1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

IE Running at Dialup Speed on Cable 'Net

Discussion in 'Virus & Other Malware Removal' started by UFO, Aug 19, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. UFO

    UFO Thread Starter

    Joined:
    Apr 11, 2005
    Messages:
    195
    I request thread-transplanting if this is in the wrong place, but I've got a system that had been screamin'-fast, but lately Internet Explorer has ground to a steam-age dialup-caliber crawl.

    The version of IE I'm using is 8.0.7601.17514;

    System info:

    Gateway SX2800-01, Mfg date 06-19-09
    Windows 7 Home Premium SP1
    Intel Core 2 Quad CPU Q2800 @ 2.33GHz 2.34 GHz
    Installed memory (RAM): 4.00 GB
    System type: 64-bit Operating System

    What I'm experiencing are just enormous waits between virtually every action I take within IE. I've done the cache-clean, the ATF clean, the Malwarebytes and SuperAntiSpyware scans, and Secunia PSI says all my programs are up to snuff, so I suspect Foul Play. 8^|

    Thanks,

    <***>
     
  2. UFO

    UFO Thread Starter

    Joined:
    Apr 11, 2005
    Messages:
    195
    Here's the one-month bump. The situation has gotten marginally worse, now with IE pages doing a weird flickering thing when I open them. All page functions are normal, but the page itself flickers like a bad flourescent bulb.

    A few days ago I did a System Restore to the earliest restore point that showed up (about six weeks old,) and after initially running a little better, it's reverted back to the same page stalls and now the strobe light effect - which would seem to point to a malware infection? Please advise.

    <***>
    .
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    We need to see some additional information about what is happening in your machine.*
    Please perform the following scan:
    • Download DDS by sUBs from one of the following links.* Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool.* *
    • When done, DDS will open two (2) logs
      * * * * *1. DDS.txt
      * * * * *2. Attach.txt
    • Save both reports to your desktop.
    • The instructions here ask you to attach the Attach.txt.
      [​IMG]
      *
    • Instead of attaching, please copy/past both logs into your next reply.
    • Close the program window, and delete the program from your desktop.
    Please note:* You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet.*
    Information on A/V control HERE
     
  4. UFO

    UFO Thread Starter

    Joined:
    Apr 11, 2005
    Messages:
    195
    Thank you for your reply, Kevin. Here are the file contents - DDS:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514
    Run by Abulafia at 19:30:33 on 2011-09-19
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.1848

    [GMT -7:00]
    .
    AV: Sunbelt VIPRE *Enabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-

    DA132C1ACF46}
    SP: Sunbelt VIPRE *Enabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
    FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Anonymizer\Anonymizer Universal\Anonymizer

    Universal.exe
    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe
    C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Secunia\PSI\sua.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://login.live.com/login.srf?

    wa=wsignin1.0&rpsnv=11&rver=6.0.5285.0&wp=MBI&wreply=hxxp:%2F

    %2Fmail.live.com%2Fdefault.aspx%3Fwa

    %3Dwsignin1.0&lc=1033&id=64855&mkt=en-us&bk=10820394
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: RealPlayer Download and Record Plugin for Internet Explorer:

    {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer

    \BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-

    496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField

    \WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program

    Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} -

    C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin

    \TrustCheckerIEPlugin.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files

    (x86)\Microsoft\BingBar\BingExt.dll"
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [<NO NAME>]
    uRun: [Radio365Agent] C:\PROGRA~2\Live365\Radio365\Radio365TrayAgent.exe
    uRun: [Anonymizer Universal] C:\Program Files (x86)\Anonymizer\Anonymizer

    Universal\Anonymizer Universal.exe /hide
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware

    \SUPERAntiSpyware.exe
    uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash

    \FlashUtil10t_ActiveX.exe -update activex
    mRun: [SBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE

    \SBAMTray.exe"
    mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB

    \realsched.exe" -osboot
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search

    Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm

    \zlclient.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -

    atboottime
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup

    \SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-

    ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.5.0_06\bin\ssv.dll
    DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} -

    hxxp://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_cyri_4.1.71.0.ca

    b
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -

    hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploa

    der55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

    hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -

    hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

    hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

    hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{53C9EFC4-9D1D-4AA6-B998-DF4330899B1C} : DhcpNameServer =

    192.168.0.1
    TCP: Interfaces\{E7E7AEE3-18B6-400D-A004-3F467A0BFE1D} : NameServer =

    10.9.60.203 10.9.60.204
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer:

    {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer

    \BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-

    496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField

    \WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
    BHO-X64: ZoneAlarm Security Engine Registrar - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:

    \Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}

    - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin

    \TrustCheckerIEPlugin.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program

    Files (x86)\Microsoft\BingBar\BingExt.dll"
    mRun-x64: [SBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE

    \SBAMTray.exe"
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB

    \realsched.exe" -osboot
    mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft

    \Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun-x64: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm

    \zlclient.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe"

    -atboottime
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys

    [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys

    [2011-7-12 12368]
    R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows

    \system32\drivers\sbtis.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware

    \SASCore64.exe [2011-8-11 140672]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField

    \ISWKL.sys [2009-10-14 33008]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint

    \ZAForceField\ISWSVC.exe [2009-10-14 823272]
    R2 SBAMSvc;VIPRE Antivirus;C:\Program Files (x86)\Sunbelt Software\VIPRE

    \SBAMSvc.exe [2011-5-11 2763080]
    R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows

    \system32\DRIVERS\sbapifs.sys [?]
    R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\Sunbelt Software

    \VIPRE\SBPIMSvc.exe [2011-5-11 181584]
    R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI

    \psia.exe [2011-4-18 993848]
    R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files

    (x86)\Secunia\PSI\sua.exe [2011-4-18 399416]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows

    \system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS

    \e1y60x64.sys [?]
    R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows

    \system32\DRIVERS\psi_mf.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

    v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN

    v4.0.30319_X64;C:\Windows\Microsoft.NET

    \Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google

    \Update\GoogleUpdate.exe [2010-11-4 136176]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar

    \BBSvc.EXE [2011-2-15 183560]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe

    -k nosGetPlusHelper [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:

    \Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows

    \system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe

    [?]
    .
    =============== Created Last 30 ================
    .
    2011-09-19 06:46:03 -------- d--h--w- C:\Windows

    \AxInstSV
    2011-09-16 05:49:10 -------- d-----w- C:\Users\Abulafia

    \AppData\Roaming\SUPERAntiSpyware.com
    2011-09-16 05:48:40 -------- d-----w- C:\Program Files

    \SUPERAntiSpyware
    2011-09-16 04:46:57 94208 ----a-w- C:\Program Files

    (x86)\Common Files\System\Ole DB\msdaosp.dll
    2011-09-16 02:45:31 5561216 ----a-w- C:\Windows

    \System32\ntoskrnl.exe
    2011-09-16 02:45:31 3912576 ----a-w- C:\Windows

    \SysWow64\ntoskrnl.exe
    2011-09-16 02:45:30 3967872 ----a-w- C:\Windows

    \SysWow64\ntkrnlpa.exe
    2011-09-16 02:45:30 1923968 ----a-w- C:\Windows

    \System32\drivers\tcpip.sys
    2011-09-16 02:44:32 159744 ----a-w- C:\Program Files

    (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll
    2011-09-16 02:44:32 159744 ----a-w- C:\Program Files

    (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll
    2011-09-16 02:44:32 159744 ----a-w- C:\Program Files

    (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll
    2011-09-16 02:44:32 159744 ----a-w- C:\Program Files

    (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll
    2011-09-16 02:44:32 159744 ----a-w- C:\Program Files

    (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll
    2011-09-16 02:44:32 159744 ----a-w- C:\Program Files

    (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll
    2011-09-16 02:44:32 159744 ----a-w- C:\Program Files

    (x86)\Internet Explorer\PLUGINS\npqtplugin.dll
    2011-09-13 14:16:33 -------- d-----w- C:\Users\Abulafia

    \AppData\Roaming\Foxit Software
    2011-08-24 07:38:59 -------- d-----w- C:\ProgramData

    \RosettaStoneLtdBackup
    .
    ==================== Find3M ====================
    .
    2011-07-22 05:22:26 1638912 ----a-w- C:\Windows

    \System32\mshtml.tlb
    2011-07-22 04:54:18 1638912 ----a-w- C:\Windows

    \SysWow64\mshtml.tlb
    2011-07-16 05:41:50 362496 ----a-w- C:\Windows

    \System32\wow64win.dll
    2011-07-16 05:41:49 243200 ----a-w- C:\Windows

    \System32\wow64.dll
    2011-07-16 05:41:49 13312 ----a-w- C:\Windows

    \System32\wow64cpu.dll
    2011-07-16 05:39:10 16384 ----a-w- C:\Windows

    \System32\ntvdm64.dll
    2011-07-16 05:37:12 421888 ----a-w- C:\Windows

    \System32\KernelBase.dll
    2011-07-16 04:29:19 14336 ----a-w- C:\Windows

    \SysWow64\ntvdm64.dll
    2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch

    \acwow64.dll
    2011-07-16 04:25:37 25600 ----a-w- C:\Windows

    \SysWow64\setup16.exe
    2011-07-16 04:24:23 5120 ----a-w- C:\Windows

    \SysWow64\wow32.dll
    2011-07-16 04:24:22 272384 ----a-w- C:\Windows

    \SysWow64\KernelBase.dll
    2011-07-16 02:21:44 7680 ----a-w- C:\Windows

    \SysWow64\instnm.exe
    2011-07-16 02:21:41 2048 ----a-w- C:\Windows

    \SysWow64\user.exe
    2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-

    ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-

    ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-

    ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-

    ms-win-core-util-l1-1-0.dll
    2011-07-09 05:26:20 2048 ----a-w- C:\Windows

    \System32\tzres.dll
    2011-07-09 04:29:46 2048 ----a-w- C:\Windows

    \SysWow64\tzres.dll
    2011-07-09 02:46:28 288768 ----a-w- C:\Windows

    \System32\drivers\mrxsmb10.sys
    2011-07-06 01:37:00 94208 ----a-w- C:\Windows

    \SysWow64\QuickTimeVR.qtx
    2011-07-06 01:37:00 69632 ----a-w- C:\Windows

    \SysWow64\QuickTime.qts
    2011-06-24 05:34:53 214528 ----a-w- C:\Windows

    \System32\winsrv.dll
    2011-06-24 05:25:49 338432 ----a-w- C:\Windows

    \System32\conhost.exe
    2011-06-22 14:31:57 404640 ----a-w- C:\Windows

    \SysWow64\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 19:31:16.82 ===============



    ...and Attach:


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/11/2009 7:17:21 PM
    System Uptime: 9/15/2011 9:58:03 PM (94 hours ago)
    .
    Motherboard: Gateway | | WG43M
    Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPU 1 |

    2336/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 583 GiB total, 461.579 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Teredo Tunneling Adapter
    Device ID: ROOT\*TEREDO\0000
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TEREDO\0000
    Service: tunnel
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&1D01FCF&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&1D01FCF&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP210: 7/22/2011 8:15:24 PM - Revo Uninstaller's restore point - Opera

    11.11
    RP211: 7/22/2011 8:31:42 PM - Revo Uninstaller's restore point - Opera

    11.11
    RP212: 7/22/2011 8:39:02 PM - Revo Uninstaller's restore point - J2SE

    Runtime Environment 5.0 Update 6
    RP213: 7/22/2011 8:46:37 PM - Installed Java(TM) 6 Update 26
    RP214: 7/22/2011 8:51:56 PM - Windows Update
    RP215: 7/22/2011 9:07:58 PM - Windows Update
    RP216: 7/22/2011 9:28:36 PM - Revo Uninstaller's restore point - Foxit

    Reader
    RP217: 7/22/2011 9:30:14 PM - Revo Uninstaller's restore point - Revo

    Uninstaller 1.92
    RP218: 7/26/2011 7:23:34 AM - Windows Update
    RP219: 7/26/2011 6:46:00 PM - Windows Update
    RP220: 7/26/2011 10:00:12 PM - Windows Update
    RP221: 7/26/2011 11:57:45 PM - Installed VIPRE Antivirus.
    RP222: 8/3/2011 12:23:07 AM - Scheduled Checkpoint
    RP223: 8/9/2011 2:36:22 AM - Installed QuickTime
    RP224: 8/9/2011 2:44:22 AM - Installed Java(TM) 6 Update 24
    RP225: 8/9/2011 2:49:19 AM - Revo Uninstaller's restore point - Java(TM) 6

    Update 24
    RP226: 8/9/2011 2:50:31 AM - Removed Java(TM) 6 Update 24
    RP227: 8/9/2011 2:53:15 AM - Revo Uninstaller's restore point - Opera

    11.01
    RP228: 8/9/2011 8:46:47 PM - Installed HiJackThis
    RP229: 8/9/2011 11:49:26 PM - Revo Uninstaller's restore point - Apple

    Software Update
    RP230: 8/9/2011 11:52:42 PM - Revo Uninstaller's restore point - Apple

    Application Support
    RP231: 8/10/2011 10:00:12 PM - Windows Update
    RP232: 8/11/2011 10:00:12 PM - Windows Update
    RP233: 8/12/2011 4:12:47 AM - Installed Java(TM) 6 Update 24
    RP234: 8/12/2011 4:21:05 AM - Revo Uninstaller's restore point - J2SE

    Runtime Environment 5.0 Update 6
    RP235: 8/12/2011 4:23:36 AM - Revo Uninstaller's restore point - Java(TM)

    6 Update 24
    RP236: 8/12/2011 4:24:37 AM - Removed Java(TM) 6 Update 24
    RP237: 8/12/2011 4:27:37 AM - Revo Uninstaller's restore point - Java(TM)

    6 Update 26
    RP238: 8/12/2011 4:28:11 AM - Removed Java(TM) 6 Update 26
    RP239: 8/14/2011 5:48:55 PM - Revo Uninstaller's restore point -

    Malwarebytes' Anti-Malware
    RP240: 8/18/2011 5:15:02 PM - Windows Update
    RP242: 8/24/2011 12:33:30 AM - Installed Rosetta Stone Version 3
    RP243: 8/24/2011 12:38:10 AM - Installed Rosetta Stone Version 3
    RP244: 8/24/2011 10:00:11 PM - Windows Update
    RP245: 8/30/2011 10:00:13 PM - Windows Update
    RP246: 9/6/2011 10:00:23 PM - Windows Update
    RP247: 9/14/2011 3:58:56 AM - Scheduled Checkpoint
    RP248: 9/15/2011 7:37:20 PM - Windows Update
    RP249: 9/15/2011 7:47:51 PM - Windows Update
    RP250: 9/15/2011 9:47:55 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.10 beta
    Acrobat.com
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    ADS Tech Master Installer V3.8
    ADS Tech V3.8 DVD Xpress DX2 CapWiz
    Anonymizer Universal
    Apple Application Support
    Apple Software Update
    AutoUpdate
    Bing Bar
    Bing Rewards Client Installer
    DivX
    DivX Player
    EPSON Scan
    Fender FUSE
    Fender FUSE 2.0.0.462
    Foxit Reader
    Google Earth
    Google Update Helper
    IrfanView (remove only)
    J2SE Runtime Environment 5.0 Update 6
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Microsoft Default Manager
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Opera 11.11
    QuickTime
    Radio365 2.1
    RealNetworks - Microsoft Visual C++ 2005 Runtime
    RealUpgrade 1.0
    Revo Uninstaller 1.92
    Secunia PSI (2.0.0.3003)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    SmartSound Quicktracks Plugin
    System Requirements Lab
    Tokimeki Check in!
    Ulead DVD DiskRecorder 2.1.1
    Ulead Straight-to-Disc SDK
    Ulead VideoStudio 9.0 SE DVD
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    VIPRE Antivirus
    ZoneAlarm
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/15/2011 7:39:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] -

    Installation Failure: Windows failed to install the following update with

    error 0x8024200d: Security Update for Windows 7 for x64-based Systems

    (KB2570947).
    9/15/2011 7:05:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] -

    DCOM got error "1084" attempting to start the service wuauserv with

    arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-

    DB1CBF673334}
    9/15/2011 7:04:07 PM, Error: Service Control Manager [7034] - The VIPRE

    Antivirus service terminated unexpectedly. It has done this 1 time(s).
    9/15/2011 7:03:47 PM, Error: Service Control Manager [7001] - The Network

    List Service service depends on the Network Location Awareness service

    which failed to start because of the following error: The dependency

    service or group failed to start.
    9/15/2011 7:03:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] -

    DCOM got error "1084" attempting to start the service WSearch with

    arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-

    505054503030}
    9/15/2011 7:03:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] -

    DCOM got error "1084" attempting to start the service WSearch with

    arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-

    5C22C517CE39}
    9/15/2011 7:03:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] -

    DCOM got error "1068" attempting to start the service netprofm with

    arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-

    001185AD2B89}
    9/15/2011 7:03:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] -

    DCOM got error "1068" attempting to start the service netman with

    arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-

    00805FC1270E}
    9/15/2011 7:03:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] -

    DCOM got error "1084" attempting to start the service EventSystem with

    arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-

    00C04FB926AF}
    9/15/2011 7:03:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] -

    DCOM got error "1084" attempting to start the service ShellHWDetection

    with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-

    50B198B896DC}
    9/15/2011 7:03:22 PM, Error: Service Control Manager [7026] - The

    following boot-start or system-start driver(s) failed to load: AFD DfsC

    discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL SbTis spldr

    tdx vpcnfltr vpcvmm Vsdatant Wanarpv6 WfpLwf
    9/15/2011 7:03:14 PM, Error: Service Control Manager [7001] - The

    Workstation service depends on the Network Store Interface Service service

    which failed to start because of the following error: The dependency

    service or group failed to start.
    9/15/2011 7:03:14 PM, Error: Service Control Manager [7001] - The

    TrueVector Internet Monitor service depends on the Zone Alarm Firewall

    Driver service which failed to start because of the following error: A

    device attached to the system is not functioning.
    9/15/2011 7:03:14 PM, Error: Service Control Manager [7001] - The TCP/IP

    NetBIOS Helper service depends on the Ancillary Function Driver for

    Winsock service which failed to start because of the following error: A

    device attached to the system is not functioning.
    9/15/2011 7:03:14 PM, Error: Service Control Manager [7001] - The SMB

    MiniRedirector Wrapper and Engine service depends on the Redirected

    Buffering Sub Sysytem service which failed to start because of the

    following error: A device attached to the system is not functioning.
    9/15/2011 7:03:14 PM, Error: Service Control Manager [7001] - The SMB 2.0

    MiniRedirector service depends on the SMB MiniRedirector Wrapper and

    Engine service which failed to start because of the following error: The

    dependency service or group failed to start.
    9/15/2011 7:03:14 PM, Error: Service Control Manager [7001] - The SMB 1.x

    MiniRedirector service depends on the SMB MiniRedirector Wrapper and

    Engine service which failed to start because of the following error: The

    dependency service or group failed to start.
    9/15/2011 7:03:14 PM, Error: Service Control Manager [7001] - The Network

    Store Interface Service service depends on the NSI proxy service driver.

    service which failed to start because of the following error: A device

    attached to the system is not functioning.
    9/15/2011 7:03:14 PM, Error: Service Control Manager [7001] - The Network

    Location Awareness service depends on the Network Store Interface Service

    service which failed to start because of the following error: The

    dependency service or group failed to start.
    9/15/2011 7:03:14 PM, Error: Service Control Manager [7001] - The IP

    Helper service depends on the Network Store Interface Service service

    which failed to start because of the following error: The dependency

    service or group failed to start.
    9/15/2011 7:03:14 PM, Error: Service Control Manager [7001] - The DNS

    Client service depends on the NetIO Legacy TDI Support Driver service

    which failed to start because of the following error: A device attached

    to the system is not functioning.
    9/15/2011 7:03:14 PM, Error: Service Control Manager [7001] - The DHCP

    Client service depends on the Ancillary Function Driver for Winsock

    service which failed to start because of the following error: A device

    attached to the system is not functioning.
    .
    ==== End Of File ===========================

    .
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya UFO,

    I don`t see anything obvious in the logs that would cause the issues you mention, did you install any security software just prior to the problems starting?

    Next,

    Work through these suggestions from Microsoft, see if IE improves:

    http://windows.microsoft.com/en-US/windows/help/internet-explorer/slow-five-tips-to-boost-performance

    Next,

    Run the following please:

    Download aswMBR from Here

    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below

    [​IMG]

    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

    • Once the scan finishes click Save log to save the log to your Desktop.

      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    • You will also notice another file created on the desktop named MBR.dat. Right-click that file and select Send To and then Compressed (zipped) file. Attach that zipped file to your next reply as well.

    Kevin
     
  6. UFO

    UFO Thread Starter

    Joined:
    Apr 11, 2005
    Messages:
    195
    Here's the MBR log stuff:

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-09-23 00:32:23
    -----------------------------
    00:32:23.783 OS Version: Windows x64 6.1.7601 Service Pack 1
    00:32:23.783 Number of processors: 4 586 0x170A
    00:32:23.783 ComputerName: ABULAFIA-PC UserName: Abulafia
    00:32:25.133 Initialize success
    00:33:04.443 AVAST engine defs: 11092201
    00:33:23.423 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    00:33:23.423 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
    00:33:23.433 Disk 0 MBR read successfully
    00:33:23.433 Disk 0 MBR scan
    00:33:23.453 Disk 0 Windows 7 default MBR code
    00:33:23.453 Service scanning
    00:33:25.813 Service Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys **LOCKED** 32
    00:33:26.503 Modules scanning
    00:33:26.503 Disk 0 trace - called modules:
    00:33:26.503 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    00:33:26.513 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80058d8060]
    00:33:26.513 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800527f050]
    00:33:28.023 AVAST engine scan C:\Windows
    00:33:30.323 AVAST engine scan C:\Windows\system32
    00:35:05.655 AVAST engine scan C:\Windows\system32\drivers
    00:35:19.615 AVAST engine scan C:\Users\Abulafia
    00:39:58.885 AVAST engine scan C:\ProgramData
    01:25:36.523 Disk 0 MBR has been saved successfully to "C:\Users\Abulafia\Desktop\MBR.dat"
    01:25:36.533 The log file has been saved successfully to "C:\Users\Abulafia\Desktop\aswMBR.txt"


    I may have saved too early because the program was a little confusing as to whether or not it had finished the scan (?) There is also a possibility that this may have something to do with my rotten cable service - though I have a laptop running Vista hooked into the same network and it's not showing any of the same symptoms. Cheers, <***>
    .
     

    Attached Files:

    • MBR.zip
      File size:
      555 bytes
      Views:
      1
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Thanks for the log, but you have not supplied all of the information I ask for

    Did the link to Microsoft site help in anyway? Did you install any of your security apps just prior to your problem starting, such as Zonealarm?
     
  8. UFO

    UFO Thread Starter

    Joined:
    Apr 11, 2005
    Messages:
    195
    Update: This turned out to be a problem related to our cable service - too weak a signal arriving at the modem by the time it made the trip from the pole outside. They re-wired with a dedicated line and the problem has cleared up.
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Thank you for taking the time to come back and give us that update, you can delete the tools we`ve used from your Desktop.

    Take care,

    Kevin
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1013417

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice