Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS resolving very slowly and eratically, IP address instantenous


  • This topic is locked This topic is locked
9 replies to this topic

#1 leedonpark1975

leedonpark1975

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 30 July 2014 - 04:32 AM

Hi,

 

I've been experiencing very slow DNS resolution since a couple days ago.

 

Website take a longer than usual time to resolve and sometimes the website don't load even after a couple minutes.   Sometimes, the DNS problem disappears before coming back again.  It's very erratic.

 

When I try to PING google, there can be a delay of anywhere between 4 seconds to half a minute before the results appear.  PING Google IP address is instantaneous.

 

NSLookup Google.com doesn't have this problem.

 

The problem also doesn't exist if I reboot Windows into SAFE mode with network.

 

I'm using DSL WIFI router and I've checked other PCs that are connected to my same network, they don't have this problem

 

Note: By the way, Iast week, while shutting down, my PC had a large Windows update that took like 15 minutes.  After that, each time I shutdown my PC, it says applying 1 update.  It's like that update failed to complete so Windows is applying it again and again.  I don't know if it's just a coincidence.

 

My resolution attempts:

 

1). Tried flushing DNS flush (ipconfig /flushdns) as shown in this article - http://answers.microsoft.com/en-us/windows/forum/windows_xp-networking/ping-or-browser-dns-lookup-takes-5-10-seconds-yet/d8f5375d-a095-4900-8069-0177ad271750

 

2). Tried resetting the host file - http://forums.anvisoft.com/viewtopic-51-4003-0.html

 

3). Tried disabling Windows virtual wifi miniport.

 

4). Tried disable ipv6 for my Wireless LAN Adapter.

 

5). Did a complete scan using Avira Pro which I've been using and activated for 2 years, nothing detected.

 

6). While surfing Internet, I discovered that AVAST can do a reboot scan so I downloaded AVAST free and did a bootscan scanned with all the options checked, also nothing found.  I immediately uninstalled AVAST after that.

 

7). I've tried disabling Windows firewall to see if it's due to Windows.

 

8). Tried using CCLEANER.

 

9). Scan using MalwareBytes anti-malware, no malicious items found.

 

 

My environment:

 

1). OS: Windows 7 Home

2). Antivirus: Avira Pro

3). Firewall: Windows Firewall with Windows 8 Firewall Control

4). Network: Intel® Centrino® WIFI

5). Ipconfig:

Wireless LAN adapter Wireless Network Connection:
  Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Ultimate-N 6300 AGN
   Physical Address. . . . . . . . . : 00-24-D7-********
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d77:************(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.***(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.25******
   Lease Obtained. . . . . . . . . . : Wednesday, 30 July, 2014 4:40:19 PM
   Lease Expires . . . . . . . . . . : Thursday, 31 July, 2014 4:40:18 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 218113239
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-56-98-33-8C-73-6E-75-A7-56


   DNS Servers . . . . . . . . . . . : 192.168.0.1     --> This is my router as I'm using DHCP.  On my router, my ISP DNS servers are listed.
   NetBIOS over Tcpip. . . . . . . . : Enabled
I've attached HijackThis, JRT and RogueKiller logs as follows.  Please help me.   :(
 
 
HijackThis v2.0.4 Log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:03:49 AM, on 30/7/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal


Running processes:
c:\Program Files\Softex\OmniPass\hook\OpHook32BitProcess.exe
C:\Users\Fujitsu\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\Downloads\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tunein.com/radio/Class-95-FM-950-s25599/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.singnet.com.sg:8080;https=proxy.singnet.com.sg:8080;ftp=proxy.singnet.com.sg:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - d:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O3 - Toolbar: (no name) - {F348E1B0-CBFE-47C3-81B4-9F44B3B5A618} - (no file)
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [LauncherM215fw] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe" /S FX DocuPrint M215 fw
O4 - HKLM\..\Run: [M215fw RUN] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe"
O4 - HKLM\..\Run: [StatusAutoRunmM215fw] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe" FX DocuPrint M215 fw,hide,\S
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Fujitsu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: AlertDispatcherTray.lnk = C:\Program Files (x86)\AlertDispatcher\AlertDispatcherTray.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\agilent\io libraries suite\lximdnsnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://radio.mediacorp.sg
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\ATService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FXcnStatutsDatabase (FXNADB) - Fuji Xerox Co., Ltd. - C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - D:\data\MariaDB5.5\bin\mysqld.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: Open DHCP Server (OpenDHCPServer) - Unknown owner - C:\OpenDHCPServer\OpenDHCPServer.exe
O23 - Service: OTPServer - Click And Deploy Pte Ltd - D:\Data\ClickAndDeploy\OTPServer\otpserver\test\otpserver.exe
O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - c:\Program Files\Fujitsu\PSUtility\PSUService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RabbitMQ - Unknown owner - C:\Program Files (x86)\erl5.10.3\erts-5.10.3\bin\erlsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: syslogd - Unknown owner - C:\Program Files (x86)\syslog\syslogd.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\updnavi\updnvsrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Windows8FirewallService - Sphinx Software - C:\Program Files\Windows8FirewallControl\Windows8FirewallService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
 

JRT Log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Fujitsu on Wed 30/07/2014 at 16:00:44.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services


~~~ Registry Values


~~~ Registry Keys


Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnToolbarInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnToolbarInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS


~~~ Files


Successfully deleted: [File] C:\Windows\syswow64\sho406B.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4635.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4ADA.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8CEB.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoA676.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB676.tmp


~~~ Folders


Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Fujitsu\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Fujitsu\appdata\locallow\boost_interprocess"


~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 30/07/2014 at 16:14:19.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RogueKiller Log
RogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com


Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Fujitsu [Admin rights]
Mode : Scan -- Date : 07/30/2014  15:55:21


¤¤¤ Bad processes : 3 ¤¤¤
[Suspicious.Path] Core Temp.exe -- C:\Users\Fujitsu\AppData\Local\Temp\Temp1_CoreTemp64.zip\Core Temp.exe[-] -> KILLED [TermProc]
[Suspicious.Path] GoogleCrashHandler.exe -- C:\Users\Fujitsu\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe[7] -> KILLED [TermProc]
[Suspicious.Path] (SVC) ALSysIO -- \??\C:\Users\Fujitsu\AppData\Local\Temp\ALSysIO64.sys[x] -> STOPPED


¤¤¤ Registry Entries : 19 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HideFile -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HideFile -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HideFile -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=proxy.singnet.com.sg:8080;https=proxy.singnet.com.sg:8080;ftp=proxy.singnet.com.sg:8080  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=proxy.singnet.com.sg:8080;https=proxy.singnet.com.sg:8080;ftp=proxy.singnet.com.sg:8080  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D58198A2-67BB-4548-BC3F-B9A873A6DE3C} | DhcpNameServer : 203.116.1.94 203.116.254.150  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D58198A2-67BB-4548-BC3F-B9A873A6DE3C} | DhcpNameServer : 203.116.1.94 203.116.254.150  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D58198A2-67BB-4548-BC3F-B9A873A6DE3C} | DhcpNameServer : 203.116.1.94 203.116.254.150  -> FOUND
[PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-2415926976-2553931905-2523758666-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND


¤¤¤ Scheduled tasks : 1 ¤¤¤
[Suspicious.Path] \\Core Temp Autostart Fujitsu -- "C:\Users\Fujitsu\AppData\Local\Temp\Temp1_CoreTemp64.zip\Core Temp.exe" -> FOUND


¤¤¤ Files : 0 ¤¤¤


¤¤¤ HOSTS File : 0 ¤¤¤


¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\SiRemFil @ Unknown (\SystemRoot\System32\drivers\fwpkclnt.sys)


¤¤¤ Web browsers : 2 ¤¤¤
[PUM.Proxy][FIREFX:Config] 9drj6ma0.default : user_pref("network.proxy.http", "proxy.singnet.com.sg"); -> FOUND
[PUM.Proxy][FIREFX:Config] 9drj6ma0.default : user_pref("network.proxy.http_port", 8080); -> FOUND


¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BPKT-00PK4T0 +++++
--- User ---
[MBR] b05a6bca9e52e4afb1ff539e0bd2bf39
[BSP] 76275fc33034f9b3a520de17248a8ec4 : HP MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16395 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 33579008 | Size: 200 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 33988608 | Size: 122159 MB
3 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 284170240 | Size: 338185 MB
User = LL1 ... OK
User = LL2 ... OK

Edited by leedonpark1975, 30 July 2014 - 07:16 AM.


BC AdBot (Login to Remove)

 


#2 leedonpark1975

leedonpark1975
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 31 July 2014 - 11:41 AM

Did many things, e.g. change to Google DNS, removed Bonjour, but problem still exists, here's the miniboxtool output (some parts edited for security):

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by user (administrator) on 01-08-2014 at 00:35:05
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration

Successfully flushed the DNS Resolver Cache.
========================= Hosts content: =================================

127.0.0.1       localhost
127.0.0.1       localhost
========================= IP Configuration: ================================
Intel(R) Centrino(R) Ultimate-N 6300 AGN = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Hardware not present)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Hardware not present)
Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64 = Local Area Connection 6 (Hardware not present)
Broadcom NetLink (TM) Gigabit Ethernet = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection 6" forwarding=disabled advertise=disabled metric=1 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
add address name="Local Area Connection 6" address=10.150.10.33 mask=255.255.255.255
add address name="Local Area Connection 6" address=10.150.9.68 mask=255.255.255.255
add address name="VirtualBox Host-Only Network" address=192.168.56.1 mask=255.255.255.0

popd
# End of IPv4 configuration

Windows IP Configuration

   Host Name . . . . . . . . . . . . : notebook
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
   Physical Address. . . . . . . . . : 8C-73-6E-75-A7-56
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 00-24-D7-0B-D9-B9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Ultimate-N 6300 AGN
   Physical Address. . . . . . . . . : 00-24-D7-0B-D9-B8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d77:5aa5:9321:25b7%13(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.111(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, 31 July, 2014 10:36:09 PM
   Lease Expires . . . . . . . . . . : Friday, 1 August, 2014 11:48:07 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 218113239
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-56-98-33-8C-73-6E-75-A7-56
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{354DEDCD-EDE5-4FCA-A0DE-C75F32623F06}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{DB275B59-550E-4D86-8056-6225288D7B8E}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{0986B670-9564-4652-9241-A286EA7A40C5}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 26:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:2833:3c6b:2300:a5b(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::2833:3c6b:2300:a5b%30(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    google.com
Addresses:  2404:6800:4003:c01::71
 74.125.130.101
 74.125.130.113
 74.125.130.139
 74.125.130.138
 74.125.130.102
 74.125.130.100

Pinging google.com [74.125.130.100] with 32 bytes of data:
Reply from 74.125.130.100: bytes=32 time=137ms TTL=43
Reply from 74.125.130.100: bytes=32 time=8ms TTL=43

Ping statistics for 74.125.130.100:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 8ms, Maximum = 137ms, Average = 72ms
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    yahoo.com
Addresses:  98.139.183.24
 98.138.253.109
 206.190.36.45

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=267ms TTL=45
Reply from 98.139.183.24: bytes=32 time=273ms TTL=45

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 267ms, Maximum = 273ms, Average = 270ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...8c 73 6e 75 a7 56 ......Broadcom NetLink (TM) Gigabit Ethernet
 18...00 24 d7 0b d9 b9 ......Microsoft Virtual WiFi Miniport Adapter
 13...00 24 d7 0b d9 b8 ......Intel(R) Centrino(R) Ultimate-N 6300 AGN
  1...........................Software Loopback Interface 1
 44...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 45...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
 43...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
 30...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.111     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.111    281
    192.168.1.125  255.255.255.255         On-link     192.168.1.111    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.111    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.111    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.111    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 30     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 30     58 2001::/32                On-link
 30    306 2001:0:9d38:90d7:2833:3c6b:2300:a5b/128
                                    On-link
 13    281 fe80::/64                On-link
 30    306 fe80::/64                On-link
 13    281 fe80::d77:5aa5:9321:25b7/128
                                    On-link
 30    306 fe80::2833:3c6b:2300:a5b/128
                                    On-link
  1    306 ff00::/8                 On-link
 30    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
  0 4294967295 fe80::/10                On-link
  0 4294967295 fe80::/10                On-link
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
x64-Catalog9 02 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
x64-Catalog9 03 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
x64-Catalog9 04 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
x64-Catalog9 05 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
x64-Catalog9 06 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
x64-Catalog9 07 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
x64-Catalog9 08 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 16 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 17 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 18 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 19 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 20 C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [523344] (Avira Operations GmbH & Co. KG)

========================= Devices: ================================

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

========================= Minidump Files ==================================
No minidump file found
========================= Restore Points ==================================

30-07-2014 14:40:59 Installed Microsoft Fix it 50409
30-07-2014 14:41:48 Installed Microsoft Fix it 50409
30-07-2014 14:56:07 Installed Microsoft Fix it 50440
30-07-2014 16:41:59 Windows Update
31-07-2014 01:25:41 Windows Update
31-07-2014 02:12:46 Removed Agilent IO Libraries Suite 64-bit.
31-07-2014 02:14:07 Removed Agilent IO Libraries Suite 16.3 Update 1
31-07-2014 02:43:21 Removed Bonjour
31-07-2014 07:15:15 Windows Update

**** End of log ****
 


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,701 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:15 PM

Posted 04 August 2014 - 04:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/542722 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 leedonpark1975

leedonpark1975
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 04 August 2014 - 11:57 AM

Hi,

 

I've been experiencing very slow DNS resolution since a couple days ago.

 

Website take a longer than usual time to resolve and sometimes the website don't load even after a couple minutes.   Sometimes, the DNS problem disappears before coming back again.  It's very erratic.

 

When I try to PING google, there can be a delay of anywhere between 4 seconds to half a minute before the results appear.  PING Google IP address is instantaneous.

 

NSLookup Google.com doesn't have this problem.

 

The problem also doesn't exist if I reboot Windows into SAFE mode with network.

 

I'm using DSL WIFI router and I've checked other PCs that are connected to my same network, they don't have this problem

 

Note: By the way, Iast week, while shutting down, my PC had a large Windows update that took like 15 minutes.  After that, each time I shutdown my PC, it says applying 1 update.  It's like that update failed to complete so Windows is applying it again and again.  I don't know if it's just a coincidence.

 

My resolution attempts:

 

1). Tried flushing DNS flush (ipconfig /flushdns) as shown in this article - http://answers.microsoft.com/en-us/windows/forum/windows_xp-networking/ping-or-browser-dns-lookup-takes-5-10-seconds-yet/d8f5375d-a095-4900-8069-0177ad271750

 

2). Tried resetting the host file - http://forums.anvisoft.com/viewtopic-51-4003-0.html

 

3). Tried disabling Windows virtual wifi miniport.

 

4). Tried disable ipv6 for my Wireless LAN Adapter.

 

5). Tried using my LAN port instead of WLAN.

 

6). Did a complete scan using Avira Pro which I've been using and activated for 2 years, nothing detected.

 

7). While surfing Internet, I discovered that AVAST can do a reboot scan so I downloaded AVAST free and did a bootscan scanned with all the options checked, also nothing found.  I immediately uninstalled AVAST after that.

 

8). I've tried disabling firewall.

 

9). Tried using CCLEANER.

 

10).Tried connecting my laptop to my iPhone instead of using my WLAN to connect to Internet.

 

My environment:

 

1). OS: Windows 7 Home

2). Antivirus: Avira Pro

3). Firewall: Windows Firewall with Windows 8 Firewall Control

4). Network: Intel® Centrino® WIFI

5). Ipconfig:

Wireless LAN adapter Wireless Network Connection:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) Centrino(R) Ultimate-N 6300 AGN
   Physical Address. . . . . . . . . : 00-24-D7-0B-*
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.*(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, 4 August, 2014 8:25:13 PM
   Lease Expires . . . . . . . . . . : Tuesday, 5 August, 2014 8:25:13 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       4.2.2.3
                                       8.8.4.4
                                       4.2.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
I've attached dds.txt and attached.txt logs as follows.  Please help me. 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.60.2
Run by Fujitsu at 0:40:53 on 2014-08-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.65.1033.18.3891.1139 [GMT 8:00]
.
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\ATService.exe
C:\Program Files\Softex\OmniPass\OmniServ.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Windows8FirewallControl\Windows8FirewallService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Fujitsu\updnavi\updnvsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\OpenDHCPServer\OpenDHCPServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\system32\taskeng.exe
C:\Users\Fujitsu\AppData\Local\Temp\Temp1_CoreTemp64.zip\Core Temp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows8FirewallControl\Windows8FirewallControl.exe
c:\Program Files\Softex\OmniPass\opvapp.exe
c:\Program Files\Softex\OmniPass\hook\OpHook32BitProcess.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Fujitsu\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Users\Fujitsu\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmW.exe
C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mmc.exe
C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin\bds.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Windows\system32\prevhost.exe
D:\Program Files (x86)\Borland\Delphi7\Bin\delphi32.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fujitsu\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://tunein.com/radio/Class-95-FM-950-s25599/
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uProxyServer = hxxp=proxy.singnet.com.sg:8080;https=proxy.singnet.com.sg:8080;ftp=proxy.singnet.com.sg:8080
uProxyOverride = localhost;192.168.*
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - d:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} - 
uRun: [AdobeBridge] <no file>
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LauncherM215fw] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe" /S FX DocuPrint M215 fw
mRun: [M215fw RUN] "C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoCDBurning = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{05DC855C-6250-41E8-8847-B6A83026BE2C} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{0986B670-9564-4652-9241-A286EA7A40C5} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{D58198A2-67BB-4548-BC3F-B9A873A6DE3C} : DHCPNameServer = 203.116.1.94 203.116.254.150
TCP: Interfaces\{DB275B59-550E-4D86-8056-6225288D7B8E} : NameServer = 8.8.8.8,4.2.2.3,8.8.4.4,4.2.2.1
TCP: Interfaces\{DB275B59-550E-4D86-8056-6225288D7B8E} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{DB275B59-550E-4D86-8056-6225288D7B8E}\6457A6964737572E08993702960586F6E656 : DHCPNameServer = 203.116.1.94 203.116.254.150
TCP: Interfaces\{DB275B59-550E-4D86-8056-6225288D7B8E}\75962756C656373704343405 : DHCPNameServer = 10.138.0.1
TCP: Interfaces\{DB275B59-550E-4D86-8056-6225288D7B8E}\75962756C6563737043574020202 : DHCPNameServer = 203.211.151.47 203.211.151.48
TCP: Interfaces\{DB275B59-550E-4D86-8056-6225288D7B8E}\E4C424055524C49434 : DHCPNameServer = 203.78.11.197 203.78.15.197
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
AppInit_DLLs= C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
x64-Run: [FDM7] c:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
x64-Run: [FJBATAID2] c:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
x64-Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
x64-Run: [OmniPass] c:\Program Files\Softex\OmniPass\scureapp.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [PSUTility] c:\Program Files\Fujitsu\PSUtility\TrayManager.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Windows8FirewallControl] C:\Program Files\Windows8FirewallControl\Windows8FirewallControl.exe
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Fujitsu\AppData\Roaming\Mozilla\Firefox\Profiles\9drj6ma0.default\
FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ 
FF - prefs.js: network.proxy.http - proxy.singnet.com.sg
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Internet Explorer\PPLite\plugin\1.0.1.1056\npplugin2.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Fujitsu\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\Fujitsu\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - plugin: D:\Program Files (x86)\Mozilla Firefox\browser\plugins\npatgpc.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN19339269940094-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=d460c8ee0000000000000024d70bd9b9
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN19339269940094-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=d460c8ee0000000000000024d70bd9b9&q={searchTerms}
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN19339269940094-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=d460c8ee0000000000000024d70bd9b9
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN19339269940094-1001&toolbarId=base&affiliateId=1001&Lan={dfltLng}&utid=d460c8ee0000000000000024d70bd9b9&q=
FF - user.js: extensions.zonealarm.id - d460c8ee0000000000000024d70bd9b9
FF - user.js: extensions.zonealarm.instlDay - 15572
FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4
FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.416:13:53
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN19339269940094-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 FBIOSDRV;Fujitsu BIOS Driver;C:\Windows\System32\drivers\FBIOSDRV.sys [2010-4-22 21104]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-25 55856]
R0 Si3531;SiI-3531 SATA Controller;C:\Windows\System32\drivers\Si3531.sys [2009-2-9 333864]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2013-6-25 210016]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2013-6-25 141920]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-9-25 28600]
R1 Muxgsm2710;Muxgsm2710;C:\Windows\System32\drivers\muxgsm2710.sys [2011-3-8 59496]
R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2013-9-25 801872]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-9-25 430160]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-9-25 430160]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-9-25 1028688]
R2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\ATService.exe [2009-7-31 2688248]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-9-25 117712]
R2 cpuz133;cpuz133;C:\Windows\System32\drivers\cpuz133_x64.sys [2010-10-28 20968]
R2 FXNADB;FXcnStatutsDatabase;C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe [2013-7-29 148480]
R2 IntelHaxm;Intel Haxm;C:\Windows\System32\drivers\IntelHaxm.sys [2013-6-21 89072]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-2 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-2 860472]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2009-8-1 734720]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\System32\drivers\fuj02e3.sys [2010-4-22 7296]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-18 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-27 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-8-31 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-2 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-2 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-2 63704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-7-4 2152736]
S3 Apache2.2;Apache2.2;C:\AppServ\Apache2.2\bin\httpd.exe [2008-1-18 24635]
S3 apachetest;apachetest;C:\webserver\apache\httpd.exe [2013-7-29 24636]
S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-21 34656]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]
S3 eustub;Usb Stub (Eltima software);C:\Windows\System32\drivers\eusbstub.sys [2013-9-18 17640]
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\Windows\System32\drivers\evserial.sys [2010-12-22 67072]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-12-21 30192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-10 111616]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-16 321064]
S3 MDM2ITEG;iTegno Modem driver;C:\Windows\System32\drivers\MDM2ITEG64.sys [2010-11-24 64000]
S3 MNSOCKET SMPP Service;MNSOCKET SMPP Service;C:\smpp\SMPPReceiver.exe [2012-10-20 118784]
S3 MNSOCKET SMPP Watcher;MNSOCKET SMPP Watcher;C:\smpp\smppwatcher.exe [2012-10-20 122880]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
S3 O2MDGRDR;O2MDGRDR;C:\Windows\System32\drivers\o2mdgx64.sys [2009-7-20 72352]
S3 O2SDGRDR;O2SDGRDR;C:\Windows\System32\drivers\o2sdgx64.sys [2009-7-16 49696]
S3 PCDSRVC{D2FB0CDC-EC83EFAE-06020000}_0;PCDSRVC{D2FB0CDC-EC83EFAE-06020000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Fujitsu Hardware Diagnostics Tool\pcdsrvc_x64.pkms [2010-3-25 24560]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-8 225280]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-11 187392]
S3 ser2at;ATEN USB to Serial port driver;C:\Windows\System32\drivers\ser2at64.sys [2009-10-15 96256]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-12-14 204568]
S3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;C:\Windows\System32\drivers\swg3kser00.sys [2012-5-22 259328]
S3 swiwdmbx;Sierra Wireless USB Bus Service;C:\Windows\System32\drivers\swiwdmbx64.sys [2012-5-28 108800]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\System32\drivers\swnc8ua3.sys [2012-7-4 302080]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2014-5-17 42184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-9 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2013-3-14 19968]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2013-6-21 106256]
S3 VNA;Check Point Virtual Network Adapter;C:\Windows\System32\drivers\vna.sys [2013-1-20 161256]
S3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\Windows\System32\drivers\evsbc.sys [2010-12-22 32768]
S3 VSPerfDrv100;Performance Tools Driver 10.0;D:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]
S3 vuhub;Virtual Usb Hub;C:\Windows\System32\drivers\vuhub.sys [2013-9-18 74984]
S3 WCSerUSb;Sierra Wireless USB Serial Driver;C:\Windows\System32\drivers\WCSerUsb.sys [2013-7-1 75080]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\System32\drivers\RsFx0150.sys [2010-4-3 313696]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="d:\Program Files (x86)\JGsoft\EditPadLite\EditPadLite.exe" "%1"
FileExt: .ini: Applications\EditPadLite.exe="D:\Program Files (x86)\JGsoft\EditPadLite\EditPadLite.exe" "%1" [UserChoice]
FileExt: .js: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .vbe: VBEFile="C:\Windows\System32\CScript.exe" "%1" %* [default=Open2]
FileExt: .vbs: VBSFile="C:\Windows\System32\CScript.exe" "%1" %* [default=Open2]
FileExt: .jse: JSEFile=C:\Windows\System32\CScript.exe "%1" %* [default=Open2]
FileExt: .wsf: WSFFile="C:\Windows\System32\CScript.exe" "%1" %* [default=Open2]
ShellExec: dreamweaver.exe: Open="D:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-08-02 07:44:37 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-02 07:43:29 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-08-02 07:43:29 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-08-02 07:43:29 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-08-02 07:43:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-02 05:34:44 -------- d-----w- C:\FRST
2014-07-31 14:56:15 -------- d-----w- C:\PerfLogs
2014-07-31 01:27:23 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-07-31 01:27:05 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-07-31 01:27:05 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-07-31 01:26:48 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-07-31 01:26:47 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-07-31 01:26:47 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-07-31 01:26:47 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-07-30 13:34:27 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-07-30 13:33:14 -------- d-----w- C:\AdwCleaner
2014-07-30 12:51:56 -------- d-----w- C:\Users\Fujitsu\AppData\Local\CrashDumps
2014-07-30 07:59:50 -------- d-----w- C:\Windows\ERUNT
2014-07-30 07:10:26 30312 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-07-30 07:09:23 -------- d-----w- C:\ProgramData\RogueKiller
2014-07-30 06:36:33 -------- d-----w- C:\TDSSKiller_Quarantine
2014-07-30 04:51:18 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2014-07-29 13:39:12 -------- d-----w- C:\ProgramData\AVAST Software
2014-07-29 03:56:13 -------- d-----w- C:\Program Files\Windows8FirewallControl
2014-07-17 15:35:48 -------- d-----w- C:\ProgramData\VS
2014-07-16 03:45:24 -------- d-----w- C:\usr
2014-07-10 00:40:23 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-10 00:40:23 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-10 00:40:17 519168 ----a-w- C:\Windows\System32\aepdu.dll
2014-07-10 00:40:17 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-07-10 00:38:00 449024 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-10 00:38:00 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-07-10 00:34:02 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-07-10 00:34:02 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-07-10 00:34:02 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
.
==================== Find3M  ====================
.
2014-07-09 09:16:45 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 09:16:45 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-08 10:26:04 42040 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2014-07-07 03:50:13 117712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-05-17 00:42:38 42184 ----a-w- C:\Windows\System32\drivers\taphss6.sys
2014-05-07 07:02:43 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH:  0:44:08.50 ===============
 
 

Attached Files



#5 leedonpark1975

leedonpark1975
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 05 August 2014 - 01:38 AM

By the way, since about yesterday or the day before, I'm experiencing a strange problem.  When logging into Windows after a reboot, the login arrow becomes unresponsive.  After entering my password, I had to click about 20 times before I'm able to really login.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:15 AM

Posted 11 August 2014 - 02:02 PM

Greetings leedonpark1975 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I am not sure your issues is malware related but we can take a look. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:15 AM

Posted 14 August 2014 - 08:15 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 leedonpark1975

leedonpark1975
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:15 AM

Posted 15 August 2014 - 01:53 AM

Hi Gary, problem has been resolved.  Thank you for your help.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:15 AM

Posted 15 August 2014 - 09:16 AM

Thanks for letting us know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:15 AM

Posted 15 August 2014 - 09:16 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users