Jump to content


Photo

Extremely Sluggish Sony VAIO Desktop


  • This topic is locked This topic is locked
6 replies to this topic

#1 rwthethird

rwthethird

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 06 October 2009 - 10:06 PM

:clapping: Hello,

Our home desktop is 4 years old. We use it mainly for email, web browsing, skype, digital photos and videos. This computer used to be lightning fast. After four years connected to a high speed internet connection, programs open extremely slowly. We have had Norton 360 with regular updates for the past two years. We used McAfee Antivirus before that.

Earlier this year I installed a Flight Simulator program and add-on by Abacus. When the computer started to get really slow, several months ago, we went to MSN.com and followed the advice. We removed several unused programs, deleted unnecessary files, freeing space on the hard drive, ran checkdisk and defrag, Nothing worked. Now it appears the flight simulator installed two trojan agents on the hard drive.

Since we were referred to the spywareinfoforum, we ran MBAM, SPybot S&D, and HJT. We tried Kaspersky but it crashed. The computer still operates extremely slowly, with programs opening very slowly.

We would appreciate any help to save this desktop.

Here are the specs.

Sony VAIO VGC-RB53
Intel Pentium 4
3.0Ghz
504 MB RAM
WIndows XP Home Edition, Version 2, Service Pack 3

Here are the logs:

Malwarebytes' Anti-Malware 1.41
Database version: 2897
Windows 5.1.2600 Service Pack 3

10/5/2009 8:27:43 PM
mbam-log-2009-10-05 (20-27-43).txt

Scan type: Full Scan (C:\|I:\|)
Objects scanned: 301025
Time elapsed: 63 hour(s), 31 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Microsoft Games\Flight Simulator 9\Gauges\AB_FD4_F18C.stall.gau (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Games\Flight Simulator 9\Gauges\AB_FD4_F18C.stall_0001.GAU (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BBB2C4CF-BFC8-4C30-AAAA-A4C060EC9E4C}\RP679\A0063007.exe (Adware.Adband) -> Quarantined and deleted successfully.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:23 PM, on 10/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\AOL\1176604608\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1176604608\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...3/uploader2.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13517 bytes

Edited by rwthethird, 07 October 2009 - 10:15 AM.


#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 11 October 2009 - 09:26 AM

Hi,
I'm nasdaq and will be helping you.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Download: CCleaner (freeware)
http://www.majorgeek...wnload4191.html
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner click the Windows [tab]
The following should be selected by default, if not, please select:
Posted Image
Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click Run Cleaner (bottom right) then Exit
*/*

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 15 October 2009 - 12:31 PM

We are back online.

Please post the results of the logs I previously requested.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 rwthethird

rwthethird

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 15 October 2009 - 03:37 PM

Nasdaq,
Here is the Combofix log, as requested. Thanks much!

ComboFix 09-10-14.04 - Richard 10/14/2009 20:57.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.96 [GMT -4:00]
Running from: c:\documents and settings\Richard\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1122622907-3191723687-1912544326-1003
c:\recycler\S-1-5-21-776561741-879983540-839522115-1003
c:\recycler\S-1-5-21-826081107-367924060-4017391600-1003
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Installer\16e11d.msp
c:\windows\Installer\1b75ba5.msp
c:\windows\Installer\1b75ba7.msp
c:\windows\Installer\1d4cb79.msp
c:\windows\Installer\1d4cb7b.msp
c:\windows\Installer\3ab2d4e5.msp
c:\windows\Installer\56b22.msp
c:\windows\Installer\dec25e.msp
c:\windows\megavid.cdt
c:\windows\muotr.so
c:\windows\setup.exe
I:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))
.

2009-10-14 23:51 . 2009-10-14 23:51 -------- d-----w- c:\program files\CCleaner
2009-10-12 01:04 . 2009-10-12 01:04 -------- d-----w- c:\documents and settings\Richard\Application Data\PC Cleaner
2009-10-12 01:03 . 2009-10-12 01:03 -------- d-----w- c:\program files\PC Cleaner
2009-10-11 03:58 . 1999-09-05 01:23 91136 ----a-r- c:\windows\system32\msls2.dll
2009-10-11 03:57 . 2009-10-11 03:57 808408 ----a-w- c:\program files\wp2Krtf.exe
2009-10-06 21:15 . 2009-10-06 21:15 -------- d-----w- c:\documents and settings\Relika\Application Data\Malwarebytes
2009-10-06 02:18 . 2009-10-06 02:18 401720 ----a-w- c:\program files\HijackThis.exe
2009-10-03 03:37 . 2009-10-03 03:37 -------- d-----w- c:\documents and settings\Richard\Application Data\Malwarebytes
2009-10-03 03:36 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-03 03:36 . 2009-10-03 03:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-03 03:36 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-03 03:36 . 2009-10-03 03:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-02 19:28 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 02:38 . 2009-10-14 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-02 02:38 . 2009-10-02 02:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-30 01:00 . 2009-09-30 01:00 -------- d-----w- c:\documents and settings\Richard\ErrorLogs
2009-09-28 01:49 . 2009-09-28 01:50 -------- d-----w- c:\program files\Windows Defender
2009-09-28 01:29 . 2009-09-28 01:29 -------- d-----w- c:\documents and settings\Richard\Application Data\uniblue
2009-09-28 01:23 . 2009-09-28 01:23 -------- d-----w- c:\program files\Uniblue
2009-09-28 00:55 . 2009-09-28 00:55 -------- d-----w- c:\windows\system32\XPSViewer
2009-09-28 00:55 . 2009-09-28 00:55 -------- d-----w- c:\program files\MSBuild
2009-09-28 00:54 . 2009-09-28 00:54 -------- d-----w- c:\program files\Reference Assemblies
2009-09-28 00:50 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-28 00:50 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-09-28 00:50 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-28 00:50 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-28 00:50 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-09-28 00:50 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-09-28 00:50 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-09-28 00:22 . 2009-09-28 00:22 -------- d-----r- C:\AHCache
2009-09-18 21:29 . 2009-09-18 21:29 -------- d-----w- c:\documents and settings\Relika\Local Settings\Application Data\Mozilla

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 01:07 . 2005-10-07 00:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-12 20:52 . 2005-10-07 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-12 19:14 . 2009-01-12 14:09 -------- d-----w- c:\documents and settings\Relika\Application Data\Skype
2009-10-12 17:40 . 2009-01-12 14:11 -------- d-----w- c:\documents and settings\Relika\Application Data\skypePM
2009-10-12 00:48 . 2006-01-03 05:20 -------- d-----w- c:\program files\Pure Networks
2009-10-12 00:48 . 2006-01-03 05:17 -------- d-----w- c:\program files\Common Files\AOL
2009-10-11 22:40 . 2006-01-03 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-10-11 22:35 . 2006-01-03 05:20 -------- d-----w- c:\documents and settings\Richard\Application Data\AOL
2009-09-28 20:53 . 2009-01-11 16:46 22312 -c--a-w- c:\documents and settings\Relika\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-28 01:22 . 2006-01-03 04:32 22312 -c--a-w- c:\documents and settings\Richard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-21 01:07 . 2009-08-21 01:07 29948928 ----a-w- c:\program files\SOACTD-00772707-US.EXE
2009-08-21 00:52 . 2008-04-24 02:31 -------- d-----w- c:\program files\Windows Live
2009-08-21 00:46 . 2005-06-13 19:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 09:01 . 2005-06-13 19:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2005-06-13 19:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 01:54 . 2009-07-15 01:54 13612752 ----a-w- c:\program files\apmReadD.exe
2009-06-20 18:27 . 2009-06-20 18:27 6917 ----a-w- c:\program files\boundary.htm
2009-01-25 16:58 . 2009-01-25 16:58 7518240 -c--a-w- c:\program files\Firefox Setup 3.0.5.exe
2006-01-03 07:01 . 2006-01-03 07:00 9352392 -c--a-w- c:\program files\Install_MSN_Messenger.exe
2006-01-03 06:40 . 2006-01-03 06:34 7256768 -c--a-w- c:\program files\SkypeSetup.exe
2009-04-01 02:47 . 2009-01-25 16:59 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PC Cleaner"="c:\program files\PC Cleaner\PCCleanerTray.exe" [2009-09-30 199680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 53248]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"VZRemoteCommander"="c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512]
"Lexmark X5100 Series"="c:\program files\Lexmark X5100 Series\lxbabmgr.exe" [2002-12-16 86102]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-01-03 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-03 98304]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-10-08 88363]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-08-13 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-02 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-11-29 2748928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 3:43 PM 102448]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-10-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2006-01-03 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-06-13 00:12]

2009-10-14 c:\windows\Tasks\User_Feed_Synchronization-{5D8E563F-3FC4-47BD-8711-D164FBE69ACB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/index.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm
Trusted Zone: navyfcu.org\myaccountsaws
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\5do47wey.default\
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\ypager.exe
HKLM-Run-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 21:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2479727736-741332569-3037119889-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL

- - - - - - - > 'winlogon.exe'(2304)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2009-10-15 21:19
ComboFix-quarantined-files.txt 2009-10-15 01:19

Pre-Run: 77,122,711,552 bytes free
Post-Run: 78,369,832,960 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

211 --- E O F --- 2009-10-08 15:15

#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 15 October 2009 - 06:30 PM

Looking better.

Run this tool ans post the results. Let me know what problems remains.

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 rwthethird

rwthethird

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 16 October 2009 - 08:37 PM

Nasdaq,

Here you go. System is still slow to boot and open programs.

Thanks,
RW

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
SonicStage Mastering Studio Audio Filter Custom Preset
Norton 360
``````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Windows Defender
HijackThis 2.0.2
CCleaner (remove only)
Java™ 6 Update 11
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.1.0
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Windows Defender MSMpEng.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,091 posts

Posted 31 October 2009 - 09:23 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button