MicroShader
Posts: 22 +0
I was wondering if someone here could help, or point me in the right direction/forum.
Here's the situation: Over the last few months we (family and myself) have been noticing that the internet has progressively been getting slower and slower. (No, we haven't run afoul of any caps or anything like that. The connection speed hasn't been fast enough to allow us to get that much data!) Being somewhat techno-savvy I've run S&D Spybot Scanner and Malwarebytes on our various computers and they have all come up clean, but I'm not 100% sure. I know that they miss one or two things beyond my expertise level, hence the post here.
The net connection comes into ASDL modem, hits a Switch/Router and then is split between 5 computers. We use to get about 50kB/s, now we're struggling to get 5-10 kB/s, regardless of which computers are on or the time of day.
Before we go complain to the ISP, I'd like to eliminate the computers as a possible source. I've made sure that all computers have Anti-viruses (avast!) and firewalls of various flavors.
My computer is running Windows 7 Pro, and Online Armor. I've noticed that my computer does occasionally shot off weird requests that appear on the firewall, but I've been putting that down to Windows 7 update. I haven't knowingly installed any Browser Helpers or anything like that... none that I can recall at the moment.
Please find the various logs from 8 step process for my computer. Do I need to run HiJackThis?
---- Malwarebytes Anti-Malware log----
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6113
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
21/03/2011 2:17:48 PM
mbam-log-2011-03-21 (14-17-48).txt
Scan type: Quick scan
Objects scanned: 151269
Time elapsed: 4 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
----GMER log ----
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-03-21 14:21:47
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3250318AS rev.CC44
Running: 3x1s5kki.exe; Driver: C:\Users\Michael\AppData\Local\Temp\ugloypob.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90AE582E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 851821F8
Device \Driver\atapi \Device\Ide\IdePort0 851821F8
Device \Driver\atapi \Device\Ide\IdePort1 851821F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 851821F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-2 851821F8
Device \Driver\a17te2sg \Device\Scsi\a17te2sg1Port2Path0Target0Lun0 864DD320
Device \Driver\a17te2sg \Device\Scsi\a17te2sg1 864DD320
Device \FileSystem\Ntfs \Ntfs 851841F8
Device \FileSystem\fastfat \Fat 873CE1F8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \Driver\tdx \Device\Ip OAmon.sys
Device \Driver\tdx \Device\Tcp OAmon.sys
Device \Driver\tdx \Device\Udp OAmon.sys
Device \Driver\tdx \Device\RawIp OAmon.sys
---- EOF - GMER 1.0.15 ----
---- DDS log: DDS.txt----
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Michael at 14:23:16.46 on Mon 21/03/2011
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.3070.2005 [GMT 10:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Online Armor Firewall *Enabled* {5841EF60-F43F-AE8D-642F-D79F12883626}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
D:\Program Files\Online Armor\OAcat.exe
D:\Program Files\Online Armor\oasrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
D:\Program Files\Ashampoo Magical Defrag 3\defragtaskbar.exe
D:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
D:\Program Files\Online Armor\oaui.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\System32\StikyNot.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\Program Files\Ashampoo Core Tuner\ACTHelperService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Ashampoo Magical Defrag 3\defragservice.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
D:\Program Files\Ashampoo Magical Defrag 3\defragmonitorservice.exe
D:\Program Files\Ashampoo Magical Defrag 3\defragActivityMonitor.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Users\Michael\Downloads\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\jr6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo!7 Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [PlayNC Launcher]
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DefragTaskBar] "d:\program files\ashampoo magical defrag 3\defragtaskbar.exe"
mRun: [Ashampoo Core Tuner] d:\program files\ashampoo core tuner\autostarter.exe
mRun: [WordWeb] "d:\program files\wordweb\wweb32.exe" -startup
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [@OnlineArmor GUI] "d:\program files\online armor\OAui.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with GetRight - d:\program files\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - d:\program files\getright\GRbrowse.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: {EB9D824D-F1DB-491F-A89D-B32705065FB3} = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - d:\progra~1\online~1\oaevent.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\2tnep8uy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\jr6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\jr6\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Amazon Toolbar: amznUWL@amazon.com - %profile%\extensions\amznUWL@amazon.com
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-14 294608]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-11-4 202064]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2010-9-2 38856]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-11-4 25000]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/01/13 23:32:39];c:\program files\cyberlink\powerdvd dx\000.fcl [2010-1-13 87536]
R2 acthelper;Ashampoo CoreTuner Helper Service;d:\program files\ashampoo core tuner\ACTHelperService.exe [2010-1-18 902488]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-4-7 176128]
R2 Ashampoo Defrag Service;Ashampoo Defrag Service;d:\program files\ashampoo magical defrag 3\defragservice.exe [2010-1-18 890208]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-14 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-14 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-20 40384]
R2 OAcat;Online Armor Helper Service;d:\program files\online armor\oacat.exe [2010-11-4 380784]
R2 SBSDWSCService;SBSD Security Center Service;d:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-18 1153368]
R2 SvcOnlineArmor;Online Armor;d:\program files\online armor\oasrv.exe [2010-11-4 3653208]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-26 7566848]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-26 238592]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-14 229888]
R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2010-11-4 29120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 DfSdkS;Defragmentation-Service;d:\program files\ashampoo winoptimizer 6\DfSdkS.exe [2010-1-18 406016]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-27 1343400]
.
=============== Created Last 30 ================
.
2011-03-09 23:39:06 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 23:39:06 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 23:39:06 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 23:39:02 850944 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 23:39:02 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 23:39:02 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 23:39:02 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-03 23:31:43 -------- d-----w- c:\users\michael\appdata\local\assembly
2011-03-01 00:05:45 -------- d-----w- c:\windows\system32\SPReview
2011-03-01 00:04:55 -------- d-----w- c:\windows\system32\EventProviders
2011-03-01 00:01:04 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-02-28 23:59:59 933376 ----a-w- c:\windows\system32\Vault.dll
2011-02-28 23:58:53 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-02-28 23:58:53 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-02-28 23:58:52 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-02-28 23:58:52 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-02-28 23:58:35 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-02-28 23:58:26 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-02-28 23:58:26 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-02-28 23:57:58 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-02-28 23:57:58 257024 ----a-w- c:\windows\system32\dpx.dll
2011-02-28 23:16:58 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-28 23:16:58 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-28 23:16:32 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-02-28 23:16:32 161792 ----a-w- c:\windows\system32\d3d10_1.dll
.
==================== Find3M ====================
.
2011-03-01 00:32:36 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-02 11:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-26 13:00:46 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-26 13:00:32 596480 ----a-w- c:\windows\system32\aticfx32.dll
2011-01-26 12:59:48 17204736 ----a-w- c:\windows\system32\atioglxx.dll
2011-01-26 12:56:30 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-26 12:55:56 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-26 12:55:26 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-26 12:54:12 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-01-26 12:53:56 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-01-26 12:53:44 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-01-26 12:53:36 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-26 12:53:28 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-01-26 12:49:46 4105728 ----a-w- c:\windows\system32\atidxx32.dll
2011-01-26 12:32:14 1912832 ----a-w- c:\windows\system32\atiumdmv.dll
2011-01-26 12:28:54 4170752 ----a-w- c:\windows\system32\atiumdag.dll
2011-01-26 12:27:52 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-01-26 12:27:42 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-01-26 12:25:52 5580800 ----a-w- c:\windows\system32\aticaldd.dll
2011-01-26 12:24:20 3463680 ----a-w- c:\windows\system32\atiumdva.dll
2011-01-26 12:20:46 52736 ----a-w- c:\windows\system32\coinst.dll
2011-01-26 12:14:08 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-26 12:13:54 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-01-26 12:13:44 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-01-26 12:12:42 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2011-01-26 12:12:26 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2011-01-26 12:12:00 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2011-01-26 12:08:42 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-01-26 12:08:42 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr
2011-01-07 07:45:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 06:01:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-07 05:43:36 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:55:55 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:51:01 2330624 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 14:26:19.87 ===============
---- DDS log: Attach.txt ----
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 14/01/2010 1:16:07 AM
System Uptime: 21/03/2011 2:02:32 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0T656F
Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz | CPU | 2793/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 125 GiB total, 78.456 GiB free.
D: is FIXED (NTFS) - 50 GiB total, 39.067 GiB free.
E: is FIXED (NTFS) - 58 GiB total, 33.263 GiB free.
F: is FIXED (NTFS) - 50 GiB total, 29.761 GiB free.
G: is FIXED (NTFS) - 50 GiB total, 4.222 GiB free.
H: is FIXED (NTFS) - 50 GiB total, 24.88 GiB free.
I: is FIXED (NTFS) - 50 GiB total, 22.662 GiB free.
J: is FIXED (NTFS) - 50 GiB total, 24.348 GiB free.
K: is FIXED (NTFS) - 50 GiB total, 25.22 GiB free.
L: is FIXED (NTFS) - 50 GiB total, 16.657 GiB free.
M: is FIXED (NTFS) - 75 GiB total, 0.166 GiB free.
N: is CDROM (CDFS)
O: is Removable
P: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP325: 6/03/2011 9:59:23 PM - Windows Backup
RP326: 7/03/2011 2:16:57 PM - Installed Java(TM) 6 Update 24
RP327: 10/03/2011 9:39:59 AM - Windows Update
RP328: 13/03/2011 7:40:31 PM - Windows Backup
RP329: 20/03/2011 7:00:22 PM - Windows Backup
RP331: 20/03/2011 7:24:49 PM - Windows Backup
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Adobe Shockwave Player 11.5
AMD Drag and Drop Transcoding
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 9.21
Ashampoo Core Tuner 1.20
Ashampoo Magical Defrag 3
Ashampoo WinOptimizer 6.50
ATI Catalyst Install Manager
µTorrent
avast! Free Antivirus
Bing Bar
Bing Bar Platform
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
ConvertHelper 2.2
Crazy Machines
Crazy Machines 1.5 Inventors Training Camp
Crazy Machines 1.5 New from the Lab
Crazy Machines 2
D3DX10
e-tax 2010
Evil Genius
GetRight
GIMP 2.6.8
Hospital Tycoon
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
Jade Empire: Special Edition
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
Just Great Software EditPad Lite 6.6.0
K-Lite Mega Codec Pack 3.8.0
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mids' Hero/Villain Designer
MozBackup 1.4.10
Mozilla Firefox (3.6.13)
Mozilla Thunderbird (3.1.9)
MSVCRT
NCsoft Launcher
NVIDIA PhysX v8.09.04
Online Armor 4.0
OpenAL
Portal
PowerDVD DX
QuickTime
Safecracker: The Ultimate Puzzle Adventure
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Spybot - Search & Destroy
Steam
The Lord of the Rings FREE Trial
Twin Sector
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2508979)
V*****Maps Map Overlay
Warhammer 40,000: Dawn Of War - Gold Edition
Watchtower Library 2010 - English
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
WordWeb
Yahoo! Software Update
Yahoo!7 Messenger
Yahoo!7 Toolbar
.
==== Event Viewer Messages From Past Week ========
.
21/03/2011 2:02:09 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
21/03/2011 1:54:28 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
20/03/2011 7:31:42 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
20/03/2011 7:25:50 PM, Error: volsnap [35] - The shadow copies of volume M: were aborted because the shadow copy storage failed to grow.
20/03/2011 7:24:42 PM, Error: volsnap [9] - The flush and hold writes operation on volume C: timed out while waiting for file system cleanup.
20/03/2011 7:18:36 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
18/03/2011 9:56:07 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
15/03/2011 9:40:56 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.151. The computer with the IP address 192.168.0.147 did not allow the name to be claimed by this computer.
14/03/2011 9:58:52 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================
Here's the situation: Over the last few months we (family and myself) have been noticing that the internet has progressively been getting slower and slower. (No, we haven't run afoul of any caps or anything like that. The connection speed hasn't been fast enough to allow us to get that much data!) Being somewhat techno-savvy I've run S&D Spybot Scanner and Malwarebytes on our various computers and they have all come up clean, but I'm not 100% sure. I know that they miss one or two things beyond my expertise level, hence the post here.
The net connection comes into ASDL modem, hits a Switch/Router and then is split between 5 computers. We use to get about 50kB/s, now we're struggling to get 5-10 kB/s, regardless of which computers are on or the time of day.
Before we go complain to the ISP, I'd like to eliminate the computers as a possible source. I've made sure that all computers have Anti-viruses (avast!) and firewalls of various flavors.
My computer is running Windows 7 Pro, and Online Armor. I've noticed that my computer does occasionally shot off weird requests that appear on the firewall, but I've been putting that down to Windows 7 update. I haven't knowingly installed any Browser Helpers or anything like that... none that I can recall at the moment.
Please find the various logs from 8 step process for my computer. Do I need to run HiJackThis?
---- Malwarebytes Anti-Malware log----
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6113
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
21/03/2011 2:17:48 PM
mbam-log-2011-03-21 (14-17-48).txt
Scan type: Quick scan
Objects scanned: 151269
Time elapsed: 4 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
----GMER log ----
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-03-21 14:21:47
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3250318AS rev.CC44
Running: 3x1s5kki.exe; Driver: C:\Users\Michael\AppData\Local\Temp\ugloypob.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x90AE582E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 851821F8
Device \Driver\atapi \Device\Ide\IdePort0 851821F8
Device \Driver\atapi \Device\Ide\IdePort1 851821F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 851821F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-2 851821F8
Device \Driver\a17te2sg \Device\Scsi\a17te2sg1Port2Path0Target0Lun0 864DD320
Device \Driver\a17te2sg \Device\Scsi\a17te2sg1 864DD320
Device \FileSystem\Ntfs \Ntfs 851841F8
Device \FileSystem\fastfat \Fat 873CE1F8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \Driver\tdx \Device\Ip OAmon.sys
Device \Driver\tdx \Device\Tcp OAmon.sys
Device \Driver\tdx \Device\Udp OAmon.sys
Device \Driver\tdx \Device\RawIp OAmon.sys
---- EOF - GMER 1.0.15 ----
---- DDS log: DDS.txt----
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Michael at 14:23:16.46 on Mon 21/03/2011
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.3070.2005 [GMT 10:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Online Armor Firewall *Enabled* {5841EF60-F43F-AE8D-642F-D79F12883626}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
D:\Program Files\Online Armor\OAcat.exe
D:\Program Files\Online Armor\oasrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
D:\Program Files\Ashampoo Magical Defrag 3\defragtaskbar.exe
D:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
D:\Program Files\Online Armor\oaui.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\System32\StikyNot.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\Program Files\Ashampoo Core Tuner\ACTHelperService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Ashampoo Magical Defrag 3\defragservice.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
D:\Program Files\Ashampoo Magical Defrag 3\defragmonitorservice.exe
D:\Program Files\Ashampoo Magical Defrag 3\defragActivityMonitor.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Users\Michael\Downloads\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\jr6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo!7 Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [SpybotSD TeaTimer] d:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [PlayNC Launcher]
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DefragTaskBar] "d:\program files\ashampoo magical defrag 3\defragtaskbar.exe"
mRun: [Ashampoo Core Tuner] d:\program files\ashampoo core tuner\autostarter.exe
mRun: [WordWeb] "d:\program files\wordweb\wweb32.exe" -startup
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [@OnlineArmor GUI] "d:\program files\online armor\OAui.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with GetRight - d:\program files\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - d:\program files\getright\GRbrowse.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: {EB9D824D-F1DB-491F-A89D-B32705065FB3} = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - d:\progra~1\online~1\oaevent.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\2tnep8uy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\jr6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\jr6\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Amazon Toolbar: amznUWL@amazon.com - %profile%\extensions\amznUWL@amazon.com
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-14 294608]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-11-4 202064]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2010-9-2 38856]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-11-4 25000]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/01/13 23:32:39];c:\program files\cyberlink\powerdvd dx\000.fcl [2010-1-13 87536]
R2 acthelper;Ashampoo CoreTuner Helper Service;d:\program files\ashampoo core tuner\ACTHelperService.exe [2010-1-18 902488]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-4-7 176128]
R2 Ashampoo Defrag Service;Ashampoo Defrag Service;d:\program files\ashampoo magical defrag 3\defragservice.exe [2010-1-18 890208]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-14 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-14 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-1-20 40384]
R2 OAcat;Online Armor Helper Service;d:\program files\online armor\oacat.exe [2010-11-4 380784]
R2 SBSDWSCService;SBSD Security Center Service;d:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-18 1153368]
R2 SvcOnlineArmor;Online Armor;d:\program files\online armor\oasrv.exe [2010-11-4 3653208]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-26 7566848]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-26 238592]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-14 229888]
R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2010-11-4 29120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 DfSdkS;Defragmentation-Service;d:\program files\ashampoo winoptimizer 6\DfSdkS.exe [2010-1-18 406016]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-27 1343400]
.
=============== Created Last 30 ================
.
2011-03-09 23:39:06 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 23:39:06 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 23:39:06 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 23:39:02 850944 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 23:39:02 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 23:39:02 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 23:39:02 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-03 23:31:43 -------- d-----w- c:\users\michael\appdata\local\assembly
2011-03-01 00:05:45 -------- d-----w- c:\windows\system32\SPReview
2011-03-01 00:04:55 -------- d-----w- c:\windows\system32\EventProviders
2011-03-01 00:01:04 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-02-28 23:59:59 933376 ----a-w- c:\windows\system32\Vault.dll
2011-02-28 23:58:53 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-02-28 23:58:53 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-02-28 23:58:52 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-02-28 23:58:52 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-02-28 23:58:35 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-02-28 23:58:26 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-02-28 23:58:26 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-02-28 23:57:58 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-02-28 23:57:58 257024 ----a-w- c:\windows\system32\dpx.dll
2011-02-28 23:16:58 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-28 23:16:58 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-28 23:16:32 219136 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-02-28 23:16:32 161792 ----a-w- c:\windows\system32\d3d10_1.dll
.
==================== Find3M ====================
.
2011-03-01 00:32:36 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-02 11:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-26 13:00:46 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-26 13:00:32 596480 ----a-w- c:\windows\system32\aticfx32.dll
2011-01-26 12:59:48 17204736 ----a-w- c:\windows\system32\atioglxx.dll
2011-01-26 12:56:30 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-26 12:55:56 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-26 12:55:26 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-26 12:54:12 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-01-26 12:53:56 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-01-26 12:53:44 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-01-26 12:53:36 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-26 12:53:28 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-01-26 12:49:46 4105728 ----a-w- c:\windows\system32\atidxx32.dll
2011-01-26 12:32:14 1912832 ----a-w- c:\windows\system32\atiumdmv.dll
2011-01-26 12:28:54 4170752 ----a-w- c:\windows\system32\atiumdag.dll
2011-01-26 12:27:52 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-01-26 12:27:42 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-01-26 12:25:52 5580800 ----a-w- c:\windows\system32\aticaldd.dll
2011-01-26 12:24:20 3463680 ----a-w- c:\windows\system32\atiumdva.dll
2011-01-26 12:20:46 52736 ----a-w- c:\windows\system32\coinst.dll
2011-01-26 12:14:08 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-26 12:13:54 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-01-26 12:13:44 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-01-26 12:12:42 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2011-01-26 12:12:26 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2011-01-26 12:12:00 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2011-01-26 12:08:42 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-01-26 12:08:42 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr
2011-01-07 07:45:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 06:01:22 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-01-07 05:43:36 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 05:55:55 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-01-05 03:51:01 2330624 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 14:26:19.87 ===============
---- DDS log: Attach.txt ----
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 14/01/2010 1:16:07 AM
System Uptime: 21/03/2011 2:02:32 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0T656F
Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz | CPU | 2793/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 125 GiB total, 78.456 GiB free.
D: is FIXED (NTFS) - 50 GiB total, 39.067 GiB free.
E: is FIXED (NTFS) - 58 GiB total, 33.263 GiB free.
F: is FIXED (NTFS) - 50 GiB total, 29.761 GiB free.
G: is FIXED (NTFS) - 50 GiB total, 4.222 GiB free.
H: is FIXED (NTFS) - 50 GiB total, 24.88 GiB free.
I: is FIXED (NTFS) - 50 GiB total, 22.662 GiB free.
J: is FIXED (NTFS) - 50 GiB total, 24.348 GiB free.
K: is FIXED (NTFS) - 50 GiB total, 25.22 GiB free.
L: is FIXED (NTFS) - 50 GiB total, 16.657 GiB free.
M: is FIXED (NTFS) - 75 GiB total, 0.166 GiB free.
N: is CDROM (CDFS)
O: is Removable
P: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP325: 6/03/2011 9:59:23 PM - Windows Backup
RP326: 7/03/2011 2:16:57 PM - Installed Java(TM) 6 Update 24
RP327: 10/03/2011 9:39:59 AM - Windows Update
RP328: 13/03/2011 7:40:31 PM - Windows Backup
RP329: 20/03/2011 7:00:22 PM - Windows Backup
RP331: 20/03/2011 7:24:49 PM - Windows Backup
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Adobe Shockwave Player 11.5
AMD Drag and Drop Transcoding
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 9.21
Ashampoo Core Tuner 1.20
Ashampoo Magical Defrag 3
Ashampoo WinOptimizer 6.50
ATI Catalyst Install Manager
µTorrent
avast! Free Antivirus
Bing Bar
Bing Bar Platform
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
ConvertHelper 2.2
Crazy Machines
Crazy Machines 1.5 Inventors Training Camp
Crazy Machines 1.5 New from the Lab
Crazy Machines 2
D3DX10
e-tax 2010
Evil Genius
GetRight
GIMP 2.6.8
Hospital Tycoon
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
Jade Empire: Special Edition
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
Just Great Software EditPad Lite 6.6.0
K-Lite Mega Codec Pack 3.8.0
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mids' Hero/Villain Designer
MozBackup 1.4.10
Mozilla Firefox (3.6.13)
Mozilla Thunderbird (3.1.9)
MSVCRT
NCsoft Launcher
NVIDIA PhysX v8.09.04
Online Armor 4.0
OpenAL
Portal
PowerDVD DX
QuickTime
Safecracker: The Ultimate Puzzle Adventure
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Spybot - Search & Destroy
Steam
The Lord of the Rings FREE Trial
Twin Sector
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2508979)
V*****Maps Map Overlay
Warhammer 40,000: Dawn Of War - Gold Edition
Watchtower Library 2010 - English
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
WordWeb
Yahoo! Software Update
Yahoo!7 Messenger
Yahoo!7 Toolbar
.
==== Event Viewer Messages From Past Week ========
.
21/03/2011 2:02:09 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
21/03/2011 1:54:28 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
20/03/2011 7:31:42 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
20/03/2011 7:25:50 PM, Error: volsnap [35] - The shadow copies of volume M: were aborted because the shadow copy storage failed to grow.
20/03/2011 7:24:42 PM, Error: volsnap [9] - The flush and hold writes operation on volume C: timed out while waiting for file system cleanup.
20/03/2011 7:18:36 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
18/03/2011 9:56:07 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
15/03/2011 9:40:56 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.151. The computer with the IP address 192.168.0.147 did not allow the name to be claimed by this computer.
14/03/2011 9:58:52 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================