13 26168]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-7-21 2152152]
R2 SafeBootClientManager;SafeBoot Client Manager;c:\program files\mcafee\endpoint encryption for pc\SbClientManager.exe [2009-11-24 380988]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-1-11 1153368]
R2 WebDriveFSD;WebDrive File System Driver;c:\program files\webdrive\wdfsd.sys [2010-5-25 147288]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-3 625224]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-8-24 227896]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2010-4-7 223960]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-3-6 114952]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-6-25 6814720]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 WisdPen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2011-1-4 37232]
S1 MpKsl4bf6c935;MpKsl4bf6c935;c:\programdata\microsoft\microsoft antimalware\definition updates\{2ac0a38c-446e-4468-b5f9-af5e2a907742}\MpKsl4bf6c935.sys [2011-7-29 28752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-2-19 47104]
S2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-2-19 49152]
S2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-2-19 38400]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-6 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-7-21 15232]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2011-6-25 6758912]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 65024]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-6 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-6 52224]
.
=============== Created Last 30 ================
.
2011-09-24 14:05:52 388096 ----a-r- c:\users\bbjornsen\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-09-24 14:05:51 -------- d-----w- c:\program files\Trend Micro
2011-09-18 23:29:12 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-09-15 15:46:54 -------- d-----w- c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2011-09-05 17:04:56 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-09-05 17:04:56 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-08-31 21:35:09 -------- d-----w- c:\program files\iPod
2011-08-30 20:53:22 -------- d-----w- c:\users\bbjornsen\appdata\roaming\ToLTech
2011-08-30 13:59:56 -------- d-----w- c:\program files\ToLTech
2011-08-26 23:39:48 645632 ----a-w- c:\windows\system32\xvidcore.dll
2011-08-26 23:39:48 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-08-26 23:39:48 153088 ----a-w- c:\windows\system32\xvid.ax
2011-08-26 23:39:41 -------- d-----w- c:\program files\Xvid
2011-08-26 20:01:31 -------- d-----w- c:\users\bbjornsen\appdata\roaming\Dropbox
.
==================== Find3M ====================
.
2011-09-24 16:16:51 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-09-24 16:16:49 58288 ----a-w- c:\windows\system32\rpcnet.dll
2011-09-24 15:33:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:36:26 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-09 14:19:20 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-03 20:44:51 10680 ----a-w- c:\windows\system32\vpncategories.dll
2011-08-03 20:44:43 30648 ----a-w- c:\windows\system32\vpnevents.dll
2011-08-03 20:27:28 19192 ----a-w- c:\windows\system32\drivers\vpnva.sys
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-12 16:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 16:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 16:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-09 04:29:46 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-05 23:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: TOSHIBA_ rev.QS00 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x82C0B000]<< >>UNKNOWN [0x84234000]<< >>UNKNOWN [0x8C1ED000]<< >>UNKNOWN [0x8C1B2000]<< >>UNKNOWN [0x8301D000]<< >>UNKNOWN [0x8B61F000]<< >>UNKNOWN [0x8BB63000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x82C4252A] -> \Device\Harddisk0\DR0[0x876F9AC8]
\Driver\Disk[0x876FAB90] -> IRP_MJ_CREATE -> 0x8423839F
3 [0x8423859E] -> ntkrnlpa!IofCallDriver[0x82C4252A] -> [0x876F9020]
\Driver\hpdskflt[0x876AA0F0] -> IRP_MJ_CREATE -> 0x8C1B3EB2
5 [0x8C1B3F92] -> ntkrnlpa!IofCallDriver[0x82C4252A] -> \Device\Ide\IAAStorageDevice-0[0x86C50028]
\Driver\iaStor[0x86C85178] -> IRP_MJ_CREATE -> 0x8B663954
kernel: MBR read successfully
_asm { CLI ; JMP 0x26; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 11:25:27.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:11 PM

Posted 29 September 2011 - 08:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs and let me know what problem persists.

#3 scoutnj19

scoutnj19
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 29 September 2011 - 09:28 AM

Thanks for your help. Please find below and attached the results of your request. There has been no noticeable change in internet speed to this point.

---------------------------------------

09:05:16.0730 6612 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
09:05:17.0141 6612 ============================================================
09:05:17.0141 6612 Current date / time: 2011/09/29 09:05:17.0141
09:05:17.0141 6612 SystemInfo:
09:05:17.0141 6612
09:05:17.0141 6612 OS Version: 6.1.7601 ServicePack: 1.0
09:05:17.0141 6612 Product type: Workstation
09:05:17.0141 6612 ComputerName: STT-BBJORNSEN
09:05:17.0142 6612 UserName: bbjornsen
09:05:17.0142 6612 Windows directory: C:\Windows
09:05:17.0142 6612 System windows directory: C:\Windows
09:05:17.0142 6612 Processor architecture: Intel x86
09:05:17.0142 6612 Number of processors: 2
09:05:17.0142 6612 Page size: 0x1000
09:05:17.0142 6612 Boot type: Normal boot
09:05:17.0142 6612 ============================================================
09:05:18.0164 6612 Initialize success
09:05:22.0074 6680 ============================================================
09:05:22.0074 6680 Scan started
09:05:22.0074 6680 Mode: Manual;
09:05:22.0074 6680 ============================================================
09:05:22.0224 6680 1394ohci - ok
09:05:22.0258 6680 Accelerometer - ok
09:05:22.0264 6680 ACPI - ok
09:05:22.0282 6680 AcpiPmi - ok
09:05:22.0294 6680 ADIHdAudAddService - ok
09:05:22.0318 6680 adp94xx - ok
09:05:22.0324 6680 adpahci - ok
09:05:22.0327 6680 adpu320 - ok
09:05:22.0363 6680 AFD - ok
09:05:22.0372 6680 AgereSoftModem - ok
09:05:22.0378 6680 agp440 - ok
09:05:22.0382 6680 aic78xx - ok
09:05:22.0408 6680 aliide - ok
09:05:22.0412 6680 amdagp - ok
09:05:22.0416 6680 amdide - ok
09:05:22.0421 6680 AmdK8 - ok
09:05:22.0426 6680 AmdPPM - ok
09:05:22.0430 6680 amdsata - ok
09:05:22.0434 6680 amdsbs - ok
09:05:22.0439 6680 amdxata - ok
09:05:22.0468 6680 AppID - ok
09:05:22.0509 6680 arc - ok
09:05:22.0514 6680 arcsas - ok
09:05:22.0526 6680 aswFsBlk - ok
09:05:22.0537 6680 aswMonFlt - ok
09:05:22.0542 6680 aswRdr - ok
09:05:22.0573 6680 aswSnx - ok
09:05:22.0584 6680 aswSP - ok
09:05:22.0589 6680 aswTdi - ok
09:05:22.0595 6680 AsyncMac - ok
09:05:22.0600 6680 atapi - ok
09:05:22.0622 6680 ATSwpWDF - ok
09:05:22.0640 6680 b06bdrv - ok
09:05:22.0646 6680 b57nd60x - ok
09:05:22.0662 6680 Beep - ok
09:05:22.0672 6680 blbdrive - ok
09:05:22.0678 6680 bowser - ok
09:05:22.0685 6680 BrFiltLo - ok
09:05:22.0690 6680 BrFiltUp - ok
09:05:22.0697 6680 Brserid - ok
09:05:22.0701 6680 BrSerWdm - ok
09:05:22.0706 6680 BrUsbMdm - ok
09:05:22.0710 6680 BrUsbSer - ok
09:05:22.0716 6680 btaudio - ok
09:05:22.0721 6680 BTDriver - ok
09:05:22.0735 6680 BthEnum - ok
09:05:22.0740 6680 BTHMODEM - ok
09:05:22.0745 6680 BthPan - ok
09:05:22.0749 6680 BTHPORT - ok
09:05:22.0757 6680 BTHUSB - ok
09:05:22.0768 6680 BTKRNL - ok
09:05:22.0776 6680 BTWDNDIS - ok
09:05:22.0780 6680 btwhid - ok
09:05:22.0785 6680 BTWUSB - ok
09:05:22.0790 6680 cdfs - ok
09:05:22.0797 6680 cdrom - ok
09:05:22.0817 6680 circlass - ok
09:05:22.0822 6680 CLFS - ok
09:05:22.0849 6680 CmBatt - ok
09:05:22.0853 6680 cmdide - ok
09:05:22.0858 6680 CNG - ok
09:05:22.0878 6680 Compbatt - ok
09:05:22.0888 6680 CompositeBus - ok
09:05:22.0895 6680 crcdisk - ok
09:05:22.0904 6680 CSC - ok
09:05:22.0916 6680 DfsC - ok
09:05:22.0924 6680 discache - ok
09:05:22.0929 6680 Disk - ok
09:05:22.0950 6680 drmkaud - ok
09:05:22.0956 6680 DXGKrnl - ok
09:05:22.0960 6680 e1yexpress - ok
09:05:22.0979 6680 EagleNT - ok
09:05:22.0996 6680 ebdrv - ok
09:05:23.0007 6680 elxstor - ok
09:05:23.0011 6680 ErrDev - ok
09:05:23.0021 6680 exfat - ok
09:05:23.0026 6680 fastfat - ok
09:05:23.0032 6680 fdc - ok
09:05:23.0040 6680 FileInfo - ok
09:05:23.0045 6680 Filetrace - ok
09:05:23.0051 6680 flpydisk - ok
09:05:23.0057 6680 FltMgr - ok
09:05:23.0066 6680 FsDepends - ok
09:05:23.0070 6680 fssfltr - ok
09:05:23.0078 6680 Fs_Rec - ok
09:05:23.0082 6680 fvevol - ok
09:05:23.0087 6680 gagp30kx - ok
09:05:23.0093 6680 GEARAspiWDM - ok
09:05:23.0109 6680 HBtnKey - ok
09:05:23.0114 6680 hcw85cir - ok
09:05:23.0118 6680 HdAudAddService - ok
09:05:23.0124 6680 HDAudBus - ok
09:05:23.0131 6680 HECI - ok
09:05:23.0136 6680 HidBatt - ok
09:05:23.0141 6680 HidBth - ok
09:05:23.0147 6680 HidIr - ok
09:05:23.0156 6680 HidUsb - ok
09:05:23.0180 6680 hpdskflt - ok
09:05:23.0188 6680 HpqKbFiltr - ok
09:05:23.0196 6680 HpSAMD - ok
09:05:23.0211 6680 HTTP - ok
09:05:23.0216 6680 hwpolicy - ok
09:05:23.0220 6680 i8042prt - ok
09:05:23.0230 6680 iaStor - ok
09:05:23.0236 6680 iaStorV - ok
09:05:23.0244 6680 igfx - ok
09:05:23.0247 6680 iirsp - ok
09:05:23.0256 6680 intelide - ok
09:05:23.0261 6680 intelppm - ok
09:05:23.0268 6680 IpFilterDriver - ok
09:05:23.0276 6680 IPMIDRV - ok
09:05:23.0280 6680 IPNAT - ok
09:05:23.0287 6680 IRENUM - ok
09:05:23.0292 6680 isapnp - ok
09:05:23.0298 6680 iScsiPrt - ok
09:05:23.0303 6680 kbdclass - ok
09:05:23.0308 6680 kbdhid - ok
09:05:23.0331 6680 KeyScrambler - ok
09:05:23.0336 6680 KSecDD - ok
09:05:23.0341 6680 KSecPkg - ok
09:05:23.0395 6680 Lavasoft Kernexplorer - ok
09:05:23.0417 6680 Lbd - ok
09:05:23.0430 6680 lltdio - ok
09:05:23.0448 6680 LSI_FC - ok
09:05:23.0456 6680 LSI_SAS - ok
09:05:23.0472 6680 LSI_SAS2 - ok
09:05:23.0479 6680 LSI_SCSI - ok
09:05:23.0488 6680 luafv - ok
09:05:23.0505 6680 megasas - ok
09:05:23.0511 6680 MegaSR - ok
09:05:23.0519 6680 Modem - ok
09:05:23.0526 6680 monitor - ok
09:05:23.0531 6680 mouclass - ok
09:05:23.0542 6680 mouhid - ok
09:05:23.0548 6680 mountmgr - ok
09:05:23.0566 6680 MpFilter - ok
09:05:23.0572 6680 mpio - ok
09:05:23.0580 6680 MpKsl246883b8 - ok
09:05:23.0589 6680 MpKsl28f745f5 - ok
09:05:23.0610 6680 MpKsl2d952816 - ok
09:05:23.0631 6680 MpKsl309e0c00 - ok
09:05:23.0685 6680 MpKsl4ab4fb1e - ok
09:05:23.0691 6680 MpKsl4bf6c935 - ok
09:05:23.0699 6680 MpKsla77cd188 - ok
09:05:23.0706 6680 MpKslb10d82ad - ok
09:05:23.0744 6680 MpKslc4220c5e - ok
09:05:23.0751 6680 MpKsld051945c - ok
09:05:23.0760 6680 MpKsldfe4d82a - ok
09:05:23.0767 6680 MpKsle2087419 - ok
09:05:23.0784 6680 MpKsleff77fdf - ok
09:05:23.0790 6680 MpKslf252ffc9 - ok
09:05:23.0797 6680 MpKslf38c67e0 - ok
09:05:23.0802 6680 MpKslf78f7d1c - ok
09:05:23.0806 6680 MpNWMon - ok
09:05:23.0811 6680 mpsdrv - ok
09:05:23.0818 6680 MRxDAV - ok
09:05:23.0824 6680 mrxsmb - ok
09:05:23.0831 6680 mrxsmb10 - ok
09:05:23.0838 6680 mrxsmb20 - ok
09:05:23.0846 6680 msahci - ok
09:05:23.0856 6680 msdsm - ok
09:05:23.0877 6680 Msfs - ok
09:05:23.0882 6680 mshidkmdf - ok
09:05:23.0891 6680 msisadrv - ok
09:05:23.0906 6680 MSKSSRV - ok
09:05:23.0913 6680 MSPCLOCK - ok
09:05:23.0919 6680 MSPQM - ok
09:05:23.0924 6680 MsRPC - ok
09:05:23.0933 6680 mssmbios - ok
09:05:23.0939 6680 MSTEE - ok
09:05:23.0944 6680 MTConfig - ok
09:05:23.0949 6680 Mup - ok
09:05:23.0958 6680 NativeWifiP - ok
09:05:23.0974 6680 NDIS - ok
09:05:23.0981 6680 NdisCap - ok
09:05:23.0986 6680 NdisTapi - ok
09:05:23.0991 6680 Ndisuio - ok
09:05:23.0998 6680 NdisWan - ok
09:05:24.0003 6680 NDProxy - ok
09:05:24.0008 6680 NetBIOS - ok
09:05:24.0015 6680 NetBT - ok
09:05:24.0053 6680 NETw5s32 - ok
09:05:24.0059 6680 netw5v32 - ok
09:05:24.0074 6680 NETwNs32 - ok
09:05:24.0088 6680 nfrd960 - ok
09:05:24.0108 6680 NisDrv - ok
09:05:24.0116 6680 Npfs - ok
09:05:24.0150 6680 nsiproxy - ok
09:05:24.0158 6680 Ntfs - ok
09:05:24.0164 6680 Null - ok
09:05:24.0174 6680 nvraid - ok
09:05:24.0181 6680 nvstor - ok
09:05:24.0197 6680 nv_agp - ok
09:05:24.0205 6680 ohci1394 - ok
09:05:24.0218 6680 Parport - ok
09:05:24.0224 6680 partmgr - ok
09:05:24.0230 6680 Parvdm - ok
09:05:24.0237 6680 pci - ok
09:05:24.0242 6680 pciide - ok
09:05:24.0249 6680 pcmcia - ok
09:05:24.0254 6680 pcw - ok
09:05:24.0259 6680 PEAUTH - ok
09:05:24.0295 6680 Point32 - ok
09:05:24.0308 6680 PptpMiniport - ok
09:05:24.0315 6680 Processor - ok
09:05:24.0329 6680 Psched - ok
09:05:24.0340 6680 ql2300 - ok
09:05:24.0348 6680 ql40xx - ok
09:05:24.0359 6680 QWAVEdrv - ok
09:05:24.0366 6680 RasAcd - ok
09:05:24.0371 6680 RasAgileVpn - ok
09:05:24.0381 6680 Rasl2tp - ok
09:05:24.0391 6680 RasPppoe - ok
09:05:24.0401 6680 RasSstp - ok
09:05:24.0407 6680 rdbss - ok
09:05:24.0413 6680 rdpbus - ok
09:05:24.0419 6680 RDPCDD - ok
09:05:24.0427 6680 RDPDR - ok
09:05:24.0434 6680 RDPENCDD - ok
09:05:24.0441 6680 RDPREFMP - ok
09:05:24.0460 6680 RdpVideoMiniport - ok
09:05:24.0468 6680 RDPWD - ok
09:05:24.0473 6680 rdyboost - ok
09:05:24.0503 6680 RFCOMM - ok
09:05:24.0509 6680 rimmptsk - ok
09:05:24.0516 6680 rimspci - ok
09:05:24.0521 6680 rimsptsk - ok
09:05:24.0526 6680 risdpcie - ok
09:05:24.0532 6680 rismxdp - ok
09:05:24.0538 6680 rixdpcie - ok
09:05:24.0564 6680 rspndr - ok
09:05:24.0587 6680 RsvLock - ok
09:05:24.0592 6680 s3cap - ok
09:05:24.0625 6680 SafeBoot - ok
09:05:24.0642 6680 SBAlg - ok
09:05:24.0649 6680 SbFlop - ok
09:05:24.0656 6680 SbFsLock - ok
09:05:24.0661 6680 sbp2port - ok
09:05:24.0668 6680 SbRegFlt - ok
09:05:24.0697 6680 scfilter - ok
09:05:24.0721 6680 sdbus - ok
09:05:24.0734 6680 secdrv - ok
09:05:24.0754 6680 Serenum - ok
09:05:24.0760 6680 Serial - ok
09:05:24.0766 6680 sermouse - ok
09:05:24.0784 6680 sffdisk - ok
09:05:24.0790 6680 sffp_mmc - ok
09:05:24.0796 6680 sffp_sd - ok
09:05:24.0801 6680 sfloppy - ok
09:05:24.0819 6680 sisagp - ok
09:05:24.0834 6680 SiSRaid2 - ok
09:05:24.0840 6680 SiSRaid4 - ok
09:05:24.0846 6680 Smb - ok
09:05:24.0861 6680 SNP2UVC - ok
09:05:24.0868 6680 spldr - ok
09:05:24.0899 6680 sptd - ok
09:05:24.0905 6680 srv - ok
09:05:24.0911 6680 srv2 - ok
09:05:24.0919 6680 srvnet - ok
09:05:24.0942 6680 stexstor - ok
09:05:24.0956 6680 storflt - ok
09:05:24.0971 6680 storvsc - ok
09:05:24.0980 6680 swenum - ok
09:05:24.0995 6680 Synth3dVsc - ok
09:05:25.0005 6680 SynTP - ok
09:05:25.0029 6680 Tcpip - ok
09:05:25.0035 6680 TCPIP6 - ok
09:05:25.0045 6680 tcpipreg - ok
09:05:25.0054 6680 TDPIPE - ok
09:05:25.0060 6680 TDTCP - ok
09:05:25.0066 6680 tdx - ok
09:05:25.0072 6680 TermDD - ok
09:05:25.0089 6680 TPM - ok
09:05:25.0116 6680 tssecsrv - ok
09:05:25.0123 6680 TsUsbFlt - ok
09:05:25.0129 6680 tsusbhub - ok
09:05:25.0139 6680 tunnel - ok
09:05:25.0157 6680 uagp35 - ok
09:05:25.0163 6680 udfs - ok
09:05:25.0183 6680 uliagpkx - ok
09:05:25.0190 6680 umbus - ok
09:05:25.0196 6680 UmPass - ok
09:05:25.0212 6680 USBAAPL - ok
09:05:25.0220 6680 usbaudio - ok
09:05:25.0226 6680 usbccgp - ok
09:05:25.0233 6680 usbcir - ok
09:05:25.0239 6680 usbehci - ok
09:05:25.0245 6680 usbhub - ok
09:05:25.0252 6680 usbohci - ok
09:05:25.0259 6680 usbprint - ok
09:05:25.0266 6680 USBSTOR - ok
09:05:25.0272 6680 usbuhci - ok
09:05:25.0290 6680 usbvideo - ok
09:05:25.0341 6680 vdrvroot - ok
09:05:25.0353 6680 vga - ok
09:05:25.0360 6680 VgaSave - ok
09:05:25.0367 6680 VGPU - ok
09:05:25.0373 6680 vhdmp - ok
09:05:25.0379 6680 viaagp - ok
09:05:25.0386 6680 ViaC7 - ok
09:05:25.0392 6680 viaide - ok
09:05:25.0401 6680 vmbus - ok
09:05:25.0405 6680 VMBusHID - ok
09:05:25.0411 6680 volmgr - ok
09:05:25.0417 6680 volmgrx - ok
09:05:25.0423 6680 volsnap - ok
09:05:25.0436 6680 vpnva - ok
09:05:25.0442 6680 vsmraid - ok
09:05:25.0454 6680 vwifibus - ok
09:05:25.0460 6680 vwififlt - ok
09:05:25.0468 6680 vwifimp - ok
09:05:25.0500 6680 wacommousefilter - ok
09:05:25.0510 6680 WacomPen - ok
09:05:25.0533 6680 wacomvhid - ok
09:05:25.0540 6680 WANARP - ok
09:05:25.0545 6680 Wanarpv6 - ok
09:05:25.0600 6680 Wd - ok
09:05:25.0606 6680 Wdf01000 - ok
09:05:25.0626 6680 WebDriveFSD - ok
09:05:25.0650 6680 WfpLwf - ok
09:05:25.0660 6680 WIMMount - ok
09:05:25.0709 6680 WinUsb - ok
09:05:25.0719 6680 WisdPen - ok
09:05:25.0739 6680 WmiAcpi - ok
09:05:25.0779 6680 ws2ifsl - ok
09:05:25.0800 6680 WudfPf - ok
09:05:25.0807 6680 WUDFRd - ok
09:05:25.0881 6680 MBR (0x1B8) (9c038b3ae4a8321dc98e450f5c4860f9) \Device\Harddisk0\DR0
09:05:26.0048 6680 \Device\Harddisk0\DR0 - ok
09:05:26.0065 6680 Boot (0x1200) (1df0a0d2e4ee8f7c0da08ec7acb7b53e) \Device\Harddisk0\DR0\Partition0
09:05:26.0065 6680 \Device\Harddisk0\DR0\Partition0 - ok
09:05:26.0082 6680 Boot (0x1200) (e6f0ceb61d07d05033c1bcb1f6f942da) \Device\Harddisk0\DR0\Partition1
09:05:26.0082 6680 \Device\Harddisk0\DR0\Partition1 - ok
09:05:26.0083 6680 ============================================================
09:05:26.0083 6680 Scan finished
09:05:26.0083 6680 ============================================================
09:05:26.0100 6484 Detected object count: 0
09:05:26.0100 6484 Actual detected object count: 0


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-29 09:16:06
-----------------------------
09:16:06.816 OS Version: Windows 6.1.7601 Service Pack 1
09:16:06.816 Number of processors: 2 586 0x170A
09:16:06.816 ComputerName: STT-BBJORNSEN UserName: bbjornsen
09:16:43.242 Initialize success
09:16:43.960 AVAST engine defs: 11092900
09:16:47.595 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:16:47.595 Disk 0 Vendor: TOSHIBA_ QS00 Size: 238475MB BusType: 3
09:16:47.641 Disk 0 MBR read successfully
09:16:47.657 Disk 0 MBR scan
09:16:48.156 Disk 0 unknown MBR code
09:16:48.172 Disk 0 scanning sectors +488395120
09:16:48.250 Disk 0 scanning C:\Windows\system32\drivers
09:16:48.250 Service scanning
09:16:50.293 Modules scanning
09:16:50.980 Disk 0 trace - called modules:
09:16:50.995 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll iaStor.sys
09:16:51.011 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866d03e0]
09:16:51.011 3 CLASSPNP.SYS[8aa3059e] -> nt!IofCallDriver -> [0x866d0c48]
09:16:51.011 5 hpdskflt.sys[8b847f92] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85c17028]
09:16:52.056 AVAST engine scan C:\Windows
09:16:52.087 AVAST engine scan C:\Windows\system32
09:16:52.103 AVAST engine scan C:\Windows\system32\drivers
09:16:52.119 AVAST engine scan C:\Users\bbjornsen
09:16:52.119 AVAST engine scan C:\ProgramData
09:16:52.134 Scan finished successfully
09:17:02.820 Disk 0 MBR has been saved successfully to "C:\Users\bbjornsen\Desktop\MBR.dat"
09:17:02.851 The log file has been saved successfully to "C:\Users\bbjornsen\Desktop\aswMBR.txt"

#4 scoutnj19

scoutnj19
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 29 September 2011 - 09:45 AM

Just to give some tangible proof of my issue:

Posted Image

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:11 PM

Posted 29 September 2011 - 10:16 AM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

#6 scoutnj19

scoutnj19
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 29 September 2011 - 11:14 AM

ComboFix 11-09-29.03 - bbjornsen 09/29/2011 10:33:38.1.2 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.2972.856 [GMT -5:00]
Running from: c:\users\bbjornsen\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\bbjornsen\AppData\Roaming\3M
c:\users\bbjornsen\AppData\Roaming\3M\PDNotes\PDNDB
c:\users\bbjornsen\AppData\Roaming\3M\PDNotes\PDNDB.ldb
c:\users\bbjornsen\AppData\Roaming\3M\PDNotes\Subscriptions.config
c:\users\bbjornsen\AppData\Roaming\Microsoft\Windows\Recent\US Flag Football Plays and Playbooks - Plays for 4,5,7 and 8 man teams.url
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-29 )))))))))))))))))))))))))))))))
.
.
2011-09-29 01:56 . 2011-07-21 19:59 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-09-24 14:05 . 2011-09-24 14:05 388096 ----a-r- c:\users\bbjornsen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-24 14:05 . 2011-09-24 14:05 -------- d-----w- c:\program files\Trend Micro
2011-09-18 23:29 . 2011-08-09 14:19 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-09-15 15:46 . 2011-09-15 15:46 -------- d-----w- c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-08-31 21:35 . 2011-08-31 21:35 -------- d-----w- c:\program files\iPod
2011-08-30 20:53 . 2011-08-30 20:53 -------- d-----w- c:\users\bbjornsen\AppData\Roaming\ToLTech
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 15:48 . 2010-02-18 23:11 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-09-29 15:48 . 2010-02-19 14:47 58288 ----a-w- c:\windows\system32\rpcnet.dll
2011-09-24 15:33 . 2011-05-28 12:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 20:45 . 2010-08-30 01:41 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-08-30 01:41 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-06-26 16:36 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2010-08-30 01:41 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-08-30 01:41 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-08-30 01:41 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-08-30 01:41 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2010-08-30 01:41 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-09 14:19 . 2011-08-09 14:19 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-03 20:44 . 2011-08-03 20:44 10680 ----a-w- c:\windows\system32\vpncategories.dll
2011-08-03 20:44 . 2011-08-03 20:44 30648 ----a-w- c:\windows\system32\vpnevents.dll
2011-08-03 20:27 . 2011-08-03 20:27 19192 ----a-w- c:\windows\system32\drivers\vpnva.sys
2011-07-22 02:54 . 2011-08-10 13:25 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-10 13:25 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-10 13:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27 . 2011-08-09 22:07 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:15 . 2011-08-09 22:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:17 . 2011-08-09 22:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 02:17 . 2011-08-09 22:07 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-09 22:07 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 03:39 . 2011-07-29 21:14 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2AC0A38C-446E-4468-B5F9-AF5E2A907742}\mpengine.dll
2011-07-13 03:39 . 2011-07-29 21:13 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-13 03:39 . 2010-03-10 21:17 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 16:20 . 2011-07-12 16:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 16:20 . 2011-07-12 16:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-09 04:29 . 2011-08-24 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 02:30 . 2011-08-09 22:07 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2008-08-16 23:42 . 2008-08-16 23:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 23:42 . 2008-08-16 23:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 23:42 . 2008-08-16 23:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 23:42 . 2008-08-16 23:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 23:43 . 2008-08-16 23:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 23:42 . 2008-08-16 23:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 23:42 . 2008-08-16 23:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 14:41 . 2008-05-21 14:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 14:41 . 2008-05-21 14:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 14:41 . 2008-05-21 14:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 19:58 . 2008-06-05 19:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 23:42 . 2008-08-16 23:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2011-09-12 01:10 . 2011-03-31 22:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\bbjornsen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\bbjornsen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\bbjornsen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2011-06-01 20:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2011-06-01 20:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2011-06-01 20:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2011-06-01 20:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WebDrive]
@="{37D70BD3-073C-4180-ADD9-C032EA5A7204}"
[HKEY_CLASSES_ROOT\CLSID\{37D70BD3-073C-4180-ADD9-C032EA5A7204}]
2010-05-25 19:57 1318912 ----a-w- c:\windows\System32\wdShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SafeBootTokWatch"="c:\program files\McAfee\Endpoint Encryption for PC\SbTokWatch.exe" [2009-11-24 172092]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"TK8 StickyNotes"="c:\program files\TK8 StickyNotes\TK8StickyNotes.exe" [2011-01-05 9212720]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2011-06-01 16007168]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-12 1242448]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-01-11 349240]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-15 358936]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"SafeBootTrayManager"="c:\program files\SafeBoot Tray Manager\SbTrayManager.exe" [2009-08-19 69632]
"SafeBootTokenWatcher"="c:\program files\McAfee\Endpoint Encryption for PC\SbTokWatch.exe" [2009-11-24 172092]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2010-07-08 815704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-25 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-25 172568]
"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2008-10-09 27176]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
c:\users\bbjornsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\bbjornsen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-8-22 24182896]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-12 576104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 MpKsl246883b8;MpKsl246883b8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BF6B00E9-2145-4B78-94EF-B26D6718C593}\MpKsl246883b8.sys [x]
R1 MpKsl28f745f5;MpKsl28f745f5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EC11AC5-F865-4A63-83B2-24234A7BE2A7}\MpKsl28f745f5.sys [x]
R1 MpKsl2d952816;MpKsl2d952816;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2738D06-D1B0-4B6F-814E-72D1DA14009E}\MpKsl2d952816.sys [x]
R1 MpKsl309e0c00;MpKsl309e0c00;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7912700-EE25-48C6-B4E5-280EC0101F4F}\MpKsl309e0c00.sys [x]
R1 MpKsl4ab4fb1e;MpKsl4ab4fb1e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C53D8350-2E0A-4FE7-9F10-1E1E6313F984}\MpKsl4ab4fb1e.sys [x]
R1 MpKsl4bf6c935;MpKsl4bf6c935;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2AC0A38C-446E-4468-B5F9-AF5E2A907742}\MpKsl4bf6c935.sys [2011-07-29 28752]
R1 MpKsla77cd188;MpKsla77cd188;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2CB5825-855E-4052-BF3E-4889BB13C30C}\MpKsla77cd188.sys [x]
R1 MpKslb10d82ad;MpKslb10d82ad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FEAE7463-81C4-4370-A56A-BC78C716C884}\MpKslb10d82ad.sys [x]
R1 MpKslc4220c5e;MpKslc4220c5e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E5B2F8D6-B356-4554-AE3C-6B9E4728527A}\MpKslc4220c5e.sys [x]
R1 MpKsld051945c;MpKsld051945c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE7EFBBB-0D9F-470E-880C-A70F7D05C9F1}\MpKsld051945c.sys [x]
R1 MpKsldfe4d82a;MpKsldfe4d82a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41772061-1DC1-489D-A023-04609F7BEBCA}\MpKsldfe4d82a.sys [x]
R1 MpKsle2087419;MpKsle2087419;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CE9F8E40-0C45-4AB1-B897-DEB9E53F5C9F}\MpKsle2087419.sys [x]
R1 MpKsleff77fdf;MpKsleff77fdf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27BFE463-141B-42AD-89D7-11A563B71EE0}\MpKsleff77fdf.sys [x]
R1 MpKslf252ffc9;MpKslf252ffc9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31BCEEBD-4780-4FDB-A336-BE974F3EF48C}\MpKslf252ffc9.sys [x]
R1 MpKslf38c67e0;MpKslf38c67e0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{271D4026-C911-4D68-9EF7-A5FC7CCCDB32}\MpKslf38c67e0.sys [x]
R1 MpKslf78f7d1c;MpKslf78f7d1c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A730D332-2726-4978-9444-BDC4B1F2B6B8}\MpKslf78f7d1c.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-05 38400]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-07-21 15232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2011-06-25 6758912]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-12-07 3979632]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-28 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-25 691696]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-07-21 64512]
S0 SafeBoot;SafeBoot; [x]
S0 SBAlg;SBAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 RsvLock;RsvLock; [x]
S1 SbFlop;SbFlop; [x]
S1 SbRegFlt;SbRegFlt; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
S2 SafeBootClientManager;SafeBoot Client Manager;c:\program files\McAfee\Endpoint Encryption for PC\SbClientManager.exe [2009-11-24 380988]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-05-29 1357608]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [2010-07-08 815704]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-07-15 2058776]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-08-03 645048]
S2 WebDriveFSD;WebDrive File System Driver;c:\program files\WebDrive\wdfsd.sys [2010-05-25 147288]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2010-04-08 223960]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-02-11 114952]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-06-25 6814720]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 WisdPen;Wacom Penabled MiniDriver;c:\windows\system32\DRIVERS\wisdpen.sys [2011-01-04 37232]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-07-21 07:40]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1663731863-2945628760-1011647108-1002Core.job
- c:\users\BBJORNSEN\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-01 16:18]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1663731863-2945628760-1011647108-1002UA.job
- c:\users\BBJORNSEN\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-01 16:18]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1663731863-2945628760-1011647108-1006Core.job
- c:\users\bbjornsen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-01 16:18]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1663731863-2945628760-1011647108-1006UA.job
- c:\users\bbjornsen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-01 16:18]
.
2011-09-18 c:\windows\Tasks\HPCeeScheduleForbbjornsen.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 10:22]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.kumc.edu/CACHE/stc/11/binaries/vpnweb.cab
FF - ProfilePath - c:\users\bbjornsen\AppData\Roaming\Mozilla\Firefox\Profiles\71hn5h94.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1663731863-2945628760-1011647108-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:a8,8e,05,06,49,78,f2,7b,a9,45,0b,62,82,96,99,53,df,91,b6,13,49,e7,38,
23,dd,5f,92,ef,a3,c3,27,81,ae,4e,58,db,f7,9f,16,ea,aa,ad,be,dc,c5,c9,03,29,\
"??"=hex:0c,4b,37,5b,55,65,07,d1,d2,f4,43,9c,48,7b,6d,46
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\wdnp32.dll
c:\windows\system32\wdHelper.dll
c:\windows\system32\wdCryptoUtils.dll
c:\windows\system32\wdResDll.dll
c:\windows\system32\wdUIResDll.dll
.
- - - - - - - > 'Explorer.exe'(3872)
c:\users\bbjornsen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\SugarSync\SugarSyncShellExt.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\rpcnet.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\WebDrive\wdService.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-09-29 11:01:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-29 16:01
.
Pre-Run: 137,530,589,184 bytes free
Post-Run: 137,397,121,024 bytes free
.
- - End Of File - - 17C502DAA5596623D04A1CDB3FC6DD01

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:11 PM

Posted 29 September 2011 - 01:20 PM

Open notepad and copy/paste the text in the quote box below into it:

Driver::
MpKsl246883b8
MpKsl28f745f5
MpKsl2d952816
MpKsl309e0c00
MpKsl4ab4fb1e
MpKsla77cd188
MpKslb10d82ad
MpKslc4220c5e
MpKsld051945c
MpKsldfe4d82a
MpKsle2087419
MpKsleff77fdf
MpKslf252ffc9
MpKslf38c67e0
MpKslf78f7d1c
VGPU


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#8 scoutnj19

scoutnj19
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 30 September 2011 - 04:23 PM

Here are the two requested logs. I apologize for the delay; I had a medical school exam this morning.

----------------------------------

ComboFix 11-09-30.05 - bbjornsen 09/30/2011 15:33:31.4.2 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.2972.1260 [GMT -5:00]
Running from: c:\users\bbjornsen\Desktop\ComboFix.exe
Command switches used :: c:\users\bbjornsen\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-28 to 2011-09-30 )))))))))))))))))))))))))))))))
.
.
2011-09-30 20:49 . 2011-09-30 20:49 -------- d-----w- c:\users\kumcuser\AppData\Local\temp
2011-09-30 20:49 . 2011-09-30 20:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-30 20:49 . 2011-09-30 20:49 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-09-30 20:49 . 2011-09-30 20:49 -------- d-----w- c:\users\Administrator.STT-BBJORNSEN\AppData\Local\temp
2011-09-29 01:56 . 2011-07-21 19:59 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-09-24 14:05 . 2011-09-24 14:05 388096 ----a-r- c:\users\bbjornsen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-24 14:05 . 2011-09-24 14:05 -------- d-----w- c:\program files\Trend Micro
2011-09-18 23:29 . 2011-08-09 14:19 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-09-15 15:46 . 2011-09-15 15:46 -------- d-----w- c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-08-31 21:35 . 2011-08-31 21:35 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-30 20:56 . 2010-02-18 23:11 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-09-30 20:56 . 2010-02-19 14:47 58288 ----a-w- c:\windows\system32\rpcnet.dll
2011-09-24 15:33 . 2011-05-28 12:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 20:45 . 2010-08-30 01:41 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2010-08-30 01:41 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-06-26 16:36 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2010-08-30 01:41 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2010-08-30 01:41 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2010-08-30 01:41 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2010-08-30 01:41 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2010-08-30 01:41 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-09 14:19 . 2011-08-09 14:19 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-03 20:44 . 2011-08-03 20:44 10680 ----a-w- c:\windows\system32\vpncategories.dll
2011-08-03 20:44 . 2011-08-03 20:44 30648 ----a-w- c:\windows\system32\vpnevents.dll
2011-08-03 20:27 . 2011-08-03 20:27 19192 ----a-w- c:\windows\system32\drivers\vpnva.sys
2011-07-22 02:54 . 2011-08-10 13:25 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-10 13:25 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-10 13:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27 . 2011-08-09 22:07 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:15 . 2011-08-09 22:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:17 . 2011-08-09 22:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-09 22:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 02:17 . 2011-08-09 22:07 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-09 22:07 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 03:39 . 2011-07-29 21:14 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2AC0A38C-446E-4468-B5F9-AF5E2A907742}\mpengine.dll
2011-07-13 03:39 . 2011-07-29 21:13 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-07-13 03:39 . 2010-03-10 21:17 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 16:20 . 2011-07-12 16:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 16:20 . 2011-07-12 16:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-09 04:29 . 2011-08-24 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 02:30 . 2011-08-09 22:07 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2008-08-16 23:42 . 2008-08-16 23:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 23:42 . 2008-08-16 23:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 23:42 . 2008-08-16 23:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 23:42 . 2008-08-16 23:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 23:43 . 2008-08-16 23:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 23:42 . 2008-08-16 23:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 23:42 . 2008-08-16 23:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 14:41 . 2008-05-21 14:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 14:41 . 2008-05-21 14:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 14:41 . 2008-05-21 14:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 19:58 . 2008-06-05 19:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 23:42 . 2008-08-16 23:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2011-09-12 01:10 . 2011-03-31 22:06 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-09-29_19.36.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:55 . 2011-09-30 20:58 70086 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 04:55 . 2011-09-29 18:52 70086 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-02-18 23:13 . 2011-09-29 18:52 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-18 23:13 . 2011-09-30 20:56 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-18 23:13 . 2011-09-29 18:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-18 23:13 . 2011-09-30 20:56 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2011-09-29 18:52 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2011-09-30 20:56 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-15 20:48 . 2011-09-30 20:58 9842 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1663731863-2945628760-1011647108-1006_UserData.bin
+ 2011-09-30 20:25 . 2011-09-30 20:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-09-29 14:19 . 2011-09-29 18:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-30 20:25 . 2011-09-30 20:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-29 14:19 . 2011-09-29 18:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-02-19 05:36 . 2011-09-30 10:50 463602 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2010-02-18 23:13 . 2011-09-29 14:24 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-02-18 23:13 . 2011-09-30 14:16 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:47 . 2011-09-29 14:12 342548 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2011-09-30 20:24 342548 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-19 23:46 . 2011-09-30 20:24 21063968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1663731863-2945628760-1011647108-1006-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\bbjornsen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\bbjornsen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\bbjornsen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2011-06-01 20:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2011-06-01 20:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2011-06-01 20:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2011-06-01 20:45 319488 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WebDrive]
@="{37D70BD3-073C-4180-ADD9-C032EA5A7204}"
[HKEY_CLASSES_ROOT\CLSID\{37D70BD3-073C-4180-ADD9-C032EA5A7204}]
2010-05-25 19:57 1318912 ----a-w- c:\windows\System32\wdShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SafeBootTokWatch"="c:\program files\McAfee\Endpoint Encryption for PC\SbTokWatch.exe" [2009-11-24 172092]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"TK8 StickyNotes"="c:\program files\TK8 StickyNotes\TK8StickyNotes.exe" [2011-01-05 9212720]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2011-06-01 16007168]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-12 1242448]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-01-11 349240]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-15 358936]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"SafeBootTrayManager"="c:\program files\SafeBoot Tray Manager\SbTrayManager.exe" [2009-08-19 69632]
"SafeBootTokenWatcher"="c:\program files\McAfee\Endpoint Encryption for PC\SbTokWatch.exe" [2009-11-24 172092]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2010-07-08 815704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-25 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-25 172568]
"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2008-10-09 27176]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
c:\users\bbjornsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\bbjornsen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-8-22 24182896]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-5-12 576104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 MpKsl4bf6c935;MpKsl4bf6c935;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2AC0A38C-446E-4468-B5F9-AF5E2A907742}\MpKsl4bf6c935.sys [2011-07-29 28752]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-05 38400]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-07-21 15232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2011-06-25 6758912]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-12-07 3979632]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-28 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-25 691696]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-07-21 64512]
S0 SafeBoot;SafeBoot; [x]
S0 SBAlg;SBAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 RsvLock;RsvLock; [x]
S1 SbFlop;SbFlop; [x]
S1 SbRegFlt;SbRegFlt; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]
S2 SafeBootClientManager;SafeBoot Client Manager;c:\program files\McAfee\Endpoint Encryption for PC\SbClientManager.exe [2009-11-24 380988]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-05-29 1357608]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [2010-07-08 815704]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-07-15 2058776]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-08-03 645048]
S2 WebDriveFSD;WebDrive File System Driver;c:\program files\WebDrive\wdfsd.sys [2010-05-25 147288]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2010-04-08 223960]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-02-11 114952]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-06-25 6814720]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 WisdPen;Wacom Penabled MiniDriver;c:\windows\system32\DRIVERS\wisdpen.sys [2011-01-04 37232]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-07-21 07:40]
.
2011-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1663731863-2945628760-1011647108-1002Core.job
- c:\users\BBJORNSEN\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-01 16:18]
.
2011-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1663731863-2945628760-1011647108-1002UA.job
- c:\users\BBJORNSEN\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-01 16:18]
.
2011-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1663731863-2945628760-1011647108-1006Core.job
- c:\users\bbjornsen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-01 16:18]
.
2011-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1663731863-2945628760-1011647108-1006UA.job
- c:\users\bbjornsen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-01 16:18]
.
2011-09-18 c:\windows\Tasks\HPCeeScheduleForbbjornsen.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 10:22]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.kumc.edu/CACHE/stc/11/binaries/vpnweb.cab
FF - ProfilePath - c:\users\bbjornsen\AppData\Roaming\Mozilla\Firefox\Profiles\71hn5h94.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1663731863-2945628760-1011647108-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:a8,8e,05,06,49,78,f2,7b,a9,45,0b,62,82,96,99,53,df,91,b6,13,49,e7,38,
23,dd,5f,92,ef,a3,c3,27,81,ae,4e,58,db,f7,9f,16,ea,aa,ad,be,dc,c5,c9,03,29,\
"??"=hex:0c,4b,37,5b,55,65,07,d1,d2,f4,43,9c,48,7b,6d,46
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\wdnp32.dll
c:\windows\system32\wdHelper.dll
c:\windows\system32\wdCryptoUtils.dll
c:\windows\system32\wdResDll.dll
c:\windows\system32\wdUIResDll.dll
.
- - - - - - - > 'Explorer.exe'(5972)
c:\users\bbjornsen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\SugarSync\SugarSyncShellExt.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\rpcnet.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\WebDrive\wdService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-09-30 16:16:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-30 21:15
ComboFix2.txt 2011-09-29 19:10
ComboFix3.txt 2011-09-29 16:01
.
Pre-Run: 135,973,822,464 bytes free
Post-Run: 135,988,457,472 bytes free
.
- - End Of File - - 3F44C5848F8C410A0AC57C26F6145F15



Results of screen317's Security Check version 0.99.19
Windows 7 Service Pack 1 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
SpywareBlaster 4.4
Spybot - Search & Destroy
CCleaner
Wise Disk Cleaner 5.91
Wise Registry Cleaner 5.9.1
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.183.10
Mozilla Firefox (Player..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Spybot Teatimer.exe is disabled!
Alwil Software Avast5 AvastSvc.exe
``````````End of Log````````````

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:11 PM

Posted 01 October 2011 - 06:39 AM

Looking good. Any remaining issues?

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u27-windows-x64.exe). Make sure you download the corrent version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 26

===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.7 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Flash Player 10.3.183.10 ... Flash Player for Android update to Adobe Flash Player for Android 10.3.186.7

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.

Download for Internet Explorer

Download for Firefox and other browsers
<<<>>>

#10 scoutnj19

scoutnj19
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:11 PM

Posted 01 October 2011 - 05:24 PM

I have installed the latest version of Java and according to SpeedTest, we've been fixed.

I greatly appreciate your time and assistance. What, might I ask, was the issue?

Posted Image

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:11 PM

Posted 02 October 2011 - 08:28 AM

Glad we could help.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Just delete the other tools we used to clean this computer.

Surf Safely, and Think Prevention!
===

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:11 PM

Posted 07 October 2011 - 07:44 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users