1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Great Download Speed, Horrible Upload Speed

Discussion in 'Networking' started by LittleBoyBob, Aug 16, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. LittleBoyBob

    LittleBoyBob Thread Starter

    Joined:
    Aug 16, 2010
    Messages:
    6
    I regularly upload videos online and since the last few days they've been timing out or stalling. Blip.tv is telling me a 65 MB file is going to take 4 hours to upload. Yeah right. Other sites like that are about the same, or just time out and give me errors - such as Youtube. I recently got that "We're Sorry..." page on Google, so I'm thinking something is up and there may be something on my computer sending crap out.

    Here's my speedtest.net results:

    [​IMG]

    I've scanned the computer with ad-aware, spybot search and destroy, panda anti-virus, avg, malware bytes, super anti spyware - the works, and I'm not getting anything. Everything says the computer is clean. This just doesn't seem right to me however.

    If it's any help - I used a different computer with the same modem and was able to upload fine.

    HJT Log:

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Windows\system32\WTablet\Wacom_TabletUser.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    If you can help - thank you so much
     
  2. etaf

    etaf Moderator

    Joined:
    Oct 2, 2003
    Messages:
    64,965
    First Name:
    Wayne
    what videos and to what sites ?
     
  3. LittleBoyBob

    LittleBoyBob Thread Starter

    Joined:
    Aug 16, 2010
    Messages:
    6
    Blip.TV - Youtube - Revver, that's it. Very commonly used websites.
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,220
    First Name:
    Derek
    Download MBR Check to your desktop

    • Right click MBRcheck.exe and select Run as Administrator (Vista) or Double click MBRcheck.exe to run it (XP)
    • It will show a Black screen with some data on it
    • it will create a log called MBRcheck_time and date.txt on desktop
    • Post that resultant log here please
    • Do NOT fix anything or run any suggested fix before we see the report
     
  5. LittleBoyBob

    LittleBoyBob Thread Starter

    Joined:
    Aug 16, 2010
    Messages:
    6
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: Wistron
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    Logical Drives Mask: 0x0000003c

    Kernel Drivers (total 167):
    0x82C07000 \SystemRoot\system32\ntkrnlpa.exe
    0x83017000 \SystemRoot\system32\halmacpi.dll
    0x80BA4000 \SystemRoot\system32\kdcom.dll
    0x83235000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x832AD000 \SystemRoot\system32\PSHED.dll
    0x832BE000 \SystemRoot\system32\BOOTVID.dll
    0x832C6000 \SystemRoot\system32\CLFS.SYS
    0x83308000 \SystemRoot\system32\CI.dll
    0x8AE34000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8AEA5000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8AF9D000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x8AFA6000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x833B3000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x8AFCC000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x8AFD4000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x8AE00000 \SystemRoot\system32\DRIVERS\pci.sys
    0x8AFDF000 \SystemRoot\System32\drivers\partmgr.sys
    0x8AFF0000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x8B000000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8B04B000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x8B053000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x8B05E000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8B074000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x8B07D000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x8B0A0000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x8B0AA000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x8B0B8000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x8B0C1000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8B0F5000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8B106000 \SystemRoot\system32\drivers\NIS\1007020.00B\SYMEFA.SYS
    0x8B223000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8B352000 \SystemRoot\System32\Drivers\msrpc.sys
    0x8B37D000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8B390000 \SystemRoot\System32\Drivers\cng.sys
    0x8B3ED000 \SystemRoot\System32\drivers\pcw.sys
    0x8B200000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x8B418000 \SystemRoot\system32\drivers\ndis.sys
    0x8B4CF000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8B50D000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x8B62E000 \SystemRoot\System32\drivers\tcpip.sys
    0x8B777000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8B7A8000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x8B7E7000 \SystemRoot\System32\Drivers\spldr.sys
    0x8B600000 \SystemRoot\System32\drivers\rdyboost.sys
    0x8B7EF000 \SystemRoot\System32\Drivers\mup.sys
    0x8B532000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x8B53A000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x8B56C000 \SystemRoot\system32\DRIVERS\disk.sys
    0x8B57D000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x8B5D5000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8B5F4000 \SystemRoot\System32\Drivers\Null.SYS
    0x8B400000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8B407000 \SystemRoot\System32\drivers\vga.sys
    0x8B155000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8B209000 \SystemRoot\System32\drivers\watchdog.sys
    0x8B216000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8B176000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8B17E000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x8B186000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8B191000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8B19F000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8B1B6000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8AEB3000 \SystemRoot\system32\drivers\afd.sys
    0x8B1C1000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8B1F3000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x8AF0D000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8AF2C000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x8AF46000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8AF54000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8AF67000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8AF77000 \SystemRoot\system32\drivers\NIS\1007020.00B\SRTSPX.SYS
    0x9002F000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x90070000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x9007A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x90084000 \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
    0x9009B000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090810.001\IDSvix86.sys
    0x900E7000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
    0x9010C000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0x9016A000 \SystemRoot\System32\drivers\discache.sys
    0x90176000 \SystemRoot\System32\Drivers\dfsc.sys
    0x9018E000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x9019C000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x901BD000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x901CF000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x90C37000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
    0x91134000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x90839000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x90872000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x9087D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x908C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x908D7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x908F6000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
    0x91203000 \SystemRoot\system32\DRIVERS\athr.sys
    0x91313000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x9131D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x91335000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
    0x9133A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x91347000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x91354000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x91358000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x91365000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
    0x91368000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x9137B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x91382000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x91394000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x913AC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x913B7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x913D9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x90918000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x9092F000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x913F1000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x90946000 \SystemRoot\system32\DRIVERS\ks.sys
    0x9097A000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x90988000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x913F3000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x909CC000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
    0x909D4000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x91A15000 \SystemRoot\system32\drivers\CHDRT32.sys
    0x91A50000 \SystemRoot\system32\drivers\portcls.sys
    0x91A7F000 \SystemRoot\system32\drivers\drmk.sys
    0x91A98000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0x91AD6000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x91C0D000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x91CC2000 \SystemRoot\system32\drivers\modem.sys
    0x91CCF000 \SystemRoot\system32\drivers\IntcHdmi.sys
    0x91CF0000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x91CFD000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x91D08000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x91D12000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x91D23000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x91D3A000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x91D3C000 \SystemRoot\system32\drivers\usbaudio.sys
    0x91D50000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x96A70000 \SystemRoot\System32\win32k.sys
    0x91D5B000 \SystemRoot\System32\drivers\Dxapi.sys
    0x91D65000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x96CD0000 \SystemRoot\System32\TSDDD.dll
    0x96D00000 \SystemRoot\System32\cdd.dll
    0x96D20000 \SystemRoot\System32\ATMFD.DLL
    0x91D70000 \SystemRoot\system32\drivers\luafv.sys
    0x91D8B000 \SystemRoot\system32\drivers\WudfPf.sys
    0x91DA5000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x91DB5000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x91BD9000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x91BE9000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x91C00000 \SystemRoot\system32\DRIVERS\vwifimp.sys
    0x9702A000 \SystemRoot\system32\drivers\HTTP.sys
    0x970AF000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x970C8000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x970DA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x970FD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x97138000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x9716B000 \SystemRoot\System32\Drivers\adfs.SYS
    0x9717C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x98A25000 \SystemRoot\system32\drivers\peauth.sys
    0x98ABC000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x98AC6000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x98AE7000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x98AF4000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0x98AFC000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x98B4B000 \SystemRoot\System32\DRIVERS\srv.sys
    0x98B9C000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x98BA5000 \SystemRoot\system32\DRIVERS\Lbd.sys
    0x98BB4000 \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
    0x77D60000 \Windows\System32\ntdll.dll
    0x477C0000 \Windows\System32\smss.exe
    0x77FA0000 \Windows\System32\apisetschema.dll

    Processes (total 61):
    0 System Idle Process
    4 System
    264 C:\Windows\System32\smss.exe
    376 csrss.exe
    428 csrss.exe
    436 C:\Windows\System32\wininit.exe
    468 C:\Windows\System32\winlogon.exe
    532 C:\Windows\System32\services.exe
    540 C:\Windows\System32\lsass.exe
    548 C:\Windows\System32\lsm.exe
    652 C:\Windows\System32\svchost.exe
    732 C:\Windows\System32\svchost.exe
    820 C:\Windows\System32\svchost.exe
    864 C:\Windows\System32\svchost.exe
    888 C:\Windows\System32\svchost.exe
    1028 C:\Windows\System32\svchost.exe
    1140 C:\Windows\System32\svchost.exe
    1172 C:\Windows\System32\wisptis.exe
    1384 C:\Windows\System32\spoolsv.exe
    1416 C:\Windows\System32\svchost.exe
    1524 C:\Windows\System32\svchost.exe
    1592 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1732 C:\Program Files\SMINST\BLService.exe
    1760 C:\Program Files\CyberLink\Shared files\RichVideo.exe
    1836 C:\Windows\System32\Wacom_Tablet.exe
    1892 C:\Windows\System32\drivers\XAudio.exe
    340 C:\Windows\System32\svchost.exe
    1356 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    1432 C:\Windows\System32\svchost.exe
    1936 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2052 C:\Windows\System32\SearchIndexer.exe
    2776 WmiPrvSE.exe
    3728 C:\Windows\System32\taskhost.exe
    3860 C:\Windows\System32\dwm.exe
    3872 C:\Windows\explorer.exe
    3796 C:\Windows\System32\wisptis.exe
    3832 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    1628 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    1264 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1976 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    2640 C:\Windows\System32\WTablet\Wacom_TabletUser.exe
    2212 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    2400 C:\Windows\System32\Wacom_Tablet.exe
    2448 C:\Windows\System32\svchost.exe
    3520 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    2872 C:\Windows\System32\wuauclt.exe
    1536 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
    2244 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    3656 unsecapp.exe
    3368 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    1544 C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
    3504 C:\Windows\System32\taskhost.exe
    2844 C:\Program Files\Mozilla Firefox\firefox.exe
    2884 C:\Windows\System32\audiodg.exe
    1728 C:\Windows\System32\svchost.exe
    2492 C:\Windows\System32\SearchProtocolHost.exe
    2900 C:\Windows\System32\SearchFilterHost.exe
    2264 C:\Users\Owner\Desktop\MBRCheck.exe
    3812 C:\Windows\System32\conhost.exe
    3708 C:\Windows\System32\dllhost.exe
    2852 C:\Windows\System32\notepad.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`88200000 (NTFS)

    PhysicalDrive0 Model Number: SAMSUNGHM160HI, Rev: HH100-15

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,220
    First Name:
    Derek
  7. LittleBoyBob

    LittleBoyBob Thread Starter

    Joined:
    Aug 16, 2010
    Messages:
    6
    DDS.txt :

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Windows\system32\Wacom_Tablet.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Windows\system32\WTablet\Wacom_TabletUser.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\Wacom_Tablet.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    c:\program files\windows defender\MpCmdRun.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Owner\Desktop\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.5.0.135\IPSBHO.DLL
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.5.0.135\coIEPlg.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [AdobeBridge]
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.5.0.135\CoIEPlg.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\exnqc27h.default\
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\tabletplugins\npwacom.dll
    FF - plugin: c:\users\owner\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-16 64288]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007020.00b\SymEFA.sys [2009-10-26 310320]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090810.001\IDSvix86.sys [2009-8-17 293424]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1355416]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-22 365952]
    R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-7-25 5010288]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-16 15008]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.2.11\ccSvcHst.exe [2009-10-26 117640]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1005000.087\BHDrvx86.sys [2009-8-4 258608]
    S3 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1005000.087\cchpx86.sys [2009-8-4 482352]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-22 193840]
    S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1005000.087\symndisv.sys [2009-8-4 39984]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-7-25 16168]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-3 1343400]

    =============== Created Last 30 ================

    2010-08-16 16:52:07 0 d-----w- c:\program files\Trend Micro
    2010-08-16 13:10:16 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-08-16 13:10:12 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-08-16 12:30:07 65536 --sha-w- c:\users\owner\ntuser.dat{d5642866-a8eb-11df-bd29-001f16d7a659}.TM.blf
    2010-08-16 12:30:07 524288 --sha-w- c:\users\owner\ntuser.dat{d5642866-a8eb-11df-bd29-001f16d7a659}.TMContainer00000000000000000002.regtrans-ms
    2010-08-16 12:30:07 524288 --sha-w- c:\users\owner\ntuser.dat{d5642866-a8eb-11df-bd29-001f16d7a659}.TMContainer00000000000000000001.regtrans-ms
    2010-08-16 04:36:19 0 d-----w- c:\users\owner\Pavark
    2010-08-16 02:19:56 289905 ----a-w- C:\MGlogs.zip
    2010-08-16 02:19:53 0 d-----w- C:\MGtools
    2010-08-16 01:13:12 0 d-----w- c:\users\owner\appdata\roaming\SUPERAntiSpyware.com
    2010-08-16 01:13:12 0 d-----w- c:\programdata\SUPERAntiSpyware.com
    2010-08-16 01:13:05 0 d-----w- c:\program files\SUPERAntiSpyware
    2010-08-15 22:15:17 0 d--h--w- C:\$AVG
    2010-08-14 23:50:05 0 d-----w- c:\users\owner\appdata\roaming\Malwarebytes
    2010-08-14 23:49:43 0 d-----w- c:\programdata\Malwarebytes
    2010-08-14 23:49:42 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-14 22:44:08 0 d-----w- c:\programdata\AVG Security Toolbar
    2010-08-14 22:40:59 0 d-----w- c:\program files\AVG
    2010-08-14 22:40:39 0 d-----w- c:\programdata\avg9
    2010-08-14 21:38:08 0 d-----w- c:\programdata\Spybot - Search & Destroy
    2010-08-14 21:38:08 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-08-11 01:37:16 0 d-----w- c:\users\owner\.jnlp-applet
    2010-08-07 08:39:15 0 dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
    2010-08-07 08:39:05 0 d-----w- c:\programdata\Lavasoft
    2010-08-07 08:39:05 0 d-----w- c:\program files\Lavasoft
    2010-07-25 13:18:41 0 d-----w- c:\users\owner\appdata\roaming\WTablet
    2010-07-25 13:18:36 0 d-----w- c:\program files\TabletPlugins
    2010-07-25 13:18:35 7773040 ----a-w- c:\windows\system32\WacomTablet.cpl
    2010-07-25 13:18:35 1746986 ----a-w- c:\windows\system32\WacomTablet.znc
    2010-07-25 13:18:27 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
    2010-07-25 13:18:10 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
    2010-07-25 13:18:07 16168 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
    2010-07-25 13:18:07 0 d-----w- c:\windows\system32\WTablet
    2010-07-25 13:18:04 5010288 ----a-w- c:\windows\system32\Wacom_Tablet.exe
    2010-07-25 13:18:04 415600 ----a-w- c:\windows\system32\Wacom_Tablet.dll
    2010-07-25 13:18:04 294400 ----a-w- c:\windows\system32\Wintab32.dll
    2010-07-25 13:18:01 0 d-----w- c:\program files\Tablet

    ==================== Find3M ====================

    2010-05-27 20:18:00 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2009-11-10 17:43:00 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2010-02-08 09:57:53 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2010-02-26 18:58:29 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 15:31:10.37 ===============

    ark.txt :

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-08-16 15:57:14
    Windows 6.1.7600
    Running: gc90le17.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kglcapow.sys


    ---- System - GMER 1.0.15 ----

    INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83031AF8
    INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83031104
    INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830313F4
    INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83019634
    INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83019898
    INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830311DC
    INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83031958
    INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830316F8
    INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83031F2C
    INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830321A8

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C4A599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C6EF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text peauth.sys 98A2AC9D 28 Bytes [1E, 00, 6E, C2, C4, 9D, 9F, ...]
    .text peauth.sys 98A2ACC1 28 Bytes [1E, 00, 6E, C2, C4, 9D, 9F, ...]
    PAGE peauth.sys 98A30B9B 72 Bytes [67, 8A, AB, FB, 03, 32, 3C, ...]
    PAGE peauth.sys 98A30BEC 111 Bytes [50, 5E, 10, 79, F3, C1, 70, ...]
    PAGE peauth.sys 98A30E20 101 Bytes [26, A1, D9, 44, 28, B7, 47, ...]
    PAGE ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2472] USER32.dll!TrackPopupMenu 77EF4B3B 5 Bytes JMP 6674721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2844] ntdll.dll!LdrLoadDll 77DBF585 5 Bytes JMP 003613F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\ACPI_HAL \Device\00000055 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,220
    First Name:
    Derek
    nothing obvious there so

    * Run Kaspersky online virus scan Kaspersky Online Scanner.

    After the updates have downloaded, click on the "Scan Settings" button.
    select the (b)"Spyware, Adware, Dialers and other potentially dangerous programs" for the scan.
    Under "Please select a target to scan", click "My Computer".
    When the scan is finished, Save the results from the scan!

    Note: Kavscan is a scanner only & won't fix anything but will normally find the most infected files so it's report gives us a good place to work from

    If that won't run then
    Run an online antivirus check from one of the following sites

    http://www.eset.com/online-scanner
    http://www.pandasoftware.com/activescan/
    http://www.bitdefender.com/scan8/ie.html
     
  9. LittleBoyBob

    LittleBoyBob Thread Starter

    Joined:
    Aug 16, 2010
    Messages:
    6
    Keep getting "launch of Java application is interrupted!" error on the Kaspersky one. Will try another now.

    At this point I have to ask, aside from the description of the upload issues I've had, does that speedtest result actually look bad? I know upload speed will be lower, but the difference seems pretty big there to me. I'm no expert though, hence the thread here :D

    After so many things turning up clean I'm wondering if there's just something else wrong
     
  10. scotty562

    scotty562

    Joined:
    Aug 17, 2010
    Messages:
    6
    What speeds should you be getting? Your ISP may be limiting you.
     
  11. mdl1983

    mdl1983

    Joined:
    Jul 29, 2010
    Messages:
    95
    You could ask your ISP? Lol, see above (posted at same time)
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,220
    First Name:
    Derek
    upload will always be alot lower but should be about somewhere between 768k-1500k your 500k upload looks very low & might suggesta virus eating bandwith or might be normal for your ISP package

    A lot of ISP do heavily restrict upload as a way of preventing file sharing & P2P etc
     
  13. LittleBoyBob

    LittleBoyBob Thread Starter

    Joined:
    Aug 16, 2010
    Messages:
    6
    I would agree it may be them but the upload problem is a new issue, never had issues like this (ie 60 mb video having a 4 hour estimated upload time) before. Unless they've implemented some new change...

    I'll check it out.

    Panda activescan says: "Today you are not infected."

    Found 2 suspicious files (which to my knowledge are fine):

    c:\program files\sony setup\sound forge 8.0\sfpaplug.cab[sfpaplug.dll]
    c:\program files\getdata\recover my files\recovermyfiles.exe
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/943507

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice