• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
rwthethird

Extremely Sluggish Sony VAIO Desktop

7 posts in this topic

:clapping: Hello,

 

Our home desktop is 4 years old. We use it mainly for email, web browsing, skype, digital photos and videos. This computer used to be lightning fast. After four years connected to a high speed internet connection, programs open extremely slowly. We have had Norton 360 with regular updates for the past two years. We used McAfee Antivirus before that.

 

Earlier this year I installed a Flight Simulator program and add-on by Abacus. When the computer started to get really slow, several months ago, we went to MSN.com and followed the advice. We removed several unused programs, deleted unnecessary files, freeing space on the hard drive, ran checkdisk and defrag, Nothing worked. Now it appears the flight simulator installed two trojan agents on the hard drive.

 

Since we were referred to the spywareinfoforum, we ran MBAM, SPybot S&D, and HJT. We tried Kaspersky but it crashed. The computer still operates extremely slowly, with programs opening very slowly.

 

We would appreciate any help to save this desktop.

 

Here are the specs.

 

Sony VAIO VGC-RB53

Intel Pentium 4

3.0Ghz

504 MB RAM

WIndows XP Home Edition, Version 2, Service Pack 3

 

Here are the logs:

 

Malwarebytes' Anti-Malware 1.41

Database version: 2897

Windows 5.1.2600 Service Pack 3

 

10/5/2009 8:27:43 PM

mbam-log-2009-10-05 (20-27-43).txt

 

Scan type: Full Scan (C:\|I:\|)

Objects scanned: 301025

Time elapsed: 63 hour(s), 31 minute(s), 5 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 3

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\Program Files\Microsoft Games\Flight Simulator 9\Gauges\AB_FD4_F18C.stall.gau (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Microsoft Games\Flight Simulator 9\Gauges\AB_FD4_F18C.stall_0001.GAU (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{BBB2C4CF-BFC8-4C30-AAAA-A4C060EC9E4C}\RP679\A0063007.exe (Adware.Adband) -> Quarantined and deleted successfully.

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:23:23 PM, on 10/5/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe

C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe

C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Lexmark X5100 Series\lxbabmon.exe

C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\AOL\1176604608\ee\AOLSoftware.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/index.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe

O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1176604608\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"

O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Transfer by Image Converter 2 - C:\Program Files\Sony\Image Converter 2\menu.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/53.13/uploader2.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe

O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe

O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 

--

End of file - 13517 bytes

Edited by rwthethird

Share this post


Link to post
Share on other sites

Hi,

I'm nasdaq and will be helping you.

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Download: CCleaner (freeware)

http://www.majorgeeks.com/download4191.html

Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).

Once installed, run CCleaner click the Windows [tab]

The following should be selected by default, if not, please select:

CCleanerA.png

Next: click Options click the Settings tab

Uncheck: "Only delete files older than 48 hrs.", click Ok

Then click Run Cleaner (bottom right) then Exit

*/*

 

Download ComboFix from one of these locations:

 

Link 1

Link 2

 

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
     
  • Double click on ComboFix.exe & follow the prompts.
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

 

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

RcAuto1.gif

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

whatnext.png

 

Click on Yes, to continue scanning for malware.

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Share this post


Link to post
Share on other sites

We are back online.

 

Please post the results of the logs I previously requested.

Share this post


Link to post
Share on other sites

Nasdaq,

Here is the Combofix log, as requested. Thanks much!

 

ComboFix 09-10-14.04 - Richard 10/14/2009 20:57.1.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.96 [GMT -4:00]

Running from: c:\documents and settings\Richard\Desktop\ComboFix.exe

AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}

FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\recycler\S-1-5-21-1122622907-3191723687-1912544326-1003

c:\recycler\S-1-5-21-776561741-879983540-839522115-1003

c:\recycler\S-1-5-21-826081107-367924060-4017391600-1003

c:\windows\COUPON~1.OCX

c:\windows\CouponPrinter.ocx

c:\windows\Installer\16e11d.msp

c:\windows\Installer\1b75ba5.msp

c:\windows\Installer\1b75ba7.msp

c:\windows\Installer\1d4cb79.msp

c:\windows\Installer\1d4cb7b.msp

c:\windows\Installer\3ab2d4e5.msp

c:\windows\Installer\56b22.msp

c:\windows\Installer\dec25e.msp

c:\windows\megavid.cdt

c:\windows\muotr.so

c:\windows\setup.exe

I:\autorun.inf

 

.

((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))

.

 

2009-10-14 23:51 . 2009-10-14 23:51 -------- d-----w- c:\program files\CCleaner

2009-10-12 01:04 . 2009-10-12 01:04 -------- d-----w- c:\documents and settings\Richard\Application Data\PC Cleaner

2009-10-12 01:03 . 2009-10-12 01:03 -------- d-----w- c:\program files\PC Cleaner

2009-10-11 03:58 . 1999-09-05 01:23 91136 ----a-r- c:\windows\system32\msls2.dll

2009-10-11 03:57 . 2009-10-11 03:57 808408 ----a-w- c:\program files\wp2Krtf.exe

2009-10-06 21:15 . 2009-10-06 21:15 -------- d-----w- c:\documents and settings\Relika\Application Data\Malwarebytes

2009-10-06 02:18 . 2009-10-06 02:18 401720 ----a-w- c:\program files\HijackThis.exe

2009-10-03 03:37 . 2009-10-03 03:37 -------- d-----w- c:\documents and settings\Richard\Application Data\Malwarebytes

2009-10-03 03:36 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-03 03:36 . 2009-10-03 03:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-10-03 03:36 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-03 03:36 . 2009-10-03 03:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-02 19:28 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe

2009-10-02 02:38 . 2009-10-14 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-10-02 02:38 . 2009-10-02 02:52 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-09-30 01:00 . 2009-09-30 01:00 -------- d-----w- c:\documents and settings\Richard\ErrorLogs

2009-09-28 01:49 . 2009-09-28 01:50 -------- d-----w- c:\program files\Windows Defender

2009-09-28 01:29 . 2009-09-28 01:29 -------- d-----w- c:\documents and settings\Richard\Application Data\uniblue

2009-09-28 01:23 . 2009-09-28 01:23 -------- d-----w- c:\program files\Uniblue

2009-09-28 00:55 . 2009-09-28 00:55 -------- d-----w- c:\windows\system32\XPSViewer

2009-09-28 00:55 . 2009-09-28 00:55 -------- d-----w- c:\program files\MSBuild

2009-09-28 00:54 . 2009-09-28 00:54 -------- d-----w- c:\program files\Reference Assemblies

2009-09-28 00:50 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-09-28 00:50 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-09-28 00:50 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-09-28 00:50 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-09-28 00:50 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-09-28 00:50 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-09-28 00:50 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-09-28 00:22 . 2009-09-28 00:22 -------- d-----r- C:\AHCache

2009-09-18 21:29 . 2009-09-18 21:29 -------- d-----w- c:\documents and settings\Relika\Local Settings\Application Data\Mozilla

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-15 01:07 . 2005-10-07 00:34 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-10-12 20:52 . 2005-10-07 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

2009-10-12 19:14 . 2009-01-12 14:09 -------- d-----w- c:\documents and settings\Relika\Application Data\Skype

2009-10-12 17:40 . 2009-01-12 14:11 -------- d-----w- c:\documents and settings\Relika\Application Data\skypePM

2009-10-12 00:48 . 2006-01-03 05:20 -------- d-----w- c:\program files\Pure Networks

2009-10-12 00:48 . 2006-01-03 05:17 -------- d-----w- c:\program files\Common Files\AOL

2009-10-11 22:40 . 2006-01-03 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL

2009-10-11 22:35 . 2006-01-03 05:20 -------- d-----w- c:\documents and settings\Richard\Application Data\AOL

2009-09-28 20:53 . 2009-01-11 16:46 22312 -c--a-w- c:\documents and settings\Relika\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-09-28 01:22 . 2006-01-03 04:32 22312 -c--a-w- c:\documents and settings\Richard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-21 01:07 . 2009-08-21 01:07 29948928 ----a-w- c:\program files\SOACTD-00772707-US.EXE

2009-08-21 00:52 . 2008-04-24 02:31 -------- d-----w- c:\program files\Windows Live

2009-08-21 00:46 . 2005-06-13 19:22 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-05 09:01 . 2005-06-13 19:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-17 19:01 . 2005-06-13 19:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-15 01:54 . 2009-07-15 01:54 13612752 ----a-w- c:\program files\apmReadD.exe

2009-06-20 18:27 . 2009-06-20 18:27 6917 ----a-w- c:\program files\boundary.htm

2009-01-25 16:58 . 2009-01-25 16:58 7518240 -c--a-w- c:\program files\Firefox Setup 3.0.5.exe

2006-01-03 07:01 . 2006-01-03 07:00 9352392 -c--a-w- c:\program files\Install_MSN_Messenger.exe

2006-01-03 06:40 . 2006-01-03 06:34 7256768 -c--a-w- c:\program files\SkypeSetup.exe

2009-04-01 02:47 . 2009-01-25 16:59 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"PC Cleaner"="c:\program files\PC Cleaner\PCCleanerTray.exe" [2009-09-30 199680]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]

"CreateCD_Reminder"="c:\windows\Sonysys\VAIO Recovery\reminder.exe" [2004-07-16 53248]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]

"VZRemoteCommander"="c:\program files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe" [2005-01-31 192512]

"Lexmark X5100 Series"="c:\program files\Lexmark X5100 Series\lxbabmgr.exe" [2002-12-16 86102]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-01-03 26112]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-01-03 98304]

"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-04 136600]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]

"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-10-08 88363]

"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-08-13 61952]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-02 77824]

"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2004-11-29 2748928]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 3:43 PM 102448]

 

--- Other Services/Drivers In Memory ---

 

*NewlyCreated* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

 

2009-10-12 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

 

2006-01-03 c:\windows\Tasks\Registration reminder 1.job

- c:\windows\system32\OOBE\oobebaln.exe [2005-06-13 00:12]

 

2009-10-14 c:\windows\Tasks\User_Feed_Synchronization-{5D8E563F-3FC4-47BD-8711-D164FBE69ACB}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:05]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.foxnews.com/index.html

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

IE: Transfer by Image Converter 2 - c:\program files\Sony\Image Converter 2\menu.htm

Trusted Zone: navyfcu.org\myaccountsaws

Trusted Zone: turbotax.com

FF - ProfilePath - c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\5do47wey.default\

FF - prefs.js: network.proxy.type - 1

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

HKCU-Run-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\ypager.exe

HKLM-Run-AOLDialer - c:\program files\Common Files\AOL\ACS\AOLDial.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-14 21:14

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-2479727736-741332569-3037119889-1007\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(952)

c:\windows\system32\igfxsrvc.dll

c:\windows\system32\hccutils.DLL

 

- - - - - - - > 'winlogon.exe'(2304)

c:\windows\system32\igfxsrvc.dll

c:\windows\system32\hccutils.DLL

.

Completion time: 2009-10-15 21:19

ComboFix-quarantined-files.txt 2009-10-15 01:19

 

Pre-Run: 77,122,711,552 bytes free

Post-Run: 78,369,832,960 bytes free

 

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

 

211 --- E O F --- 2009-10-08 15:15

Share this post


Link to post
Share on other sites

Looking better.

 

Run this tool ans post the results. Let me know what problems remains.

 

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Share this post


Link to post
Share on other sites

Nasdaq,

 

Here you go. System is still slow to boot and open programs.

 

Thanks,

RW

 

Results of screen317's Security Check version 0.99.0

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

SonicStage Mastering Studio Audio Filter Custom Preset

Norton 360

``````````````````````````````

Anti-malware/Other Utilities Check:

Spybot - Search & Destroy

Windows Defender

HijackThis 2.0.2

CCleaner (remove only)

Java 6 Update 11

Java SE Runtime Environment 6 Update 1

Java 6 Update 2

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Out of date Java installed!

Adobe Flash Player 10

Adobe Reader 7.1.0

Out of date Adobe Reader installed!

``````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

Windows Defender MSMpEng.exe

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

 

`````````End of Log```````````

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0