Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Response - Please Help


  • This topic is locked This topic is locked
9 replies to this topic

#1 TakkiBleepo

TakkiBleepo

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 21 April 2011 - 05:58 AM

Hi,

My notebook response has been so slow for the past 2 weeks. I don't remember installing harmful software before the problem began.
I am running on Vista Home Premium 32-bit with 4GB RAM.

This slowness happens to me whether I am connect to the internet or not and also in safe mode. However, it does not occur all the time.
For instance, I could begin typing this post normally but there is also time period when it takes about 5 seconds for the letters to appear on the screen or when I scroll up and down or open a folder in windows explorer. This lag time happens to all of my office applications, IE, windows explorer or even when I right-click on the desktop screen while there is no other application running.

I tried running online scan, e.g. BitDefender, ESET and some of the free malware programs like IObit Security 360 and Malwarebyte's Antispyware but found nothing. I also have Symantec AV installed since I bought this computer. I know this is quite heavily loaded but why my problem only just occured recently.

I also tried disable a few start-up programs in msconfig but to no avail. I suspect that my notebook is infected beyond my little knowledge to solve it. That's why I am here asking for your help.

Below is my DSS LOG:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Acer at 11:02:15.44 on Thu 21/04/2011
Internet Explorer: 8.0.6001.18928
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Enabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Acer Bio Protection\BASVC.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer Bio Protection\PdtWzd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
C:\Windows\system32\igfxext.exe
C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer Bio Protection\PwdBank.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\Users\Acer\AppData\Local\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Users\Acer\AppData\Local\Temp\Adobelm_Cleanup.0001
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Acer\Desktop\TakkiBleePC\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\idm\quickf~1\plugins\IEHelp.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [VitaKeyPdtWzd] "c:\program files\acer bio protection\PdtWzd.exe"
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTrayLauncher.exe
mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -k
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:\users\acer\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer bio protection\PwdBank.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {18657A9A-FBA1-4773-9C79-FB2F5A4C69BE} = 119.46.78.98 61.91.211.78
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = c:\program files\acer bio protection\PwdFilter
.
============= SERVICES / DRIVERS ===============
.
R0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2008-7-11 42608]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2009-3-22 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer powersmart manager\ePowerSvc.exe [2009-7-12 703008]
R2 IGBASVC;EgisTec Service;c:\program files\acer bio protection\BASVC.exe [2009-3-25 3443712]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2011-4-18 312152]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2008-10-9 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2008-10-9 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2008-10-9 59952]
R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2008-10-27 306736]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-4-1 54528]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-7-12 237568]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-11-28 1962136]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-5-26 599344]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-4-8 102448]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-9-4 223232]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-5-26 40752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]
.
=============== Created Last 30 ================
.
2011-04-19 21:08:45 -------- d--h--w- c:\windows\PIF
2011-04-19 18:43:10 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{36eeae60-cac9-41d9-ab5a-b008933fc2e0}\mpengine.dll
2011-04-19 09:03:55 -------- d-----w- c:\users\acer\IOption
2011-04-19 09:03:55 -------- d-----w- c:\progra~2\BackupManager
2011-04-18 06:25:39 -------- d-----w- c:\users\acer\appdata\roaming\IObit
2011-04-18 06:25:39 -------- d-----w- c:\progra~2\IObit
2011-04-18 06:25:31 -------- d-----w- c:\program files\IObit
2011-04-18 03:14:22 -------- d-----w- c:\users\acer\appdata\roaming\Malwarebytes
2011-04-18 03:14:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-18 03:14:15 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-18 03:14:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-18 03:14:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-12 07:08:00 -------- d-----w- c:\windows\pss
2011-04-11 13:24:48 -------- d-----w- c:\windows\system32\x64
.
==================== Find3M ====================
.
2011-02-11 12:26:38 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2011-02-11 12:26:36 948760 ----a-w- c:\windows\system32\igxpun.exe
2011-02-11 12:26:32 137752 ----a-w- c:\windows\system32\igfxtray.exe
2011-02-11 12:26:30 267800 ----a-w- c:\windows\system32\igfxsrvc.exe
2011-02-11 12:26:30 172568 ----a-w- c:\windows\system32\igfxpers.exe
2011-02-11 12:26:28 179224 ----a-w- c:\windows\system32\igfxext.exe
2011-02-11 12:26:26 171032 ----a-w- c:\windows\system32\hkcmd.exe
2011-02-11 12:26:22 3157528 ----a-w- c:\windows\system32\GfxUI.exe
2011-02-11 12:20:00 81920 ----a-w- c:\windows\system32\igfxCoIn_v2302.dll
2011-02-11 12:12:16 4967424 ----a-w- c:\windows\system32\igdumd32.dll
2011-02-11 12:10:52 439308 ----a-w- c:\windows\system32\igcompkrng500.bin
2011-02-11 12:10:50 982240 ----a-w- c:\windows\system32\igkrng500.bin
2011-02-11 12:10:50 92356 ----a-w- c:\windows\system32\igfcg500m.bin
2011-02-11 12:09:48 571904 ----a-w- c:\windows\system32\igdumdx32.dll
2011-02-11 12:04:40 4411392 ----a-w- c:\windows\system32\igd10umd32.dll
2011-02-11 11:51:10 11039744 ----a-w- c:\windows\system32\ig4icd32.dll
2011-02-11 11:41:30 261632 ----a-w- c:\windows\system32\igfxTMM.dll
2011-02-11 11:41:30 195584 ----a-w- c:\windows\system32\igfxpph.dll
2011-02-11 11:41:30 115200 ----a-w- c:\windows\system32\igfxcpl.cpl
2011-02-11 11:41:28 23552 ----a-w- c:\windows\system32\igfxexps.dll
2011-02-11 11:41:12 57856 ----a-w- c:\windows\system32\igfxsrvc.dll
2011-02-11 11:40:56 130048 ----a-w- c:\windows\system32\igfxdo.dll
2011-02-11 11:40:48 95232 ----a-w- c:\windows\system32\hccutils.dll
2011-02-11 11:40:42 120320 ----a-w- c:\windows\system32\gfxSrvc.dll
2011-02-11 11:40:40 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2011-02-11 11:40:38 85504 ----a-w- c:\windows\system32\igfxrenu.lrc
2011-02-11 11:40:38 828928 ----a-w- c:\windows\system32\igfxress.dll
2011-02-11 11:40:38 228864 ----a-w- c:\windows\system32\igfxdev.dll
2011-02-11 11:35:00 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-02-11 11:35:00 208896 ----a-w- c:\windows\system32\iglhsip32.dll
2011-02-11 11:35:00 147456 ----a-w- c:\windows\system32\iglhcp32.dll
2011-02-02 11:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-24 06:55:31 18760 ----a-w- c:\windows\system32\QQVistaHelper.dll
.
============= FINISH: 11:04:08.80 ===============

For some reason I could not complete Gmer scan.
Both times I tried, I ended up with the blue screen.

I guess that concludes my post.
I'd like to thanks you guys in advance for helping me out because this has been really frustrating and bugging me.

Cheers,
Takki

Attached Files



BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:57 PM

Posted 30 April 2011 - 03:15 PM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log




Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 TakkiBleepo

TakkiBleepo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 02 May 2011 - 10:01 PM

Hi Elle,

Thanks for helping me out.
I have disconnected from the internet & disabled all my A/V protection, and below is my DSS log.
I ran Defogger and tried to run Gmer but still could not finish it because of the bluescreen. This happens every time I run Gmer.

Cheers,
Takki

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Acer at 9:38:33.02 on Tue 03/05/2011
Internet Explorer: 8.0.6001.18928
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Acer Bio Protection\BASVC.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Cyberlink\PowerDVD\PDVDServ.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Acer Bio Protection\PwdBank.exe
C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\conime.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\FirewallControlPanel.exe
E:\Takki Document\Download Program\Security\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\idm\quickf~1\plugins\IEHelp.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [<NO NAME>]
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [VitaKeyPdtWzd] "c:\program files\acer bio protection\PdtWzd.exe"
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTrayLauncher.exe
mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -k
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [<NO NAME>]
dRunOnce: [<NO NAME>]
StartupFolder: c:\users\acer\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer bio protection\PwdBank.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {18657A9A-FBA1-4773-9C79-FB2F5A4C69BE} = 119.46.78.98 61.91.211.78
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = c:\program files\acer bio protection\PwdFilter
.
============= SERVICES / DRIVERS ===============
.
R0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2008-7-11 42608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2009-3-22 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer powersmart manager\ePowerSvc.exe [2009-7-12 703008]
R2 IGBASVC;EgisTec Service;c:\program files\acer bio protection\BASVC.exe [2009-3-25 3443712]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2011-4-18 312152]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2008-10-9 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2008-10-9 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2008-10-9 59952]
R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2008-10-27 306736]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-4-1 54528]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-4-22 102448]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-9-4 223232]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-5-26 40752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-11 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
.
=============== Created Last 30 ================
.
2011-04-27 18:21:16 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-27 18:13:05 -------- d-----w- c:\users\acer\appdata\local\temp
2011-04-26 03:44:00 -------- d-----w- c:\users\acer\appdata\roaming\SUPERAntiSpyware.com
2011-04-26 03:44:00 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-04-26 03:43:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-26 02:59:51 -------- d-----w- c:\program files\CCleaner
2011-04-25 05:27:49 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{db943420-f7ee-4922-82ce-288f396a33af}\mpengine.dll
2011-04-19 21:08:45 -------- d--h--w- c:\windows\PIF
2011-04-19 09:03:55 -------- d-----w- c:\users\acer\IOption
2011-04-19 09:03:55 -------- d-----w- c:\progra~2\BackupManager
2011-04-18 06:25:39 -------- d-----w- c:\users\acer\appdata\roaming\IObit
2011-04-18 06:25:39 -------- d-----w- c:\progra~2\IObit
2011-04-18 06:25:31 -------- d-----w- c:\program files\IObit
2011-04-18 03:14:22 -------- d-----w- c:\users\acer\appdata\roaming\Malwarebytes
2011-04-18 03:14:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-18 03:14:15 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-18 03:14:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-18 03:14:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-12 07:08:00 -------- d-----w- c:\windows\pss
2011-04-11 13:24:48 -------- d-----w- c:\windows\system32\x64
.
==================== Find3M ====================
.
2011-04-28 15:31:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-11 12:26:38 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2011-02-11 12:26:36 948760 ----a-w- c:\windows\system32\igxpun.exe
2011-02-11 12:26:32 137752 ----a-w- c:\windows\system32\igfxtray.exe
2011-02-11 12:26:30 267800 ----a-w- c:\windows\system32\igfxsrvc.exe
2011-02-11 12:26:30 172568 ----a-w- c:\windows\system32\igfxpers.exe
2011-02-11 12:26:28 179224 ----a-w- c:\windows\system32\igfxext.exe
2011-02-11 12:26:26 171032 ----a-w- c:\windows\system32\hkcmd.exe
2011-02-11 12:26:22 3157528 ----a-w- c:\windows\system32\GfxUI.exe
2011-02-11 12:20:00 81920 ----a-w- c:\windows\system32\igfxCoIn_v2302.dll
2011-02-11 12:12:16 4967424 ----a-w- c:\windows\system32\igdumd32.dll
2011-02-11 12:10:52 439308 ----a-w- c:\windows\system32\igcompkrng500.bin
2011-02-11 12:10:50 982240 ----a-w- c:\windows\system32\igkrng500.bin
2011-02-11 12:10:50 92356 ----a-w- c:\windows\system32\igfcg500m.bin
2011-02-11 12:09:48 571904 ----a-w- c:\windows\system32\igdumdx32.dll
2011-02-11 12:04:40 4411392 ----a-w- c:\windows\system32\igd10umd32.dll
2011-02-11 11:51:10 11039744 ----a-w- c:\windows\system32\ig4icd32.dll
2011-02-11 11:41:30 261632 ----a-w- c:\windows\system32\igfxTMM.dll
2011-02-11 11:41:30 195584 ----a-w- c:\windows\system32\igfxpph.dll
2011-02-11 11:41:30 115200 ----a-w- c:\windows\system32\igfxcpl.cpl
2011-02-11 11:41:28 23552 ----a-w- c:\windows\system32\igfxexps.dll
2011-02-11 11:41:12 57856 ----a-w- c:\windows\system32\igfxsrvc.dll
2011-02-11 11:40:56 130048 ----a-w- c:\windows\system32\igfxdo.dll
2011-02-11 11:40:48 95232 ----a-w- c:\windows\system32\hccutils.dll
2011-02-11 11:40:42 120320 ----a-w- c:\windows\system32\gfxSrvc.dll
2011-02-11 11:40:40 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2011-02-11 11:40:38 85504 ----a-w- c:\windows\system32\igfxrenu.lrc
2011-02-11 11:40:38 828928 ----a-w- c:\windows\system32\igfxress.dll
2011-02-11 11:40:38 228864 ----a-w- c:\windows\system32\igfxdev.dll
2011-02-11 11:35:00 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-02-11 11:35:00 208896 ----a-w- c:\windows\system32\iglhsip32.dll
2011-02-11 11:35:00 147456 ----a-w- c:\windows\system32\iglhcp32.dll
2011-02-02 11:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 9:40:30.31 ===============

#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:57 AM

Posted 07 May 2011 - 01:55 PM

Hi TakkiBleepo,



Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. :welcome:
My name is sundavis, I will be helping you to deal with your Malware problems today.


Step1

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\TDSSKiller folder). Please copy and paste the contents of that file here.


Step2

  • Please download OTL and save it to your desktop.
  • Double click on the icon on your desktop.
  • Under the Standard Registry box change it to All
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste the following bolded text:



    /md5start
    explorer.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    /md5stop
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    C:\program files\common files\data\* /s
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90


  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • OTListIt.txt <-- Will be opened and Extra.txt <-- Will be minimized
  • Copy and paste both logs back here in your next reply.


In your next reply, please post back:

1.TDSSKiller log
2.OTListIt.txt and Extra.txt Thanks

#5 TakkiBleepo

TakkiBleepo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 08 May 2011 - 09:59 PM

Hi sundavis,

Thanks for your reply.
Please find all the requested log and attached .txt files.

Thanks again in advance for your help.

Cheers,
Takki

TDSSKiller:

2011/05/09 09:17:13.0009 5544 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/09 09:17:13.0071 5544 ================================================================================
2011/05/09 09:17:13.0071 5544 SystemInfo:
2011/05/09 09:17:13.0071 5544
2011/05/09 09:17:13.0071 5544 OS Version: 6.0.6001 ServicePack: 1.0
2011/05/09 09:17:13.0071 5544 Product type: Workstation
2011/05/09 09:17:13.0071 5544 ComputerName: ACER-PC
2011/05/09 09:17:13.0071 5544 UserName: Acer
2011/05/09 09:17:13.0071 5544 Windows directory: C:\Windows
2011/05/09 09:17:13.0071 5544 System windows directory: C:\Windows
2011/05/09 09:17:13.0071 5544 Processor architecture: Intel x86
2011/05/09 09:17:13.0071 5544 Number of processors: 2
2011/05/09 09:17:13.0071 5544 Page size: 0x1000
2011/05/09 09:17:13.0071 5544 Boot type: Normal boot
2011/05/09 09:17:13.0071 5544 ================================================================================
2011/05/09 09:17:13.0555 5544 Initialize success
2011/05/09 09:17:22.0322 2088 ================================================================================
2011/05/09 09:17:25.0910 2088 Scan started
2011/05/09 09:17:25.0910 2088 Mode: Manual;
2011/05/09 09:17:25.0910 2088 ================================================================================
2011/05/09 09:17:27.0392 2088 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/05/09 09:17:27.0454 2088 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/09 09:17:27.0673 2088 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/09 09:17:27.0891 2088 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/09 09:17:28.0000 2088 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/09 09:17:28.0156 2088 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/05/09 09:17:28.0281 2088 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/05/09 09:17:28.0390 2088 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/09 09:17:28.0421 2088 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/09 09:17:28.0515 2088 AlfaFF (4490b8bdf38750458eb9b24835fda8fe) C:\Windows\system32\drivers\AlfaFF.sys
2011/05/09 09:17:28.0609 2088 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/09 09:17:28.0702 2088 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/09 09:17:28.0796 2088 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/09 09:17:28.0905 2088 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/09 09:17:28.0936 2088 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/09 09:17:29.0045 2088 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/09 09:17:29.0092 2088 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/09 09:17:29.0217 2088 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/09 09:17:29.0248 2088 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/05/09 09:17:29.0295 2088 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/09 09:17:29.0389 2088 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/09 09:17:29.0545 2088 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/09 09:17:29.0701 2088 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/09 09:17:29.0825 2088 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/09 09:17:29.0857 2088 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/09 09:17:29.0935 2088 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/09 09:17:29.0981 2088 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/09 09:17:30.0013 2088 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/09 09:17:30.0091 2088 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/09 09:17:30.0137 2088 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/09 09:17:30.0231 2088 BTHMODEM (5ffa6988ff9597986ff2ada736cc90c0) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/09 09:17:30.0293 2088 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/09 09:17:30.0403 2088 BTHPORT (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys
2011/05/09 09:17:30.0512 2088 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/09 09:17:30.0559 2088 btwaudio (3ea1a20dc0ca1ad23e7aa8c37a91bcd1) C:\Windows\system32\drivers\btwaudio.sys
2011/05/09 09:17:30.0652 2088 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
2011/05/09 09:17:30.0746 2088 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/05/09 09:17:30.0871 2088 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/09 09:17:30.0917 2088 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/09 09:17:30.0995 2088 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/09 09:17:31.0105 2088 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/05/09 09:17:31.0261 2088 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/09 09:17:31.0292 2088 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/09 09:17:31.0385 2088 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/09 09:17:31.0448 2088 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/09 09:17:31.0526 2088 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/09 09:17:31.0666 2088 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/05/09 09:17:31.0775 2088 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/05/09 09:17:31.0885 2088 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/05/09 09:17:31.0994 2088 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/09 09:17:32.0119 2088 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/09 09:17:32.0228 2088 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/09 09:17:32.0275 2088 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/05/09 09:17:32.0384 2088 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/09 09:17:32.0540 2088 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/09 09:17:32.0680 2088 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/09 09:17:32.0805 2088 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/09 09:17:32.0945 2088 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/05/09 09:17:33.0039 2088 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/05/09 09:17:33.0070 2088 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/09 09:17:33.0164 2088 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/09 09:17:33.0257 2088 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/09 09:17:33.0304 2088 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/09 09:17:33.0351 2088 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/05/09 09:17:33.0460 2088 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/09 09:17:33.0554 2088 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) C:\Windows\system32\drivers\ftdibus.sys
2011/05/09 09:17:33.0663 2088 FTSER2K (23220a4709cc5785f9633ba71416145c) C:\Windows\system32\drivers\ftser2k.sys
2011/05/09 09:17:33.0757 2088 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/09 09:17:33.0913 2088 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/05/09 09:17:33.0991 2088 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/09 09:17:34.0084 2088 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/09 09:17:34.0115 2088 HidBth (204c3b1846e9cbaaef88b8e1f86782f8) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/09 09:17:34.0225 2088 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/09 09:17:34.0318 2088 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/09 09:17:34.0381 2088 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/09 09:17:34.0490 2088 HTTP (e046fbc483b041a41b1e922c97cfcc0d) C:\Windows\system32\drivers\HTTP.sys
2011/05/09 09:17:34.0583 2088 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/09 09:17:34.0693 2088 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/09 09:17:34.0802 2088 iaStor (baabb0301949774a66b955c65319635a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/09 09:17:34.0911 2088 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/09 09:17:35.0270 2088 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/09 09:17:35.0441 2088 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/09 09:17:35.0535 2088 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys
2011/05/09 09:17:35.0644 2088 IntcAzAudAddService (02e184ddf8285021c3ae30dd3e5858ed) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/09 09:17:35.0769 2088 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/09 09:17:35.0878 2088 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/09 09:17:36.0003 2088 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/09 09:17:36.0112 2088 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/09 09:17:36.0206 2088 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/09 09:17:36.0315 2088 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/05/09 09:17:36.0346 2088 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/09 09:17:36.0455 2088 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/09 09:17:36.0502 2088 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/09 09:17:36.0580 2088 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/09 09:17:36.0611 2088 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/09 09:17:36.0689 2088 k57nd60x (eac21e8014c7e6ee341afffb7e2bbd54) C:\Windows\system32\DRIVERS\k57nd60x.sys
2011/05/09 09:17:36.0783 2088 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/09 09:17:36.0892 2088 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/09 09:17:36.0986 2088 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/09 09:17:37.0142 2088 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/09 09:17:37.0251 2088 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/09 09:17:37.0360 2088 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/09 09:17:37.0454 2088 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/09 09:17:37.0469 2088 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/09 09:17:37.0516 2088 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/09 09:17:37.0641 2088 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/09 09:17:37.0750 2088 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/09 09:17:37.0844 2088 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/09 09:17:37.0937 2088 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/09 09:17:37.0969 2088 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/09 09:17:38.0047 2088 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/09 09:17:38.0156 2088 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/09 09:17:38.0249 2088 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/09 09:17:38.0405 2088 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/09 09:17:38.0515 2088 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/05/09 09:17:38.0624 2088 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/09 09:17:38.0717 2088 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/09 09:17:38.0811 2088 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/09 09:17:38.0920 2088 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/09 09:17:39.0014 2088 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/09 09:17:39.0107 2088 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/09 09:17:39.0170 2088 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/09 09:17:39.0263 2088 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/09 09:17:39.0357 2088 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/09 09:17:39.0404 2088 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/09 09:17:39.0513 2088 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/05/09 09:17:39.0560 2088 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/09 09:17:39.0669 2088 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/09 09:17:39.0763 2088 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/05/09 09:17:39.0809 2088 mwlPSDFilter (2de94e435c3efde58c7b1856d4f20724) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
2011/05/09 09:17:39.0919 2088 mwlPSDNServ (61920a7146eed3d903dbbb8ec295af76) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
2011/05/09 09:17:39.0934 2088 mwlPSDVDisk (e0f49721e68ebd2983e84c44fada6665) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
2011/05/09 09:17:40.0090 2088 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/09 09:17:40.0215 2088 NAVENG (c34e2a884ccca8b5567d0c2752527073) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110508.003\NAVENG.SYS
2011/05/09 09:17:40.0293 2088 NAVEX15 (b3916eeec738dd4178f4fd6a44a32e36) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110508.003\NAVEX15.SYS
2011/05/09 09:17:40.0433 2088 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/05/09 09:17:40.0465 2088 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/09 09:17:40.0558 2088 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/09 09:17:40.0589 2088 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/09 09:17:40.0699 2088 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/09 09:17:40.0792 2088 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/09 09:17:40.0823 2088 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/09 09:17:41.0057 2088 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/05/09 09:17:41.0182 2088 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/09 09:17:41.0198 2088 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/05/09 09:17:41.0307 2088 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
2011/05/09 09:17:41.0338 2088 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/09 09:17:41.0463 2088 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/05/09 09:17:41.0603 2088 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys
2011/05/09 09:17:41.0697 2088 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/09 09:17:41.0791 2088 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/09 09:17:41.0900 2088 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/09 09:17:41.0993 2088 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/09 09:17:42.0087 2088 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/09 09:17:42.0165 2088 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/09 09:17:42.0274 2088 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/09 09:17:42.0430 2088 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/05/09 09:17:42.0555 2088 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/09 09:17:42.0664 2088 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/05/09 09:17:42.0773 2088 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/09 09:17:42.0867 2088 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/09 09:17:42.0914 2088 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/09 09:17:43.0085 2088 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/09 09:17:43.0179 2088 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/09 09:17:43.0241 2088 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/09 09:17:43.0366 2088 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/09 09:17:43.0507 2088 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/09 09:17:43.0631 2088 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/09 09:17:43.0741 2088 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/09 09:17:43.0850 2088 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/09 09:17:43.0975 2088 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/09 09:17:44.0068 2088 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/09 09:17:44.0193 2088 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/09 09:17:44.0287 2088 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/09 09:17:44.0318 2088 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/09 09:17:44.0427 2088 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/09 09:17:44.0458 2088 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/05/09 09:17:44.0599 2088 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/09 09:17:44.0708 2088 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/09 09:17:44.0817 2088 RTSTOR (9b09f336de36a7a6ca871de8a7847b65) C:\Windows\system32\drivers\RTSTOR.SYS
2011/05/09 09:17:44.0911 2088 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/09 09:17:44.0942 2088 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/09 09:17:45.0051 2088 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/09 09:17:45.0160 2088 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/09 09:17:45.0269 2088 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/09 09:17:45.0332 2088 Ser2pl (ba116c9351e028b076b5c11ef59228af) C:\Windows\system32\DRIVERS\ser2pl.sys
2011/05/09 09:17:45.0425 2088 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/09 09:17:45.0519 2088 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/09 09:17:45.0581 2088 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/09 09:17:45.0722 2088 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/09 09:17:45.0815 2088 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/09 09:17:45.0909 2088 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/09 09:17:45.0940 2088 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/09 09:17:46.0065 2088 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/09 09:17:46.0174 2088 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/09 09:17:46.0205 2088 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/09 09:17:46.0346 2088 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/05/09 09:17:46.0439 2088 SPBBCDrv (905782bcf15b6e5af9905b77923c7fa2) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/05/09 09:17:46.0580 2088 speedfan (9f70cd5edcc4efc48ae21e04fb03be9d) C:\Windows\system32\speedfan.sys
2011/05/09 09:17:46.0627 2088 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/09 09:17:46.0767 2088 SRTSP (1b2a1c6bc76e1ebe8bc2f4a4f3d43e23) C:\Windows\system32\Drivers\SRTSP.SYS
2011/05/09 09:17:46.0876 2088 SRTSPL (f01a7f6e60e95fe83345cf92728a32d4) C:\Windows\system32\Drivers\SRTSPL.SYS
2011/05/09 09:17:46.0985 2088 SRTSPX (d02812f89e18c6fb32f901be1e10bc17) C:\Windows\system32\Drivers\SRTSPX.SYS
2011/05/09 09:17:47.0032 2088 srv (8e5fc19b3b38364c5f44ccecec5248e9) C:\Windows\system32\DRIVERS\srv.sys
2011/05/09 09:17:47.0141 2088 srv2 (4ceeb95e0b79e48b81f2da0a6c24c64b) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/09 09:17:47.0297 2088 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/09 09:17:47.0407 2088 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/09 09:17:47.0453 2088 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/09 09:17:47.0547 2088 SymEvent (9d98270b5f10a4c84e8da417c30756e1) C:\Windows\system32\Drivers\SYMEVENT.SYS
2011/05/09 09:17:47.0672 2088 SYMREDRV (7f4011a719bf30e3dbd84d3a0a45c91c) C:\Windows\System32\Drivers\SYMREDRV.SYS
2011/05/09 09:17:47.0719 2088 SYMTDI (2f03cbdb0f22278d05d5d616c993ab58) C:\Windows\System32\Drivers\SYMTDI.SYS
2011/05/09 09:17:47.0812 2088 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/09 09:17:47.0859 2088 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/09 09:17:47.0937 2088 SynTP (aee6e411a915f50101895ba8dc5c15d4) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/09 09:17:48.0077 2088 Tcpip (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\drivers\tcpip.sys
2011/05/09 09:17:48.0265 2088 Tcpip6 (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/09 09:17:48.0374 2088 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/09 09:17:48.0389 2088 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/09 09:17:48.0483 2088 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/09 09:17:48.0514 2088 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/09 09:17:48.0561 2088 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/09 09:17:48.0670 2088 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/09 09:17:48.0764 2088 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/09 09:17:48.0795 2088 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/09 09:17:48.0873 2088 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/09 09:17:48.0920 2088 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/05/09 09:17:48.0998 2088 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/09 09:17:49.0107 2088 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/09 09:17:49.0138 2088 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/09 09:17:49.0216 2088 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/09 09:17:49.0247 2088 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/09 09:17:49.0341 2088 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/09 09:17:49.0450 2088 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/09 09:17:49.0513 2088 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/09 09:17:49.0591 2088 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/09 09:17:49.0637 2088 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/09 09:17:49.0700 2088 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/09 09:17:49.0809 2088 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/09 09:17:49.0856 2088 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/09 09:17:49.0934 2088 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/09 09:17:49.0965 2088 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/09 09:17:50.0059 2088 usb_rndisx (ee181a08e09db23cf4a49b46a1e66bb8) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/05/09 09:17:50.0168 2088 vfs101x (4d45a93a7dd638ca2db0a86fbfbf42d1) C:\Windows\system32\drivers\vfs101x.sys
2011/05/09 09:17:50.0261 2088 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/09 09:17:50.0355 2088 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/09 09:17:50.0480 2088 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/09 09:17:50.0542 2088 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/09 09:17:50.0620 2088 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/09 09:17:50.0667 2088 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/09 09:17:50.0745 2088 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/05/09 09:17:50.0854 2088 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/05/09 09:17:50.0948 2088 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/09 09:17:51.0041 2088 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/09 09:17:51.0088 2088 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/09 09:17:51.0104 2088 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/09 09:17:51.0197 2088 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/09 09:17:51.0307 2088 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/09 09:17:51.0416 2088 WINUSB (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\WinUSB.SYS
2011/05/09 09:17:51.0525 2088 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/09 09:17:51.0650 2088 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/09 09:17:51.0775 2088 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/09 09:17:51.0993 2088 ================================================================================
2011/05/09 09:17:51.0993 2088 Scan finished
2011/05/09 09:17:51.0993 2088 ================================================================================

Attached Files


Edited by TakkiBleepo, 08 May 2011 - 10:13 PM.


#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:57 AM

Posted 09 May 2011 - 01:42 AM

Hi TakkiBleepo,



Step1


  • Please start OTL on your desktop.
  • Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.

    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKU\.DEFAULT..\RunOnce: []  File not found
    O4 - HKU\S-1-5-18..\RunOnce: []  File not found
    O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} -  File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:ABE89FFE
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:B623B5B8
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:41099CE9
    
    :Files 
    ipconfig /flushdns /c 
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [resethosts]
    [start explorer]
    
  • Click Run Fix button on the top.
  • Click OK and let it run unhindered.
  • OTL will ask to reboot the machine. Please OK the prompt.
  • A report will open. Copy and Paste that report in your next reply.



Step2

  • If you already have Combofix, please delete that copy and download it again as it's being updated regularly.
  • Please visit this webpage for download links, and instructions for running the tool:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  • Note: If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu.
    The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.
  • Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow Combofix to continue scanning for malware.
  • When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.
  • Do not mouse click on Combofix while it is running. That may cause it to stall.


In your next reply, please post back:

1.OTL delete log
2.ComboFix log

Let me know what kind of symptoms you're still experiencing now.

#7 TakkiBleepo

TakkiBleepo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 09 May 2011 - 05:52 AM

Hi sundavis,

Thanks for posting back so quickly!

My problem is largely still with slow computer response. It (slow and not responding) seems to happen with every application whether it is windows explorer, offices, IE, pdf, you name it. Even simple stuffs like copying, pasting, highlighting files or folders took a lot of time to respond. I noticed my CPU Usage in Task Manager would jump up and down quite a lot.

I started to think maybe this problem might relate to Windows ... but I am not too sure.
Anyway, I am hopeful my symthomp could be cured here. Thanks a million for your help.

Cheers,
Takki

These are my OTL and ComboFix logs respectively:

OTL:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85d1f590-48f4-11d9-9669-0800200c9a66}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS C:\ProgramData\Temp:B623B5B8 deleted successfully.
ADS C:\ProgramData\Temp:41099CE9 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Acer\Desktop\cmd.bat deleted successfully.
C:\Users\Acer\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Acer
->Temp folder emptied: 1962939 bytes
->Temporary Internet Files folder emptied: 6493108 bytes
->Java cache emptied: 422120 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 75 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Desktop
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3248 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.00 mb


[EMPTYFLASH]

User: Acer
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Desktop

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 05092011_161349

Files\Folders moved on Reboot...
File\Folder C:\Users\Acer\AppData\Local\Temp\~DF118C.tmp not found!
File\Folder C:\Users\Acer\AppData\Local\Temp\~DF1209.tmp not found!
File\Folder C:\Users\Acer\AppData\Local\Temp\~DF12CA.tmp not found!
File\Folder C:\Users\Acer\AppData\Local\Temp\~DF1787.tmp not found!
File\Folder C:\Users\Acer\AppData\Local\Temp\~DF1796.tmp not found!
File\Folder C:\Users\Acer\AppData\Local\Temp\~DF9C5.tmp not found!
C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PVXBESA7\topic114351[1].html moved successfully.
C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NUXR4RQ0\page__pid__2239856[1].htm moved successfully.
C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Acer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

ComboFix:
ComboFix 11-05-08.04 - Acer 09/05/2011 17:02:24.1.2 - x86
Running from: c:\users\Acer\Desktop\ComboFix.exe
SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
.
----- BITS: Possible infected sites -----
.
hxxp://download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2011-04-09 to 2011-05-09 )))))))))))))))))))))))))))))))
.
.
2011-05-09 10:24 . 2011-05-09 10:24 -------- d-----w- c:\users\Acer\AppData\Local\temp
2011-05-09 10:24 . 2011-05-09 10:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-09 09:13 . 2011-05-09 09:13 -------- d-----w- C:\_OTL
2011-05-09 01:19 . 2011-04-18 02:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C3F65A9-4163-445D-9C58-FEE17F6C8B4F}\mpengine.dll
2011-05-03 03:41 . 2011-05-03 08:01 -------- d-----w- c:\program files\SpeedFan
2011-04-28 15:32 . 2011-04-28 15:32 -------- d-----w- c:\program files\Common Files\Java
2011-04-28 15:31 . 2011-04-28 15:31 -------- d-----w- c:\program files\Java
2011-04-26 03:44 . 2011-04-26 03:44 -------- d-----w- c:\users\Acer\AppData\Roaming\SUPERAntiSpyware.com
2011-04-26 03:44 . 2011-04-26 03:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-04-26 03:43 . 2011-04-26 03:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-26 02:59 . 2011-04-27 19:03 -------- d-----w- c:\program files\CCleaner
2011-04-19 21:08 . 2011-04-19 21:08 -------- d--h--w- c:\windows\PIF
2011-04-19 15:02 . 2011-04-19 23:05 -------- d-----w- c:\windows\BDOSCAN8
2011-04-19 09:03 . 2011-04-19 09:03 -------- d-----w- c:\users\Acer\IOption
2011-04-19 09:03 . 2011-04-19 09:03 -------- d-----w- c:\programdata\BackupManager
2011-04-18 06:25 . 2011-04-18 06:25 -------- d-----w- c:\users\Acer\AppData\Roaming\IObit
2011-04-18 06:25 . 2011-04-18 06:25 -------- d-----w- c:\programdata\IObit
2011-04-18 06:25 . 2011-04-18 06:25 -------- d-----w- c:\program files\IObit
2011-04-18 03:14 . 2011-04-18 03:14 -------- d-----w- c:\users\Acer\AppData\Roaming\Malwarebytes
2011-04-18 03:14 . 2011-04-18 03:14 -------- d-----w- c:\programdata\Malwarebytes
2011-04-18 03:14 . 2010-12-20 11:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-18 03:14 . 2011-04-18 03:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-18 03:14 . 2010-12-20 11:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-11 13:24 . 2011-04-11 13:24 -------- d-----w- c:\windows\system32\x64
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-28 15:31 . 2010-06-15 03:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-11 12:26 . 2011-02-11 12:26 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2011-02-11 12:26 . 2009-07-12 07:38 948760 ----a-w- c:\windows\system32\igxpun.exe
2011-02-11 12:26 . 2009-05-12 10:41 137752 ----a-w- c:\windows\system32\igfxtray.exe
2011-02-11 12:26 . 2009-05-12 10:41 267800 ----a-w- c:\windows\system32\igfxsrvc.exe
2011-02-11 12:26 . 2009-05-12 10:41 172568 ----a-w- c:\windows\system32\igfxpers.exe
2011-02-11 12:26 . 2009-05-12 10:41 179224 ----a-w- c:\windows\system32\igfxext.exe
2011-02-11 12:26 . 2009-05-12 10:41 171032 ----a-w- c:\windows\system32\hkcmd.exe
2011-02-11 12:26 . 2011-02-11 12:26 3157528 ----a-w- c:\windows\system32\GfxUI.exe
2011-02-11 12:20 . 2011-02-11 12:20 81920 ----a-w- c:\windows\system32\igfxCoIn_v2302.dll
2011-02-11 12:12 . 2011-02-11 12:12 9036800 ----a-w- c:\windows\system32\drivers\igdkmd32.sys
2011-02-11 12:12 . 2009-05-12 10:41 4967424 ----a-w- c:\windows\system32\igdumd32.dll
2011-02-11 12:09 . 2009-05-12 10:41 571904 ----a-w- c:\windows\system32\igdumdx32.dll
2011-02-11 12:04 . 2011-02-11 12:04 4411392 ----a-w- c:\windows\system32\igd10umd32.dll
2011-02-11 11:51 . 2011-02-11 11:51 11039744 ----a-w- c:\windows\system32\ig4icd32.dll
2011-02-11 11:44 . 2011-02-11 11:44 86016 ----a-w- c:\windows\system32\igfxrsky.lrc
2011-02-11 11:44 . 2011-02-11 11:44 85504 ----a-w- c:\windows\system32\igfxrtrk.lrc
2011-02-11 11:44 . 2011-02-11 11:44 85504 ----a-w- c:\windows\system32\igfxrslv.lrc
2011-02-11 11:44 . 2009-05-12 10:41 84992 ----a-w- c:\windows\system32\igfxrtha.lrc
2011-02-11 11:44 . 2011-02-11 11:44 86528 ----a-w- c:\windows\system32\igfxresn.lrc
2011-02-11 11:44 . 2011-02-11 11:44 86016 ----a-w- c:\windows\system32\igfxrrus.lrc
2011-02-11 11:44 . 2011-02-11 11:44 86016 ----a-w- c:\windows\system32\igfxrptg.lrc
2011-02-11 11:44 . 2011-02-11 11:44 85504 ----a-w- c:\windows\system32\igfxrsve.lrc
2011-02-11 11:44 . 2011-02-11 11:44 86016 ----a-w- c:\windows\system32\igfxrplk.lrc
2011-02-11 11:44 . 2011-02-11 11:44 85504 ----a-w- c:\windows\system32\igfxrptb.lrc
2011-02-11 11:44 . 2011-02-11 11:44 85504 ----a-w- c:\windows\system32\igfxrnor.lrc
2011-02-11 11:44 . 2011-02-11 11:44 82944 ----a-w- c:\windows\system32\igfxrkor.lrc
2011-02-11 11:44 . 2011-02-11 11:44 86528 ----a-w- c:\windows\system32\igfxrell.lrc
2011-02-11 11:44 . 2011-02-11 11:44 86016 ----a-w- c:\windows\system32\igfxrita.lrc
2011-02-11 11:44 . 2011-02-11 11:44 85504 ----a-w- c:\windows\system32\igfxrhun.lrc
2011-02-11 11:44 . 2011-02-11 11:44 84480 ----a-w- c:\windows\system32\igfxrheb.lrc
2011-02-11 11:44 . 2011-02-11 11:44 82944 ----a-w- c:\windows\system32\igfxrjpn.lrc
2011-02-11 11:44 . 2011-02-11 11:44 86528 ----a-w- c:\windows\system32\igfxrfra.lrc
2011-02-11 11:44 . 2011-02-11 11:44 86016 ----a-w- c:\windows\system32\igfxrnld.lrc
2011-02-11 11:44 . 2011-02-11 11:44 86016 ----a-w- c:\windows\system32\igfxrdeu.lrc
2011-02-11 11:44 . 2011-02-11 11:44 85504 ----a-w- c:\windows\system32\igfxrfin.lrc
2011-02-11 11:44 . 2011-02-11 11:44 84992 ----a-w- c:\windows\system32\igfxrdan.lrc
2011-02-11 11:44 . 2011-02-11 11:44 85504 ----a-w- c:\windows\system32\igfxrcsy.lrc
2011-02-11 11:44 . 2011-02-11 11:44 84480 ----a-w- c:\windows\system32\igfxrara.lrc
2011-02-11 11:44 . 2011-02-11 11:44 81920 ----a-w- c:\windows\system32\igfxrcht.lrc
2011-02-11 11:44 . 2011-02-11 11:44 81920 ----a-w- c:\windows\system32\igfxrchs.lrc
2011-02-11 11:41 . 2011-02-11 11:41 115200 ----a-w- c:\windows\system32\igfxcpl.cpl
2011-02-11 11:41 . 2009-05-12 10:41 261632 ----a-w- c:\windows\system32\igfxTMM.dll
2011-02-11 11:41 . 2009-05-12 10:41 195584 ----a-w- c:\windows\system32\igfxpph.dll
2011-02-11 11:41 . 2009-05-12 10:41 23552 ----a-w- c:\windows\system32\igfxexps.dll
2011-02-11 11:41 . 2009-05-12 10:41 57856 ----a-w- c:\windows\system32\igfxsrvc.dll
2011-02-11 11:40 . 2011-02-11 11:40 130048 ----a-w- c:\windows\system32\igfxdo.dll
2011-02-11 11:40 . 2009-05-12 10:41 95232 ----a-w- c:\windows\system32\hccutils.dll
2011-02-11 11:40 . 2011-02-11 11:40 120320 ----a-w- c:\windows\system32\gfxSrvc.dll
2011-02-11 11:40 . 2011-02-11 11:40 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2011-02-11 11:40 . 2011-02-11 11:40 85504 ----a-w- c:\windows\system32\igfxrenu.lrc
2011-02-11 11:40 . 2009-05-12 10:41 828928 ----a-w- c:\windows\system32\igfxress.dll
2011-02-11 11:40 . 2009-05-12 10:41 228864 ----a-w- c:\windows\system32\igfxdev.dll
2011-02-11 11:35 . 2011-02-11 11:35 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-02-11 11:35 . 2011-02-11 11:35 208896 ----a-w- c:\windows\system32\iglhsip32.dll
2011-02-11 11:35 . 2011-02-11 11:35 147456 ----a-w- c:\windows\system32\iglhcp32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 05:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-12 39408]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2004-11-22 307200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-01 6957600]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-03-25 3607552]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-07 866824]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-04-08 440864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-01 247344]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-27 134808]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-13 483328]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2008-10-27 346672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-7-12 565248]
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-10-21 25214]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-23 727592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ c:\program files\Acer Bio Protection\PwdFilter
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-27 122008]
S0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2008-07-11 42608]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-04-08 703008]
S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-03-25 3443712]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
S2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504]
S2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432]
S2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-27 306736]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-01 54528]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-11-27 237568]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-05-25 599344]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-03-15 102448]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-05-25 40752]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 06:16]
.
2011-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-11 06:16]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
TCP: {18657A9A-FBA1-4773-9C79-FB2F5A4C69BE} = 119.46.78.98 61.91.211.78
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-09 17:24
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2356119334-1000085761-130144412-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tga"
.
[HKEY_USERS\S-1-5-21-2356119334-1000085761-130144412-1000\Software\SecuROM\License information*]
"datasecu"=hex:e5,48,a4,2c,0c,f7,74,99,fe,09,b2,d4,bd,18,72,45,c9,f9,79,fd,8d,
07,7d,bc,a4,19,88,58,ba,18,e6,7d,8d,b0,88,e7,c8,ae,79,3c,7e,70,65,c2,83,5c,\
"rkeysecu"=hex:8a,80,10,b7,ac,3e,a7,c5,4c,41,35,92,c0,94,6e,93
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0019\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0020\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0021\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0022\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(768)
c:\program files\Acer Bio Protection\PwdFilter.dll
.
Completion time: 2011-05-09 17:30:44
ComboFix-quarantined-files.txt 2011-05-09 10:30
.
Pre-Run: 96,775,585,792 bytes free
Post-Run: 96,706,437,120 bytes free
.
- - End Of File - - 28EFF79EF3B13AC3F3AE0DA086B927F3

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:57 AM

Posted 09 May 2011 - 07:15 AM

Hi TakkiBleepo,



I started to think maybe this problem might relate to Windows ...

Yes, I can't see any signs of malware in your logs. If you have not received any alerts from your protection software, and the only symptom you are experiencing now is the one you report, then I would say the problem is not likely to be malware-related.

Since the problem is a bit far afield for us at Malware Removal, you would be better served discussing your problems in our Vista subforum. The experts at that forum specialize in this type of problem so you will be in good hands.

Anyway, lets do some maintiance and hope to get your pc back to working order. If not, you should know where you can turn to.


Step1

Open IE, select Tools > Internet Options. Select the Connections tab.

  • If you are using LAN, click "LAN Settings" button. If you are using Dial-up or Virtual Private Network connection, select necessary connection and click "Settings" button.
  • In the "Proxy Server" area, uncheck the check mark next to Use a proxy server for ....
  • Click OK.
  • Click Advanced tab and click on Reset button
  • In the Reset Internet Explorer Settings dialog box, click Reset to confirm.

Step2

1. Click the Microsoft Vista Start logo in the bottom left corner of the screen
2. Click All Programs
3. Click Accessories
4. RIGHT-click on Command Prompt
5. Select Run As Administrator
6. In the command window type the following and then hit enter:

ipconfig /flushdns
7. You will see the following confirmation:

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.


Step3

1.Click on Start button.
2.Type Cmd in the Start Search text box.
3.Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator. Allow elevation request.
4.Type netsh winsock reset in the Command Prompt shell, and then press the Enter key.
5.Repeat the process with netsh int ip reset
5.Restart the computer.


Step4

Please proceed to check disk and use disk defragmenter as instructed from Here and Here .


Step5

After that, What I'd like you to do is a hard reset with your router if you have one. Leave it on, and there should be a little pinhole in the back of the unit. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). Then change your admin login and password--make it a strong password. You may also want to ask your ISP for help in case there are custom settings that need to be maintained.


Let me know if you still need assistance or you need the final instruction since we have done here. :thumbup2:

#9 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:57 AM

Posted 21 May 2011 - 08:20 AM

Since this issue appears resolved ... this Topic is closed.

Glad to have helped.

Everyone else please begin a New Topic.

#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:57 AM

Posted 21 May 2011 - 08:20 AM

Since this issue appears resolved ... this Topic is closed. Glad to have helped. Everyone else please begin a New Topic.

Edited by sundavis, 21 May 2011 - 08:21 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users