Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer running extremely slow for past 2 weeks


  • This topic is locked This topic is locked
17 replies to this topic

#1 teenslayer

teenslayer

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 29 June 2011 - 09:11 PM

Hi,

I've been experiencing very slow reaction times on my computer for a while now. It just started suddenly and now even opening a browser takes forever. I know the first step is to get a hijackthis log, but I forgot how to get the software. Please advise as to what I should do now. Thanks!

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,446 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:33 PM

Posted 10 July 2011 - 03:11 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 11 July 2011 - 12:58 PM

Hi Elise,

The problem is just that the computer has been extremely slow opening anything from microsoft words to chrome browser and there is a lot of lag all the time. This may or may not be caused by malware, but I just wanted to check off this possibility. Let me know if you need any further information.


Below is the DDS log. Thanks!


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Pioneer Shipping at 13:53:05 on 2011-07-11
Microsoft Windows 7 Professional 6.1.7601.1.936.86.1033.18.1013.86 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\brsvc01a.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\brss01a.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\fxssvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\PPStream\PPSAP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Pioneer Shipping\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pioneer Shipping\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pioneer Shipping\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Pioneer Shipping\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE
C:\Anzio125\anzio32.exe
C:\Users\Pioneer Shipping\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Pioneer Shipping\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pioneer Shipping\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pioneer Shipping\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Google Update] "c:\users\pioneer shipping\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [PPS Accelerator] c:\program files\ppstream\ppsap.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: 111222.cn\list1
Trusted Zone: pps.tv\kan
Trusted Zone: pps.tv\list1
Trusted Zone: pps.tv\tvguide
Trusted Zone: pps.tv\vodguide
Trusted Zone: ppstream.com\list1
Trusted Zone: ppstream.com\notice
Trusted Zone: ppstream.com\xml1
Trusted Zone: ppstream.com\xml2
Trusted Zone: ppstream.com\xml3
Trusted Zone: ppstream.net\list1
Trusted Zone: ppstv.com\list1
Trusted Zone: ppstv.net\list1
Trusted Zone: security_PPStream.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{66ADA4EC-C5CA-48BF-98F1-62F517E05657} : DhcpNameServer = 208.59.247.45 208.59.247.46
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pioneer shipping\appdata\roaming\mozilla\firefox\profiles\5gpsctam.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\pioneer shipping\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\users\pioneer shipping\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\pioneer shipping\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-6-3 1153368]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-5-20 30576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-29 135664]
S2 LG-Fax;LG-Fax;faxsrvc.exe --> faxsrvc.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-28 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-29 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-25 52224]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
.
=============== Created Last 30 ================
.
2011-07-08 15:17:04 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{310bc77e-f753-4ed9-9230-5f8c419d74df}\mpengine.dll
2011-07-06 23:23:12 -------- d-----w- c:\users\pioneer shipping\appdata\roaming\Bitcoin
2011-07-03 01:52:42 0 ----a-w- c:\windows\system32\nse782A.tmp
2011-07-03 01:52:23 0 ----a-w- c:\windows\system32\nso2AB5.tmp
2011-06-29 15:08:46 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 15:08:44 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 15:08:44 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 15:08:43 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 15:08:43 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 15:08:43 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 15:08:43 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 15:08:43 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 15:08:43 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 15:08:43 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-25 16:46:27 -------- d-----w- c:\program files\VideoLAN
2011-06-21 21:24:51 -------- d-----r- c:\users\pioneer shipping\Virtual Machines
2011-06-21 21:14:39 2171392 ----a-w- c:\windows\system32\VPCWizard.exe
2011-06-21 21:14:38 48128 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2011-06-21 21:14:35 78336 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2011-06-21 21:14:34 296064 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2011-06-21 21:14:34 172416 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2011-06-21 21:14:34 14848 ----a-w- c:\windows\system32\vpchbuspipe.dll
2011-06-21 21:14:31 559616 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2011-06-21 21:14:31 1260032 ----a-w- c:\windows\system32\VPCSettings.exe
2011-06-21 21:14:20 793600 ----a-w- c:\windows\system32\vmsal.exe
2011-06-21 21:14:20 3330560 ----a-w- c:\windows\system32\vpc.exe
2011-06-21 21:14:20 1003008 ----a-w- c:\windows\system32\VMWindow.exe
2011-06-20 03:14:22 -------- d-----w- c:\users\pioneer shipping\appdata\local\{827505C3-71C8-436D-899A-8E3C3749F295}
2011-06-18 01:10:31 -------- d-----w- c:\users\pioneer shipping\appdata\local\{8A3D92E9-3B25-4927-95BB-4951EA439F68}
2011-06-17 13:09:59 -------- d-----w- c:\users\pioneer shipping\appdata\local\{F91C8C16-B146-4552-B3D4-2672EDF539E6}
2011-06-17 05:04:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-17 05:04:56 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-17 05:04:55 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-16 21:51:39 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 21:51:39 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 21:51:39 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 21:51:38 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 21:51:38 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 21:51:37 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 21:51:34 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 21:51:33 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 21:51:33 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-16 21:51:32 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 21:51:32 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 13:08:36 -------- d-----w- c:\users\pioneer shipping\appdata\local\{D302E372-B338-4562-A845-0004B0E32AD1}
2011-06-15 13:07:12 -------- d-----w- c:\users\pioneer shipping\appdata\local\{9C00B4CF-16FA-4434-80C9-8664E44A6D46}
2011-06-14 12:50:07 -------- d-----w- c:\users\pioneer shipping\appdata\local\{C8F991A1-AF96-4E50-838C-3CC5D3988740}
2011-06-13 14:47:52 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2011-06-13 14:47:51 74000 ----a-w- c:\windows\system32\msrclr40.dll
2011-06-13 14:47:51 28944 ----a-w- c:\windows\system32\msrecr40.dll
2011-06-13 12:48:48 -------- d-----w- c:\users\pioneer shipping\appdata\local\{6C7B7B5F-AB07-464A-BAAC-42B264EA7BA0}
2011-06-12 14:33:01 -------- d-----w- c:\users\pioneer shipping\appdata\local\{C6442E7A-4E83-4029-A5EA-E327336787EC}
.
==================== Find3M ====================
.
2011-06-16 13:07:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 17:05:54 127 ----a-w- c:\windows\system32\ActiveFax.Cmd
2011-05-29 17:05:50 86016 ----a-w- c:\windows\system32\ActMonRe.dll
2011-05-29 17:05:50 439488 ----a-w- c:\windows\system32\ActMonNT.dll
2011-05-29 17:05:49 83136 ----a-w- c:\windows\UIActFax.exe
2011-05-29 17:05:49 69632 ----a-w- c:\windows\UIActFax.dll
2011-05-27 12:59:25 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-19 10:20:54 2532720 ----a-w- c:\windows\system32\SogouPY.ime
2011-04-22 19:14:16 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
============= FINISH: 13:54:50.83 ===============
Attached File  Attach.zip   2.42KB   1 downloads

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,446 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:33 PM

Posted 11 July 2011 - 01:09 PM

Hi again, lets also check for rootkits.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 11 July 2011 - 01:17 PM

Thanks for the fast response Elise!

Here's the results of tdsskiller. It didn't find anything.



2011/07/11 14:15:17.0313 5952 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/11 14:15:17.0702 5952 ================================================================================
2011/07/11 14:15:17.0702 5952 SystemInfo:
2011/07/11 14:15:17.0702 5952
2011/07/11 14:15:17.0702 5952 OS Version: 6.1.7601 ServicePack: 1.0
2011/07/11 14:15:17.0702 5952 Product type: Workstation
2011/07/11 14:15:17.0702 5952 ComputerName: PS-LAPTOP
2011/07/11 14:15:17.0703 5952 UserName: Pioneer Shipping
2011/07/11 14:15:17.0703 5952 Windows directory: C:\Windows
2011/07/11 14:15:17.0703 5952 System windows directory: C:\Windows
2011/07/11 14:15:17.0703 5952 Processor architecture: Intel x86
2011/07/11 14:15:17.0703 5952 Number of processors: 2
2011/07/11 14:15:17.0703 5952 Page size: 0x1000
2011/07/11 14:15:17.0703 5952 Boot type: Normal boot
2011/07/11 14:15:17.0703 5952 ================================================================================
2011/07/11 14:15:20.0918 5952 Initialize success
2011/07/11 14:15:30.0213 1944 ================================================================================
2011/07/11 14:15:30.0213 1944 Scan started
2011/07/11 14:15:30.0213 1944 Mode: Manual;
2011/07/11 14:15:30.0213 1944 ================================================================================
2011/07/11 14:15:31.0902 1944 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/07/11 14:15:31.0951 1944 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/07/11 14:15:32.0014 1944 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/07/11 14:15:32.0076 1944 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/11 14:15:32.0118 1944 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/11 14:15:32.0150 1944 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/11 14:15:32.0227 1944 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/07/11 14:15:32.0256 1944 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/07/11 14:15:32.0280 1944 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/11 14:15:32.0317 1944 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/07/11 14:15:32.0344 1944 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/07/11 14:15:32.0394 1944 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/07/11 14:15:32.0430 1944 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/11 14:15:32.0448 1944 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/11 14:15:32.0476 1944 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/07/11 14:15:32.0505 1944 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/11 14:15:32.0525 1944 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/07/11 14:15:32.0576 1944 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/07/11 14:15:32.0637 1944 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/11 14:15:32.0662 1944 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/11 14:15:32.0715 1944 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/11 14:15:32.0743 1944 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/07/11 14:15:32.0793 1944 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/11 14:15:32.0831 1944 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/11 14:15:32.0869 1944 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/07/11 14:15:32.0901 1944 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/11 14:15:32.0943 1944 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/11 14:15:32.0961 1944 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/11 14:15:32.0982 1944 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/11 14:15:33.0031 1944 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\system32\DRIVERS\BrSerId.sys
2011/07/11 14:15:33.0058 1944 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/11 14:15:33.0076 1944 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/11 14:15:33.0106 1944 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\DRIVERS\BrUsbSer.sys
2011/07/11 14:15:33.0124 1944 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/11 14:15:33.0176 1944 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/11 14:15:33.0238 1944 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/07/11 14:15:33.0266 1944 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/11 14:15:33.0307 1944 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/11 14:15:33.0362 1944 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/11 14:15:33.0418 1944 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/07/11 14:15:33.0451 1944 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/07/11 14:15:33.0483 1944 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/11 14:15:33.0543 1944 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/07/11 14:15:33.0577 1944 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/11 14:15:33.0651 1944 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/07/11 14:15:33.0736 1944 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/07/11 14:15:33.0769 1944 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/11 14:15:33.0813 1944 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/11 14:15:33.0877 1944 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/11 14:15:33.0929 1944 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/11 14:15:33.0995 1944 e1express (cf0a6015f437161698c5b2a0a12cf052) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/07/11 14:15:34.0094 1944 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/11 14:15:34.0239 1944 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/11 14:15:34.0303 1944 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/07/11 14:15:34.0346 1944 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/11 14:15:34.0374 1944 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/11 14:15:34.0399 1944 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/11 14:15:34.0442 1944 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/07/11 14:15:34.0468 1944 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/11 14:15:34.0484 1944 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/11 14:15:34.0520 1944 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/11 14:15:34.0562 1944 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/11 14:15:34.0693 1944 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/07/11 14:15:34.0740 1944 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/11 14:15:34.0801 1944 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/11 14:15:34.0824 1944 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/11 14:15:34.0871 1944 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/11 14:15:34.0924 1944 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/11 14:15:34.0984 1944 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/07/11 14:15:35.0030 1944 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/07/11 14:15:35.0047 1944 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/11 14:15:35.0080 1944 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/11 14:15:35.0098 1944 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/11 14:15:35.0142 1944 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/11 14:15:35.0193 1944 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/07/11 14:15:35.0236 1944 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/07/11 14:15:35.0304 1944 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/11 14:15:35.0357 1944 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/07/11 14:15:35.0403 1944 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\drivers\iaStorV.sys
2011/07/11 14:15:35.0545 1944 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/11 14:15:35.0658 1944 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/11 14:15:35.0761 1944 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/11 14:15:35.0823 1944 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/07/11 14:15:35.0859 1944 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/11 14:15:35.0893 1944 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/11 14:15:35.0959 1944 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/07/11 14:15:35.0978 1944 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/11 14:15:36.0017 1944 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/11 14:15:36.0045 1944 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/07/11 14:15:36.0106 1944 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/07/11 14:15:36.0136 1944 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/11 14:15:36.0190 1944 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/11 14:15:36.0265 1944 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/11 14:15:36.0305 1944 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/11 14:15:36.0393 1944 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/11 14:15:36.0444 1944 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/11 14:15:36.0475 1944 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/11 14:15:36.0500 1944 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/11 14:15:36.0527 1944 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/11 14:15:36.0564 1944 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/11 14:15:36.0620 1944 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/11 14:15:36.0653 1944 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/11 14:15:36.0698 1944 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/11 14:15:36.0739 1944 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/11 14:15:36.0806 1944 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/11 14:15:36.0841 1944 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/11 14:15:36.0894 1944 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/07/11 14:15:36.0946 1944 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/07/11 14:15:36.0975 1944 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/11 14:15:37.0037 1944 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/07/11 14:15:37.0093 1944 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/11 14:15:37.0126 1944 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/11 14:15:37.0155 1944 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/11 14:15:37.0178 1944 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\drivers\msahci.sys
2011/07/11 14:15:37.0214 1944 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\drivers\msdsm.sys
2011/07/11 14:15:37.0264 1944 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/11 14:15:37.0286 1944 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/11 14:15:37.0326 1944 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\Windows\system32\Drivers\nx6000.sys
2011/07/11 14:15:37.0380 1944 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/07/11 14:15:37.0428 1944 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/11 14:15:37.0450 1944 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/11 14:15:37.0478 1944 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/11 14:15:37.0508 1944 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/11 14:15:37.0541 1944 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/07/11 14:15:37.0565 1944 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/11 14:15:37.0583 1944 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/11 14:15:37.0613 1944 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/11 14:15:37.0663 1944 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/11 14:15:37.0741 1944 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/07/11 14:15:37.0812 1944 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/11 14:15:37.0847 1944 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/11 14:15:37.0901 1944 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/11 14:15:37.0958 1944 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/11 14:15:38.0017 1944 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/07/11 14:15:38.0050 1944 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/11 14:15:38.0103 1944 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/11 14:15:38.0204 1944 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/11 14:15:38.0241 1944 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/11 14:15:38.0274 1944 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/11 14:15:38.0353 1944 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/07/11 14:15:38.0401 1944 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/11 14:15:38.0467 1944 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/07/11 14:15:38.0516 1944 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/07/11 14:15:38.0547 1944 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/07/11 14:15:38.0613 1944 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/07/11 14:15:38.0680 1944 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/11 14:15:38.0736 1944 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/07/11 14:15:38.0761 1944 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/11 14:15:38.0804 1944 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/07/11 14:15:38.0829 1944 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/07/11 14:15:38.0854 1944 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/11 14:15:38.0882 1944 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/11 14:15:38.0914 1944 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/11 14:15:39.0049 1944 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/11 14:15:39.0078 1944 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/11 14:15:39.0129 1944 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/11 14:15:39.0181 1944 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/11 14:15:39.0233 1944 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/11 14:15:39.0267 1944 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/11 14:15:39.0299 1944 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/11 14:15:39.0330 1944 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/11 14:15:39.0363 1944 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/11 14:15:39.0401 1944 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/11 14:15:39.0422 1944 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/11 14:15:39.0482 1944 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/11 14:15:39.0510 1944 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/11 14:15:39.0542 1944 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/11 14:15:39.0599 1944 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/07/11 14:15:39.0631 1944 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/11 14:15:39.0662 1944 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/11 14:15:39.0731 1944 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/07/11 14:15:39.0809 1944 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/07/11 14:15:39.0883 1944 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
2011/07/11 14:15:39.0928 1944 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/11 14:15:39.0983 1944 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/07/11 14:15:40.0049 1944 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/07/11 14:15:40.0103 1944 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/11 14:15:40.0156 1944 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/11 14:15:40.0205 1944 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/11 14:15:40.0225 1944 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/11 14:15:40.0254 1944 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/11 14:15:40.0336 1944 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/07/11 14:15:40.0366 1944 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/11 14:15:40.0387 1944 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/11 14:15:40.0407 1944 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/11 14:15:40.0454 1944 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/07/11 14:15:40.0479 1944 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/11 14:15:40.0509 1944 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/11 14:15:40.0547 1944 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/11 14:15:40.0597 1944 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/11 14:15:40.0670 1944 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/07/11 14:15:40.0703 1944 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/11 14:15:40.0732 1944 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/11 14:15:40.0778 1944 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/11 14:15:40.0845 1944 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/07/11 14:15:40.0882 1944 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/07/11 14:15:40.0911 1944 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/07/11 14:15:40.0996 1944 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\drivers\tcpip.sys
2011/07/11 14:15:41.0075 1944 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/11 14:15:41.0143 1944 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/11 14:15:41.0204 1944 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/07/11 14:15:41.0234 1944 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/07/11 14:15:41.0285 1944 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/11 14:15:41.0315 1944 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/07/11 14:15:41.0415 1944 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/11 14:15:41.0484 1944 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/07/11 14:15:41.0549 1944 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/11 14:15:41.0581 1944 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/11 14:15:41.0638 1944 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/11 14:15:41.0695 1944 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/11 14:15:41.0754 1944 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/07/11 14:15:41.0780 1944 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/11 14:15:41.0859 1944 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/11 14:15:41.0907 1944 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
2011/07/11 14:15:41.0928 1944 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/11 14:15:41.0981 1944 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/07/11 14:15:42.0009 1944 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/11 14:15:42.0036 1944 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/11 14:15:42.0064 1944 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
2011/07/11 14:15:42.0090 1944 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/11 14:15:42.0121 1944 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/11 14:15:42.0150 1944 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/11 14:15:42.0168 1944 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/11 14:15:42.0210 1944 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/11 14:15:42.0258 1944 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/07/11 14:15:42.0309 1944 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/11 14:15:42.0334 1944 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/11 14:15:42.0365 1944 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/07/11 14:15:42.0407 1944 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/07/11 14:15:42.0432 1944 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/11 14:15:42.0484 1944 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/07/11 14:15:42.0511 1944 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/07/11 14:15:42.0539 1944 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/07/11 14:15:42.0561 1944 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/07/11 14:15:42.0595 1944 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/11 14:15:42.0623 1944 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/07/11 14:15:42.0663 1944 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/07/11 14:15:42.0715 1944 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/07/11 14:15:42.0751 1944 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/07/11 14:15:42.0840 1944 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys
2011/07/11 14:15:42.0872 1944 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/11 14:15:42.0925 1944 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
2011/07/11 14:15:42.0963 1944 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/07/11 14:15:42.0998 1944 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/07/11 14:15:43.0042 1944 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/11 14:15:43.0095 1944 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/11 14:15:43.0119 1944 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/11 14:15:43.0195 1944 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/11 14:15:43.0231 1944 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/11 14:15:43.0298 1944 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/11 14:15:43.0333 1944 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/11 14:15:43.0369 1944 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/07/11 14:15:43.0506 1944 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/11 14:15:43.0560 1944 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/11 14:15:43.0622 1944 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/11 14:15:43.0701 1944 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/07/11 14:15:43.0760 1944 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/11 14:15:43.0824 1944 ZSMC301b (1e41295eac56589efd9dc3ca14bf3fec) C:\Windows\system32\Drivers\usbVM31b.sys
2011/07/11 14:15:43.0860 1944 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/11 14:15:43.0878 1944 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/07/11 14:15:43.0993 1944 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
2011/07/11 14:15:44.0015 1944 Boot (0x1200) (c85bb036e03109be4bc8b1e0216fd56a) \Device\Harddisk0\DR0\Partition0
2011/07/11 14:15:44.0045 1944 Boot (0x1200) (af760f3c7ddebdee879204464310fd0d) \Device\Harddisk0\DR0\Partition1
2011/07/11 14:15:44.0060 1944 Boot (0x1200) (b3ccbd94ff21f36aa4e6e5dac31a03a2) \Device\Harddisk1\DR1\Partition0
2011/07/11 14:15:44.0082 1944 Boot (0x1200) (71202e699b62d833e2e8f95d6fbcb067) \Device\Harddisk2\DR2\Partition0
2011/07/11 14:15:44.0094 1944 ================================================================================
2011/07/11 14:15:44.0094 1944 Scan finished
2011/07/11 14:15:44.0094 1944 ================================================================================
2011/07/11 14:15:44.0112 4900 Detected object count: 0
2011/07/11 14:15:44.0113 4900 Actual detected object count: 0
2011/07/11 14:15:51.0064 5324 Deinitialize success

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,446 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:33 PM

Posted 11 July 2011 - 04:18 PM

Hi, fortunately nothing was found. :)

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 11 July 2011 - 05:21 PM

Hello! Just ran the combofix. It ran in chinese though so the log has some chinese characters in it. Probably because the system locale is set in chinese. Let me know if you that is a problem.


ComboFix 11-07-11.02 - Pioneer Shipping 1/2011 Mon 17:37:45.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.936.86.1033.18.1013.240 [GMT -4:00]
执行位置: c:\users\Pioneer Shipping\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\favoritevideo\InvisibleFolder
c:\favoritevideo\InvisibleFolder\20100416161742_mop100301zanting15sxiongba.swf
c:\favoritevideo\InvisibleFolder\20100423150458_zhaopin100423jiao15s.gif
c:\favoritevideo\InvisibleFolder\20100520155321_kuainan100520cha15s.swf
c:\favoritevideo\InvisibleFolder\20100607135619_mengniu100607zhu15s1(0).wmv
c:\favoritevideo\InvisibleFolder\20100610104312_biyadi100611zhu15s.wmv
c:\favoritevideo\InvisibleFolder\20100610144608_ppliveshijiebei100610zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100610145021_pplivenvziwangqiu100610zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100612113130_qingyang100612zanting15s1.swf
c:\favoritevideo\InvisibleFolder\20100612114136_qingyang100612zanting15s4.swf
c:\favoritevideo\InvisibleFolder\20100612131938_qingyang100612zanting15sc1.swf
c:\favoritevideo\InvisibleFolder\20100612144730_qingyang100612zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100618110742_jinglun100618zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100618180357_jinglun100618cha15s.swf
c:\favoritevideo\InvisibleFolder\20100624162052_su8100624jiao15s.swf
c:\favoritevideo\InvisibleFolder\20100624181647_nvziwangqiu100624zhu5s.swf
c:\favoritevideo\InvisibleFolder\20100625140142_pptvhuiyuan100625zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100628181546_tengfei100628zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100629111822_huiyuan100629cha15s.jpg
c:\favoritevideo\InvisibleFolder\20100629175742_longchuang100629zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100630134716_menghuanxiyou100707zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100630163901_su8100630zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100630164735_tongyi100701zanting15s1.swf
c:\favoritevideo\InvisibleFolder\20100630165227_tongyi100701cha15s1.swf
c:\favoritevideo\InvisibleFolder\20100701120334_fengtian100701qipao15s2.swf
c:\favoritevideo\InvisibleFolder\20100707182408_mingchao100709zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100707183016_mingchao100709cha15s.jpg
c:\favoritevideo\InvisibleFolder\20100708201519_tongyilvcha100708zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100709100116_guangben100709lamu.swf
c:\favoritevideo\InvisibleFolder\20100712180820_huiyuan100712zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100712181006_huiyuan100712cha15s.jpg
c:\favoritevideo\InvisibleFolder\20100713144425_lvshou100714zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100713183253_qifan100718zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100713184842_dianhun100716zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100713193515_chaojibaobei100714zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100714143449_kangshifu100714zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100714144233_kadang100714cha15s.swf
c:\favoritevideo\InvisibleFolder\20100714155319_kuowang100714zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100714155603_kuowang100714zhu5s.swf
c:\favoritevideo\InvisibleFolder\20100714155650_kuowang100714zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100714171634_meizhuang100714zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100714175852_UUCall100715zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100715175723_yemaicha100719zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100715180807_shishenxiaodangjia100716zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100715181035_shishenxiaodangjia100716cha15s.swf
c:\favoritevideo\InvisibleFolder\20100715181136_shishenxiaodangjia100716zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100715191103_wanmeichibi100716zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100715191849_wanmeichibi100716zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100715191956_wanmeichibi100716cha15s.swf
c:\favoritevideo\InvisibleFolder\20100716144238_taobao100719zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100716181738_sixiangjuhe100717zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100716215113_menghuanxiyou100716zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100716215158_jinglun100716zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100716215745_xiongxiongmenggongchang100717zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100719102645_jinglun100719cha15s.swf
c:\favoritevideo\InvisibleFolder\20100719104457_kadang100719zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100719164944_menghuanxiyou100720zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100719170012_tianyuan100720zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100719171423_tengfei100720zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100719182523_xiongxiongmenggongchang100720zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100720103608_tengfei100720zhu15s1.swf
c:\favoritevideo\InvisibleFolder\20100720132306_shenguichuanqi100723zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100720132415_menghuanzhuxian100724zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100720134250_longzhigu100721zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100720163125_menghuishanhai100721zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100720223156_rexueqiuqiu100721zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100721112653_longzhigu100722zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100721124756_yemaicha100721zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100721152057_qifan100725zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100722093659_chibi100722cha15s.swf
c:\favoritevideo\InvisibleFolder\20100722093746_chibi100722zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100722100903_xiongxiongmenggongchang100722zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100722150134_dafuhao100723zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100722150247_dafuhao100723cha15s.swf
c:\favoritevideo\InvisibleFolder\20100722154226_dafuhao100723zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100722185354_huashuo100724zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100722185453_huashuo100727zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100722190906_longzhigu100723zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100722191703_huiyuan100723zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100722191959_WCG100722zhu15s1.swf
c:\favoritevideo\InvisibleFolder\20100723103407_tianyuan100723zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100723103503_tianyuan100724zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100723105912_kuowang100723zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100723110000_kuowang100723zhu5s.swf
c:\favoritevideo\InvisibleFolder\20100723110043_kuowang100723zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100723111826_jinglun100723cha15s.swf
c:\favoritevideo\InvisibleFolder\20100723112952_jinlun100723zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100723140927_menghuishanhai100725zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100723170711_menghuanxiyou100726zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100723172547_xiongxiongmenggongchang100726zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100723172650_xiongxiongmenggongchang100729zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100723173947_chibi100723zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100723193842_menghuanzhuxian100728zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100724122532_xiongxiongmenggongcheng100724zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100726162805_jinrongjie100726zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100727172633_tongyi100801zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100727173243_tongyi100801zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100727173346_tongyi100801cha15s.swf
c:\favoritevideo\InvisibleFolder\20100727173650_sikeda100728zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100728174011_qifan100731zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100729161524_menghuanxiyou100808zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100729161624_menghuanxiyou100811zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100729181218_huiyuan100730zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100729181301_huiyuan100730cha15s.swf
c:\favoritevideo\InvisibleFolder\20100729183056_aobleepiandi100730cha15s.swf
c:\favoritevideo\InvisibleFolder\20100729183151_aobleepiandi100730zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100729183420_aobleepianxia100730zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100730160116_tianyuan100805zanting15s1.swf
c:\favoritevideo\InvisibleFolder\20100730174106_longzhigu100805zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100730180919_qiaohu100801zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100730213117_menghuanxiyou100802zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100802094153_kfc100802jiao15s.jpg
c:\favoritevideo\InvisibleFolder\20100802094248_kfc100802cha15s.gif
c:\favoritevideo\InvisibleFolder\20100802094535_kfc100802zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100802115722_meilian100803zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100802144158_qiaohu100802zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100802145708_kadang100802zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100802145752_kadang100802cha15s.swf
c:\favoritevideo\InvisibleFolder\20100802182347_chibi100803zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100802182446_chibi100803zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100802182547_chibi100803cha15s.swf
c:\favoritevideo\InvisibleFolder\20100803094119_kadang100803zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100803160149_kuowang100803zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100803160409_kuowang100803zhu5s.swf
c:\favoritevideo\InvisibleFolder\20100803160505_kuowang100803zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100803173823_shijijiayuan100804zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100803190258_shijijiayuan100803zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100803190357_shijijiayuan100803cha15s.swf
c:\favoritevideo\InvisibleFolder\20100804100459_chibi100804zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100804103046_huiyuan100804zanting15s1.jpg
c:\favoritevideo\InvisibleFolder\20100804171920_fenghuangweishi100804zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100804181542_menghuanxiyou100812zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100804184050_baoma100804zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100804212119_longzhigu100805zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100805110441_huiyuan100805zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100805115734_meizhuang100805zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100805175133_qiangsheng100805zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100805183911_fanrenxiuzhen100806zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100805184300_fanrenxiuzhen100806cha15s.gif
c:\favoritevideo\InvisibleFolder\20100805184501_fanrenxiuzhen100806zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100806114402_wopaiwang100806zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100809182249_runqu100810zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100809191931_jiaohangchedai100815zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100810144207_huiyuan100810zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100810144521_huiyuan100810cha15s.jpg
c:\favoritevideo\InvisibleFolder\20100810151259_taobao100811zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100811061648_biouquan100811zhu15squanguo.swf
c:\favoritevideo\InvisibleFolder\20100811180954_bmw100811zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100811184832_qifan100815zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100811194642_mingchaoshidai100812zanting15s.jpg
c:\favoritevideo\InvisibleFolder\20100811194736_mingchaoshidai100812cha15s.swf
c:\favoritevideo\InvisibleFolder\20100811195056_mingchaoshidai100812zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100812140606_menghuanxiyou100815zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100812184056_longchuang100812zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100813172119_bianfeng100814zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100813174141_jingji100813zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100813174225_jingji100813zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100813181354_datangwushuang100815zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100813192813_zhenaiwang100816zhu15s.swf
c:\favoritevideo\InvisibleFolder\20100816121933_kfc100816zanting15s.swf
c:\favoritevideo\InvisibleFolder\20100816122126_kfc100816cha15s.gif
c:\favoritevideo\InvisibleFolder\externtab(1.0.0.1).zip
c:\favoritevideo\InvisibleFolder\pplss.swf
c:\favoritevideo\InvisibleFolder\pptvsetup_2.5.5.0012-2.5.5.0018_s.exe
c:\favoritevideo\InvisibleFolder\pptvsetup_2.5.5.0019_s.exe
c:\favoritevideo\InvisibleFolder\productupdate.dll
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2010071920100719110319.zip
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2010071920100719111255.zip
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2010071920100719112243.zip
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2010071920100719113158.zip
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2010071920100719114142.zip
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2010071920100719115415.zip
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2010071920100719115735.zip
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2010072020100720094154.zip
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2010072020100720102237.zip
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2010072020100720103214.zip
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2010072020100720104147.zip
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2010072120100721103817.zip
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2010072120100721105903.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20100712.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20100723.zip.tpp
c:\favoritevideo\InvisibleFolder\vip_db_big20100802.zip
c:\favoritevideo\InvisibleFolder\vip_db_small2010071220100719.zip
c:\favoritevideo\InvisibleFolder\vip_db_small2010071220100720.zip
c:\favoritevideo\InvisibleFolder\vip_db_small2010071220100721.zip
c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll
.
.
((((((((((((((((((((((((( 2011-06-11 至 2011-07-11 的新的档案 )))))))))))))))))))))))))))))))
.
.
2011-07-11 21:48 . 2011-07-11 21:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-11 21:48 . 2011-07-11 21:48 -------- d-----w- c:\users\Xiao Zhi Lou\AppData\Local\temp
2011-07-08 15:17 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{310BC77E-F753-4ED9-9230-5F8C419D74DF}\mpengine.dll
2011-07-07 15:06 . 2011-07-07 15:06 -------- d-----w- c:\users\Pioneer Shipping\AppData\Roaming\dvdcss
2011-07-06 23:23 . 2011-07-07 14:43 -------- d-----w- c:\users\Pioneer Shipping\AppData\Roaming\Bitcoin
2011-07-03 01:52 . 2011-07-03 01:52 0 ----a-w- c:\windows\system32\nse782A.tmp
2011-07-03 01:52 . 2011-07-03 01:52 0 ----a-w- c:\windows\system32\nso2AB5.tmp
2011-06-29 17:19 . 2011-06-29 17:19 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-29 15:08 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 15:08 . 2011-05-04 04:34 1549312 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 15:08 . 2011-05-04 04:32 1401344 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 15:08 . 2011-05-04 04:32 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 15:08 . 2011-05-04 04:32 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 15:08 . 2011-05-04 04:32 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 15:08 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 15:08 . 2011-05-04 04:28 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 15:08 . 2011-05-04 04:28 427520 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 15:08 . 2011-05-04 04:28 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-25 16:46 . 2011-07-07 15:06 -------- d-----w- c:\users\Pioneer Shipping\AppData\Roaming\vlc
2011-06-25 16:46 . 2011-06-25 16:46 -------- d-----w- c:\program files\VideoLAN
2011-06-21 21:24 . 2011-06-21 21:36 -------- d-----r- c:\users\Pioneer Shipping\Virtual Machines
2011-06-21 21:14 . 2010-11-20 12:17 2171392 ----a-w- c:\windows\system32\VPCWizard.exe
2011-06-21 21:14 . 2010-11-20 10:50 48128 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2011-06-21 21:14 . 2010-11-20 10:50 78336 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2011-06-21 21:14 . 2010-11-20 12:30 296064 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2011-06-21 21:14 . 2010-11-20 12:30 172416 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2011-06-21 21:14 . 2010-11-20 12:21 14848 ----a-w- c:\windows\system32\vpchbuspipe.dll
2011-06-21 21:14 . 2010-11-20 12:17 1260032 ----a-w- c:\windows\system32\VPCSettings.exe
2011-06-21 21:14 . 2010-11-20 10:50 559616 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2011-06-21 21:14 . 2010-11-20 12:17 3330560 ----a-w- c:\windows\system32\vpc.exe
2011-06-21 21:14 . 2010-11-20 10:52 1003008 ----a-w- c:\windows\system32\VMWindow.exe
2011-06-21 21:14 . 2010-11-20 10:52 793600 ----a-w- c:\windows\system32\vmsal.exe
2011-06-17 05:04 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-17 05:04 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-17 05:04 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-16 21:51 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 21:51 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 21:51 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 21:51 . 2011-04-25 04:31 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 21:51 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 21:51 . 2011-02-25 05:34 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 21:51 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 21:51 . 2011-04-27 02:17 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 21:51 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-16 21:51 . 2011-04-27 02:17 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 21:51 . 2011-04-27 02:17 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-13 14:47 . 1998-06-18 04:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2011-06-13 14:47 . 1999-03-06 02:15 74000 ----a-w- c:\windows\system32\msrclr40.dll
2011-06-13 14:47 . 1999-03-06 02:15 28944 ----a-w- c:\windows\system32\msrecr40.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-16 13:07 . 2011-05-20 04:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 17:05 . 2011-05-29 17:05 127 ----a-w- c:\windows\system32\ActiveFax.Cmd
2011-05-29 17:05 . 2011-05-29 17:05 86016 ----a-w- c:\windows\system32\ActMonRe.dll
2011-05-29 17:05 . 2011-05-29 17:05 439488 ----a-w- c:\windows\system32\ActMonNT.dll
2011-05-29 17:05 . 2011-05-29 17:05 83136 ----a-w- c:\windows\UIActFax.exe
2011-05-29 17:05 . 2011-05-29 17:05 69632 ----a-w- c:\windows\UIActFax.dll
2011-05-27 12:59 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-05-24 23:14 . 2010-03-16 20:26 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-19 10:20 . 2011-05-19 10:20 2532720 ----a-w- c:\windows\system32\SogouPY.ime
2011-04-27 12:21 . 2011-04-27 12:21 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-27 12:21 . 2011-04-27 12:21 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-27 12:21 . 2011-04-27 12:21 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-27 12:21 . 2011-04-27 12:21 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-04-27 12:21 . 2011-04-27 12:21 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-04-27 12:21 . 2011-04-27 12:21 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-27 12:21 . 2011-04-27 12:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-04-27 12:21 . 2011-04-27 12:21 367104 ----a-w- c:\windows\system32\html.iec
2011-04-27 12:21 . 2011-04-27 12:21 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-04-27 12:21 . 2011-04-27 12:21 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-27 12:21 . 2011-04-27 12:21 161792 ----a-w- c:\windows\system32\msls31.dll
2011-04-27 12:21 . 2011-04-27 12:21 152064 ----a-w- c:\windows\system32\wextract.exe
2011-04-27 12:21 . 2011-04-27 12:21 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-04-27 12:21 . 2011-04-27 12:21 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-27 12:21 . 2011-04-27 12:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-27 12:21 . 2011-04-27 12:21 11776 ----a-w- c:\windows\system32\mshta.exe
2011-04-27 12:21 . 2011-04-27 12:21 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-04-27 12:21 . 2011-04-27 12:21 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-27 12:21 . 2011-04-27 12:21 101888 ----a-w- c:\windows\system32\admparse.dll
2011-04-22 19:14 . 2011-05-25 13:12 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-16 04:17 . 2011-07-05 16:19 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [2010-02-24 214408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 135664]
R2 LG-Fax;LG-Fax;faxsrvc.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-30 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-05-20 30576]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 25246647
*NewlyCreated* - 97248662
*Deregistered* - 25246647
*Deregistered* - 97248662
.
计划任务 文件夹 里的内容
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 23:31]
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 23:31]
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3247162645-3721977859-1792915338-1001Core.job
- c:\users\Pioneer Shipping\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-16 20:10]
.
2011-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3247162645-3721977859-1792915338-1001UA.job
- c:\users\Pioneer Shipping\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-16 20:10]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: 111222.cn\list1
Trusted Zone: pps.tv\kan
Trusted Zone: pps.tv\list1
Trusted Zone: pps.tv\tvguide
Trusted Zone: pps.tv\vodguide
Trusted Zone: ppstream.com\list1
Trusted Zone: ppstream.com\notice
Trusted Zone: ppstream.com\xml1
Trusted Zone: ppstream.com\xml2
Trusted Zone: ppstream.com\xml3
Trusted Zone: ppstream.net\list1
Trusted Zone: ppstv.com\list1
Trusted Zone: ppstv.net\list1
Trusted Zone: security_PPStream.exe
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
FF - ProfilePath - c:\users\Pioneer Shipping\AppData\Roaming\Mozilla\Firefox\Profiles\5gpsctam.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2011-07-11 17:59:07
ComboFix-quarantined-files.txt 2011-07-11 21:59
.
Pre-Run: 253,934,878,720 bytes free
Post-Run: 254,493,249,536 bytes free
.
- - End Of File - - 8055F86FF280E3DAD620557776F611AE

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,446 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:33 PM

Posted 12 July 2011 - 03:10 AM

Hi, how are things running at this point?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 12 July 2011 - 12:40 PM

It's still lagging a good amount. Is there any other tests we can run? Or do you know what other software/hardware problems can contribute to how slow the computer is reacting? Thanks.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,446 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:33 PM

Posted 12 July 2011 - 01:13 PM

Hi again,

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 6.
  • Look for "JDK 6 Update 26 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-6u26-windows-i586.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#11 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 12 July 2011 - 03:01 PM

Hi Elise,

Here's what I got from the logfile. Thanks!



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 7091

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

7/12/2011 4:00:26 PM
mbam-log-2011-07-12 (16-00-26).txt

Scan type: Quick scan
Objects scanned: 175974
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,446 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:33 PM

Posted 13 July 2011 - 02:45 AM

How much RAM do you have installed and how much free space?

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#13 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 13 July 2011 - 12:06 PM

I have 1gb RAM on this computer. I tried installing more, but it seems Dell doesn't like the idea of us expanding on the RAM. Or maybe I need to buy a certain type of RAM. But, the lag only started about 3 weeks ago. Before that it was working fine and I haven't installed any particularly big programs or made any changes to hardware so I don't know why it suddenly slowed down so drastically. In terms of free space, I have over 200gb free as there is fairly little installed on this computer.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,446 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:33 PM

Posted 13 July 2011 - 12:15 PM

1 GB is not much for windows 7, but if it worked find, that can't be the problem. I'll also wait for the ESET results.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#15 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Local time:11:33 AM

Posted 13 July 2011 - 01:31 PM

Here are the results of Esets scan:

G:\GAMES\Mass Effect Trainer.exe a variant of Win32/GameHack.F application cleaned by deleting - quarantined
G:\GAMES\Batman Save + Trainer\Batman Trainer.exe a variant of Win32/GameHack.F application cleaned by deleting - quarantined
G:\Setups\MS OFFICE 2010\mini-KMS_Activator_v1.2_Office2010_VL_ENG_FIXED.exe a variant of Win32/HackKMS.A application deleted - quarantined
G:\Setups\UltraMon\keygen.exe a variant of Win32/Keygen.AD application cleaned by deleting - quarantined


Elise,

quick question. Is it possible that too many USB ports being used at the same time may slow down the system? Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users