Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer Slow - Variety Of Threat Types Found [RESOLVED]

Started by FidelGonzales , Sep 17 2007 11:43 PM

  • This topic is locked This topic is locked

#1
FidelGonzales
Posted 17 September 2007 - 11:43 PM

FidelGonzales

    Member

  • Member
  • PipPip
  • 55 posts
First off, thanks for an excellent website that I wish I would have found years ago. I have lurked on this forum for the past month. Unfortunately, I wound up in need of its assistance several weeks back when my computer became very slow.

I was using DeepBurner to burn a DVD. And as I remember it, everything was going well, until the end. The DVD locked up and would not proceed near the finish. I attempted to abort the operation by stopping the program but finally had to eject the DVD in order to get it out. At the time, I was listening to web radio, and the audio became garbled and simply began skipping liking a vinyl record.

As I remember it, I rebooted and continued on, taking note that the garbled audio seemed to come on strong when larger programs such as Photoshop and the like were used. It eventually evolved to exist virtually all the time. Right now, for example, while I am typing, I struck up the web radio and have only had Firefox and Hijackthis running. The computer is slow and the audio steadily garbled. It is quite painful on the system when I click a website's submit form. Working with various CMS websites throughout the day, my productivity is excruciating slow, as submit forms often take anywhere from 10 up to 30 or more seconds. It seems that there may also be some issues with Java / Java Script, but I am not expert.

It is worth mentioning that sometime just before the day referenced above when I used the DeepBurner DVD burner, my Trend Anti-Virus and Webroot Spyware software expired. There was a gap of several hours or a full day until I loaded AVG Free. During this time, the computer was not used very much.

The attacks on my computer may have struck and entered my system prior to the expiration date, as I noticed I was getting bounce emails from email addresses saying they do not accept spam and also that the email contains a virus. I didn't pay it much mind at the time, since I have numerous alias email addresses that are used to manage numerous sites. I assumed, at the time, there was something screwy going on with someone else who I may have included on one or more of the aliases.

FIXING THE PROBLEM

I assumed my issue was attributable to the fact that I have not defragged my computer since sometime shortly after I bought it approximately a year ago. I tried to defrag the computer using the Windows XP defrag, but after I allowed it to go on for over two days, I finally gave up. I figured it was time to began burning DVDs and freeing up space to make a defrag easier. That's when the above issue erupted. It has 46GB of used space and 27 of free space.

I then remembered this site last week and took action with the instructions listed upon the URL below. I have listed some notes regarding several of the steps that didn't go so well. I have done them each three times, dating back to last week and to today. Each time the computer improves for a while.

http://www.geekstogo...-Log-t2852.html

After the first time I performed these operations, I began installing numerous software applications that were recommended by various moderators on this forum. Those include the following:
  • ATF Cleaner
  • AVG Free 7.55
  • AVG Anti-Spyware
  • Crap Cleaner
  • JKDefrag - This was the only defrag tool that worked on my comptuer and took approximately 10 hours to complete.
  • SpywareBlaster
  • ZoneAlarm - Excellent program. I have only allowed a few programs to transfer data.
  • SUPERAntiSpyware Free Edition
  • ATF Cleaner - This initially took approximately 10-20 minutes. Great tool.
  • System Restore - This also took approximately 10-20 minutes.
  • AVG Anti-Spyware - This took a very long time. I'd say eight hours or so. It found the attached downloader.small.ehe virus and removed it.
  • SUPERAntiSpyware Home Edition - This found some spyware that was removed.
  • Online - Panda Activescan - This continually crashed several hours into the exercise but did manage to find some items that may or may not have been spyware. I had to copy it down, as I was unable to save the file.
  • AVG - Took a long time.
  • Hijack - Attached.
OTHER NOTES

In the time I have been typing this post, my used and free space on the C: drive has changed dramatically. Just in the time I typed that last list, which consumed approximately five minutes (at most), my used space jumped from 46,438,000,000 bytes to 46,441,000,000 bytes, which is 3MB. By the time I pasted that which is below, the size went to 46,445,000,000 bytes. I don't have any other operations going on my computer than FireFox.

HI JACK THIS LOG

Logfile of HijackThis v1.99.1Scan saved at 9:28:38 PM, on 9/17/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\Program Files\Sony\VAIO Event Service\VESMgr.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeC:\WINDOWS\system32\CAPM3RSK.EXEC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\Lexmark 1200 Series\lxczbmgr.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Lexmark 1200 Series\lxczbmon.exeC:\Program Files\Java\jre1.6.0\bin\jusched.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3LAK.EXEC:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3SWK.EXEC:\PROGRA~1\Grisoft\AVG7\avgw.exeC:\Program Files\OpenOffice.org 2.2\program\soffice.exeC:\Program Files\OpenOffice.org 2.2\program\soffice.BINC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Hijackthis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.sony.com/vaiopeople"]http://www.sony.com/vaiopeople[/url]R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dllR3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dllR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: (no name) - {00D0E786-A9E4-4EC5-82BA-E4E57D285B83} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dllO2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dllO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Canon PC1200 iC D700 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3LAK.EXEO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeO8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htmO9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeopleO16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - [url="http://support.f-secure.com/ols/fscax.cab"]http://support.f-secure.com/ols/fscax.cab[/url]O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - [url="http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula"]http://a516.g.akamai.net/f/516/25175/7d/ru.../wficat-no-eula[/url].cabO16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - [url="http://69.213.66.54/TSWEB/msrdp.cab"]http://69.213.66.54/TSWEB/msrdp.cab[/url]O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url="http://acs.pandasoftware.com/activescan/as5free/asinst.cab"]http://acs.pandasoftware.com/activescan/as5free/asinst.cab[/url]O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - [url="http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab"]http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab[/url]O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLLO20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dllO20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)O20 - Winlogon Notify: xxyvurq - xxyvurq.dll (file missing)O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exeO23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exeO23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exeO23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exeO23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe (file missing)O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exeO23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exeO23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exeO23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exeO23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exeO23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exeO23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exeO23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeO23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

SUPER ANTI SPYWARE LOG

SUPERAntiSpyware Scan Log[url="http://www.superantispyware.com"]http://www.superantispyware.com[/url]Generated 09/17/2007 at 09:24 AMApplication Version : 3.9.1008Core Rules Database Version : 3306Trace Rules Database Version: 1312Scan type       : Complete ScanTotal Scan Time : 05:03:34Memory items scanned      : 523Memory threats detected   : 0Registry items scanned    : 6564Registry threats detected : 4File items scanned        : 35774File threats detected     : 1Trojan.WinFixer	HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10FC1CC8-9B06-4E5D-91F3-937B8BE48C4E}	HKCR\CLSID\{10FC1CC8-9B06-4E5D-91F3-937B8BE48C4E}	HKCR\CLSID\{10FC1CC8-9B06-4E5D-91F3-937B8BE48C4E}\InprocServer32	HKCR\CLSID\{10FC1CC8-9B06-4E5D-91F3-937B8BE48C4E}\InprocServer32#ThreadingModel	C:\WINDOWS\SYSTEM32\GEEBY.DLL

AVG LOG

Trojan horse PSW.Generic4.WYX	C:\WINDOWS\system32\iphelp.dll	9/17/2007 13:38	iphelp.dll	8 KBTrojan horse Downloader.Generic6.AUK	C:\WINDOWS\system32\mscert.dll	9/17/2007 13:38	mscert.dll	4 KBTrojan horse PSW.Generic4.WYG	C:\WINDOWS\system32\netd.dll	9/17/2007 13:38	netd.dll	6 KBTrojan horse PSW.Generic4.ZLK	C:\WINDOWS\system32\psx.dll	9/17/2007 13:38	psx.dll	4.5 KBTrojan horse PSW.Generic4.ZLK	C:\WINDOWS\system32\psx.dll	9/17/2007 13:38	psx.dll	4.5 KB

PANDA SCAN LOG

Incident                                                                        Status                        Location                                                                                                                                                                                                                                                        Potentially unwanted tool:application/mywebsearch                               Not disinfected               hkey_classes_root\clsid\{147A976F-EEE1-4377-8EA7-4716E4CDD239}                                                                                                                                                                                                  Spyware:Cookie/Tribalfusion                                                     Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[.tribalfusion.com/]                                                                                                                                       Spyware:Cookie/2o7                                                              Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[.2o7.net/]                                                                                                                                                Spyware:Cookie/Doubleclick                                                      Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[.doubleclick.net/]                                                                                                                                        Spyware:Cookie/FastClick                                                        Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[.fastclick.net/]                                                                                                                                          Spyware:Cookie/Atlas DMT                                                        Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[.atdmt.com/]                                                                                                                                              Spyware:Cookie/Advertising                                                      Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[.advertising.com/]                                                                                                                                        Spyware:Cookie/Mediaplex                                                        Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[.mediaplex.com/]                                                                                                                                          Spyware:Cookie/Clickbank                                                        Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[.clickbank.net/]                                                                                                                                          Spyware:Cookie/Serving-sys                                                      Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[.serving-sys.com/]                                                                                                                                        Spyware:Cookie/Serving-sys                                                      Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[.bs.serving-sys.com/]                                                                                                                                     Spyware:Cookie/Serving-sys                                                      Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[.serving-sys.com/]                                                                                                                                        Spyware:Cookie/Traffic Marketplace                                              Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[.trafficmp.com/]                                                                                                                                          Spyware:Cookie/RealMedia                                                        Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[.realmedia.com/]                                                                                                                                          Spyware:Cookie/PointRoll                                                        Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[.ads.pointroll.com/]                                                                                                                                      Spyware:Cookie/Zedo                                                             Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[.zedo.com/]                                                                                                                                               Spyware:Cookie/Casalemedia                                                      Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[.casalemedia.com/]                                                                                                                                        Spyware:Cookie/WebtrendsLive                                                    Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[statse.webtrendslive.com/]                                                                                                                                Spyware:Cookie/Overture                                                         Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[.perf.overture.com/]                                                                                                                                      Spyware:Cookie/Com.com                                                          Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[.com.com/]                                                                                                                                                Spyware:Cookie/Toplist                                                          Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[.toplist.cz/]                                                                                                                                             Spyware:Cookie/YieldManager                                                     Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[ad.yieldmanager.com/]                                                                                                                                     Spyware:Cookie/Adrevolver                                                       Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[.adrevolver.com/]                                                                                                                                         Spyware:Cookie/Server.iad.Liveperson                                            Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[server.iad.liveperson.net/hc/42100874]                                                                                                                    Spyware:Cookie/Server.iad.Liveperson                                            Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[server.iad.liveperson.net/]                                                                                                                               Spyware:Cookie/Atwola                                                           Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[.atwola.com/]                                                                                                                                             Spyware:Cookie/Xiti                                                             Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[.xiti.com/]                                                                                                                                               Spyware:Cookie/DomainSponsor                                                    Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[landing.domainsponsor.com/]                                                                                                                               Spyware:Cookie/bravenetA                                                        Not disinfected               C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\cookies.txt[.bravenet.com/]                                                                                                                                           Virus:Trj/Alanchum.NX!CME-711                                                   Disinfected                   C:\Documents and Settings\User\Application Data\Thunderbird\Profiles\gmyfu5k6.default\Mail\Local Folders\Inbox[Read More.exe]                                                                                                                                   Virus:W32/Nuwar.D.worm                                                          Disinfected                   C:\Documents and Settings\User\Application Data\Thunderbird\Profiles\gmyfu5k6.default\Mail\Local Folders\Inbox[Video.exe]                                                                                                                                       Virus:Trj/Alanchum.OO                                                           Disinfected                   C:\Documents and Settings\User\Application Data\Thunderbird\Profiles\gmyfu5k6.default\Mail\Local Folders\Inbox[postcard.exe]                                                                                                                                    Virus:Trj/Alanchum.PW                                                           Disinfected                   C:\Documents and Settings\User\Application Data\Thunderbird\Profiles\gmyfu5k6.default\Mail\Local Folders\Inbox[greeting card.exe]                                                                                                                               Spyware:Cookie/2o7                                                              Not disinfected               C:\Documents and Settings\User\Cookies\user@2o7[1].txt

JKDEFRAG LOG

22:35:04 JkDefrag v3.2422:35:05 Date: 2007/09/1422:35:05 NtfsDisableLastAccessUpdate is inactive, using LastAccessTime for SpaceHogs.22:35:05 Analyzing disk 'C:\'22:35:06 Starting JkDefrag for 'C:\'22:35:14 Phase 1: Analyze22:40:26 Phase 2: Fixup00:36:03 Zone 1: Fast Optimize00:41:16 Zone 2: Fast Optimize07:26:17 Zone 3: Fast Optimize10:12:35 Finished.10:12:35 - Total disk space: 73575129088 bytes (68.52 gigabytes), 17962678 clusters10:12:35 - Bytes per cluster: 4096 bytes10:12:35 - Number of files: 12170910:12:35 - Number of directories: 1319610:12:35 - Total size of analyzed items: 45741236224 bytes, 11167294 clusters10:12:35 - Number of fragmented items: 3, 0.00% of all items10:12:35 - Total size of fragmented items: 143360 bytes, 35 clusters, 0.00% of all items, 0.00% of disk10:12:35 - Free disk space: 26293346304 bytes, 6419274 clusters, 35.74% of disk10:12:35 - Number of gaps: 87110:12:35 - Number of small gaps: 234, 26.87% of all gaps10:12:35 - Size of small gaps: 6762496 bytes, 1651 clusters, 0.03% of free disk space10:12:35 - Number of big gaps: 637 (73.13% of all gaps)10:12:35 - Size of big gaps: 26286583808 bytes, 6417623 clusters, 99.97% of free disk space10:12:35 - Average gap size: 7370.00 clusters10:12:35 - Biggest gap: 2169380864 bytes, 529634 clusters, 8.25% of free disk space10:12:35 These items could not be moved:10:12:35   Fragments       Bytes  Clusters Name10:12:35           1        4096         1 C:\$MFTMirr10:12:35           1    67108864     16384 C:\$LogFile10:12:35           1        4144         2 C:\.::$SECURITY_DESCRIPTOR10:12:35           1     2245336       549 C:\$Bitmap10:12:35           2       65536        16 C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb10:12:35         397  2146456872     25664 C:\$Extend\$UsnJrnl:$J:$DATA10:12:35          13       54984        14 C:\$MFT::$BITMAP10:12:35           1      106752        25 C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\q9pf7xvd.default\flashgot.log10:12:35   --------- ----------- --------- -----10:12:35         417  2216046584     42655 Total10:12:35 These items are still fragmented:10:12:35   Fragments       Bytes  Clusters Name10:12:35           2       45056        12 C:\WINDOWS\SoftwareDistribution\EventCache10:12:35           3   450428928    109968 C:\$MFT10:12:35           2       65536        16 C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb10:12:35         397  2146456872     25664 C:\$Extend\$UsnJrnl:$J:$DATA10:12:35          13       54984        14 C:\$MFT::$BITMAP10:12:35           4        1024         7 C:\WINDOWS\system32\config\SECURITY.LOG10:12:35   --------- ----------- --------- -----10:12:35         421  2597052400    135681 Total10:12:35 The 25 largest items on disk:10:12:35   Fragments       Bytes  Clusters Name10:12:35           1  1598029824    390144 C:\pagefile.sys10:12:35           1  1066369820    260345 C:\movies\Underworld.wmv10:12:35           1   782985038    191159 C:\Documents and Settings\User\Application Data\Thunderbird\Profiles\gmyfu5k6.default\Mail\Local Folders\Inbox10:12:35           3   450428928    109968 C:\$MFT10:12:35           1   419464317    102409 C:\Documents and Settings\User\Local Settings\Application Data\Google\GoogleEarth\dbCache.dat10:12:35           1   399726074     97590 C:\Program Files\Intuit\QuickBooks 2006\Components\PConfig\Data1.cab10:12:35           1   255758336     62441 C:\Documents and Settings\User\Local Settings\Temp\~PST9105.tmp10:12:35           1   163647488     39953 C:\movies\TDVC\VIDEO_TS\VTS_01_1.VOB10:12:35           1   124288367     30344 C:\Documents and Settings\User\Application Data\Thunderbird\Profiles\gmyfu5k6.default\Mail\Local Folders\Sent10:12:35         397  2146456872     25664 C:\$Extend\$UsnJrnl:$J:$DATA10:12:35           1    94636486     23105 C:\Documents and Settings\User\Application Data\Thunderbird\Profiles\gmyfu5k6.default\Mail\mail.unlimiteddynamics.com\Inbox10:12:35           1    94449612     23059 C:\Documents and Settings\User\Application Data\Thunderbird\Profiles\gmyfu5k6.default\Mail\Local Folders\Drafts10:12:35           1    92262400     22525 C:\Documents and Settings\User\Local Settings\Temp\~PST3160.tmp10:12:35           1    72576436     17719 C:\Documents and Settings\User\My Documents\Morpheus Shared\Downloads\LAURAINE\Phil Collins - Genesis - Land Of Confusion.mpg10:12:35           1    67108864     16384 C:\$LogFile10:12:35           1    66934961     16342 C:\Documents and Settings\User\Application Data\Thunderbird\Profiles\gmyfu5k6.default\Mail\Local Folders\Inbox.sbd\PR_DIRT10:12:35           1    64118784     15654 C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Sample\VAIO Sample.mpeg10:12:35           1    63044788     15392 C:\WINDOWS\Driver Cache\i386\driver.cab10:12:35           1    63044788     15392 C:\WINDOWS\I386\DRIVER.CAB10:12:35           1    62210650     15189 C:\WINDOWS\system32\ActiveScan\pav.sig10:12:35           1    58408960     14260 C:\Program Files\Sony\Click to DVD 2\TransitionPlugins\gmCelebrateRes.dll10:12:35           1    53137653     12974 C:\101\WEB_SITES\ROLL\GRAPHICS\ROTATOR\ROTATOR_01.png10:12:35           1    50870409     12420 C:\Documents and Settings\User\Application Data\Thunderbird\Profiles\gmyfu5k6.default\Mail\mail.unlimited_REMOVED-FOR-PRIVACY.com\Trash10:12:35           1    49880152     12178 C:\101\WEB_SITES\ROLL\PHOTOS\PARTS_20070422_BURNED\Ellis_ACP.tif10:12:35 Analyzing disk 'D:\'10:12:35 Ignoring disk 'D:\' because it is a removable disk.10:12:35 Analyzing disk 'E:\'10:12:35 Ignoring disk 'E:\' because it is a removable disk.10:12:35 Finished.

PREVIOUS DEFRAG LOG - I'm not sure if this is relevant, but this is a defrag attempt or a full defrag log from something, possibly the Windows Defrag attempt. This took place prior deleting files and also loading files via FTP to a server in order to eliminate used space.

Volume (C:)    Volume size                                = 68.52 GB    Cluster size                               = 4 KB    Used space                                 = 51.38 GB    Free space                                 = 17.14 GB    Percent free space                         = 25 %Volume fragmentation    Total fragmentation                        = 1 %    File fragmentation                         = 3 %    Free space fragmentation                   = 0 %File fragmentation    Total files                                = 226,306    Average file size                          = 348 KB    Total fragmented files                     = 29    Total excess fragments                     = 21,469    Average fragments per file                 = 1.09Pagefile fragmentation    Pagefile size                              = 1.49 GB    Total fragments                            = 1Folder fragmentation    Total folders                              = 21,772    Fragmented folders                         = 1    Excess folder fragments                    = 0Master File Table (MFT) fragmentation    Total MFT size                             = 430 MB    MFT record count                           = 249,217    Percent MFT in use                         = 56 %    Total MFT fragments                        = 4--------------------------------------------------------------------------------Fragments       File Size       Files that cannot be defragmented2               141 KB          \System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP269\A0055821.com3               544 KB          \System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP269\A0055790.com3               719 KB          \System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP269\A0055792.com3               801 KB          \System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP269\A0055778.com3               810 KB          \System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP269\A0055768.com3               816 KB          \System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP269\A0055779.com4               1,021 KB        \System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP269\A0055742.com4               1 MB            \System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP269\A0055789.com4               1 MB            \System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP269\A0055744.com4               1 MB            \System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP269\A0055781.com4               1 MB            \System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP269\A0055717.com5               2 MB            \System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP269\A0055724.com5               3 MB            \System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP269\A0055757.com5               3 MB            \System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP269\A0055758.com5               3 MB            \System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP269\A0055809.com5               3 MB            \System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP269\A0055723.com8               8 MB            \System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP269\A0055722.com12,297          734 MB          \Documents and Settings\User\Application Data\Thunderbird\Profiles\gmyfu5k6.default\Mail\Local Folders\Inbox8,750           758 MB          \System Volume Information\_restore{85D8F67A-9556-4D4D-A80C-B684FCCBE8C6}\RP307\A0110966.exe

HIJACK THIS ADD/REMOVE PROGRAMS LIST - There were some programs I removed recently due to non use, but here is the latest list as requested. I noticed Firefox and HiJackThis is referenced twice. Which ones, if any, can I safely remove without encountering issues?


Edited by FidelGonzales, 18 September 2007 - 12:22 AM.

  • 0

Advertisements

#2
FidelGonzales
Posted 17 September 2007 - 11:55 PM

FidelGonzales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
This post is not a bump. I provided additional information that is requested elsewhere on the "You must. . ." thread. After reading the submissions guidelines, I realized the moderators recommend to keep the thread to one post so as not to look like it is being revolved by other mods or construed as a bump. I am unable to delete this post after consolidating the data to one post. I hereby apologize.

Edited by FidelGonzales, 18 September 2007 - 12:12 AM.

  • 0

#3
FidelGonzales
Posted 18 September 2007 - 09:37 AM

FidelGonzales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I rescanned my computer using SUPERAnitSpyware. I limited the scan to exclude the files where I have found nothing in the past, which is on a directory in the C: drive. I did this because to do otherwise would have taken close to 10 hours or more, and there's some work I need done this morning. I'll run the other scans again as well.

SUPERANTISPYWARE LOG - The one item was quarantined.

SUPERAntiSpyware Scan Log[url="http://www.superantispyware.com"]http://www.superantispyware.com[/url]Generated 09/18/2007 at 04:23 AMApplication Version : 3.9.1008Core Rules Database Version : 3306Trace Rules Database Version: 1312Scan type       : Custom ScanTotal Scan Time : 03:44:53Memory items scanned      : 544Memory threats detected   : 0Registry items scanned    : 6561Registry threats detected : 0File items scanned        : 72440File threats detected     : 1Trojan.Downloader-Gen/Win	C:\WINDOWS\SYSTEM32\MT_32.DLL

  • 0

#4
FidelGonzales
Posted 18 September 2007 - 01:35 PM

FidelGonzales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
AVG FREE LATEST RESULTS - It appears as if things are getting cleaner, but the issues are prevailing to continually slow the computer. It does seem a little faster, though, but perhaps it's my imagination.

General properties	
Report name	Selected Areas Test
Start time	9/18/2007 9:23
End time	9/18/2007 12:01:44 PM  (total: 2:37:58.7 hrs)
Launch method	Scanning launched manually
Scanning result	No threats found
Report status	Scanning completed successfully
 	
Object summary	
Scanned	125458
Threats Found	0
Cleaned	0
Moved to vault	0
Deleted	0
Errors	0

P.S. I am only a hack following the advice and apparent logic listed under similar threads and have no professional sense for what I am doing. Anyone willing to help who has the skills to work toward a resolution is invited to join in. Until then, my lack of patience and necessity to rid myself of the computer issues is leading me to do my best. Thanks.
  • 0

#5
FidelGonzales
Posted 18 September 2007 - 02:47 PM

FidelGonzales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
COMBOFIX SCAN - After uninstalling Viewpoint last week due to reference here that it should be removed from the system and reading elsewhere how it is used as spyware and is installed along with AIM, I was a bit surprised to see it still on the system. So, I removed the remaining referenced folders below. I also deleted "C:/qoobox" folder that may not be listed here but was listed upon another similar thread. My computer seems to be running considerably faster, but I am not totally convinced I'm free quite yet, since it still takes some time to process web form clicks, but it doesn't seem as long as it did last night. Likewise, I'm listening to streaming audio again and happy it is streaming in clear without any garble or choppy audio. I'll perform another ATF Cleaner and Crap Cleaner and perform a Panda check again after a reboot. Right now, I am pretty satisfied with the progress. Beyond that, though, here is the log created from the Combo Fix scan. I don't know of anything else that requires removal or fixing. Authoritative help is certainly appreciated.

ComboFix 07-09-18.4 - "User" 2007-09-18 12:54:01.1 - NTFSx86 Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.269 [GMT -7:00]Script execution time was exceeded on script "C:\ComboFix\restore_pt.vbs".Script execution was terminated..(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\setup.exeC:\WINDOWS\system32\bszip.dll.(((((((((((((((((((((((((   Files Created from 2007-08-18 to 2007-09-18  ))))))))))))))))))))))))))))))).2007-09-18 12:50	51,200	--a------	C:\WINDOWS\NirCmd.exe2007-09-17 23:59	<DIR>	d--------	C:\VundoFix Backups2007-09-17 23:51	<DIR>	d--------	C:\DOCUME~1\User\DoctorWeb2007-09-14 22:02	<DIR>	d--------	C:\Program Files\CCleaner2007-09-14 15:25	<DIR>	d--------	C:\Program Files\SpywareBlaster2007-09-14 03:32	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier2007-09-14 03:31	75,248	--a------	C:\WINDOWS\zllsputility.exe2007-09-14 03:31	4,212	---h-----	C:\WINDOWS\system32\zllictbl.dat2007-09-14 03:31	11,264	--a------	C:\WINDOWS\system32\SpOrder.dll2007-09-14 03:30	75,932	--a------	C:\WINDOWS\system32\drivers\klick.dat2007-09-14 03:30	74,396	--a------	C:\WINDOWS\system32\drivers\klin.dat2007-09-14 03:30	16,637,984	--ahs----	C:\WINDOWS\system32\drivers\fidbox.dat2007-09-14 03:30	110,360	--a------	C:\WINDOWS\system32\drivers\kl1.sys2007-09-14 03:28	1,086,952	--a------	C:\WINDOWS\system32\zpeng24.dll2007-09-14 03:28	<DIR>	d--------	C:\WINDOWS\system32\ZoneLabs2007-09-14 01:40	<DIR>	d--------	C:\WINDOWS\Internet Logs2007-09-13 20:28	<DIR>	d--------	C:\WINDOWS\system32\ActiveScan2007-09-13 18:26	0	--a------	C:\WINDOWS\ORUN32.EXE2007-09-13 18:25	0	--a------	C:\WINDOWS\system32\CMMGR32.EXE2007-09-13 17:58	<DIR>	d--------	C:\Program Files\SUPERAntiSpyware2007-09-13 17:58	<DIR>	d--------	C:\DOCUME~1\User\APPLIC~1\SUPERAntiSpyware.com2007-09-13 17:58	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com2007-09-13 12:01	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard2007-09-13 09:35	552	--a------	C:\WINDOWS\system32\d3d8caps.dat2007-09-13 08:41	10,872	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys2007-09-12 18:58	<DIR>	d--------	C:\DOCUME~1\FIDELG~1\APPLIC~1\Viewpoint2007-08-31 08:44	<DIR>	d--------	C:\DOCUME~1\User\APPLIC~1\Help2007-08-22 10:23	<DIR>	d--------	C:\DOCUME~1\User\APPLIC~1\DassaultSystemes2007-08-22 10:23	<DIR>	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\DassaultSystemes2007-08-22 10:21	<DIR>	d--------	C:\Program Files\Common Files\SolidWorks Shared2007-08-21 20:44	<DIR>	dr-h-----	C:\DOCUME~1\FIDELG~1\APPLIC~1\yahoo!2007-08-19 19:57	<DIR>	d--------	C:\DOCUME~1\FIDELG~1\APPLIC~1\Sony Corporation2007-08-19 19:57	<DIR>	d--------	C:\DOCUME~1\FIDELG~1\APPLIC~1\Intuit.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2007-09-18 13:16	---------	d--------	C:\DOCUME~1\User\APPLIC~1\OpenOffice.org22007-09-18 13:03	196004	--ahs----	C:\WINDOWS\system32\drivers\fidbox.idx2007-09-14 16:01	---------	d--------	C:\Program Files\WinSCP32007-09-14 16:00	---------	d--------	C:\Program Files\QuickTime2007-09-14 16:00	---------	d--------	C:\Program Files\Lexmark 1200 Series2007-09-14 16:00	---------	d--------	C:\Program Files\7-Zip2007-09-14 15:58	---------	d--------	C:\Program Files\File Renamer2007-09-14 15:57	---------	d--------	C:\Program Files\FileZilla2007-09-14 03:44	---------	d--------	C:\Program Files\Morpheus2007-09-13 23:24	---------	dr-h-----	C:\DOCUME~1\User\APPLIC~1\yahoo!2007-09-13 22:38	---------	d--------	C:\Program Files\Google2007-09-13 22:04	---------	d--------	C:\Program Files\Winamp2007-09-13 20:50	---------	d--------	C:\Program Files\MSN Messenger2007-09-13 18:25	---------	d--------	C:\Program Files\FastStone Capture2007-09-13 16:18	---------	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint2007-08-23 20:58	---------	d--------	C:\Program Files\DivX2007-08-23 20:56	---------	d--------	C:\Program Files\SHOUTcast2007-08-18 21:36	---------	d--------	C:\Program Files\EMS2007-08-17 10:58	---------	d--------	C:\Program Files\Mozilla Thunderbird2007-08-16 11:33	---------	d--------	C:\Program Files\BitTorrent2007-08-16 11:20	---------	d--------	C:\DOCUME~1\User\APPLIC~1\WinSQL2007-08-16 01:14	---------	d--------	C:\DOCUME~1\User\APPLIC~1\EssentialPIM2007-08-14 17:08	---------	d--------	C:\DOCUME~1\User\APPLIC~1\DeepBurner2007-08-14 16:44	---------	d--------	C:\Program Files\Astonsoft2007-08-14 16:10	---------	d--------	C:\Program Files\activePDF2007-08-14 12:39	---------	d--------	C:\Program Files\Calendar Magic2007-08-14 12:21	---------	d--------	C:\Program Files\FreeMind2007-08-14 12:15	---------	d--------	C:\Program Files\EssentialPIM2007-08-13 07:30	---------	d--------	C:\Program Files\MorpheusBar2007-08-13 02:51	---------	d--------	C:\Program Files\Citrix2007-08-13 02:22	---------	d--------	C:\DOCUME~1\User\APPLIC~1\BitTorrent2007-08-13 00:59	---------	d--------	C:\DOCUME~1\User\APPLIC~1\Download Manager2007-08-06 23:45	---------	d--------	C:\DOCUME~1\ALLUSE~1\APPLIC~1\MagneticOne Store Manager for osCommerce2007-07-30 19:19	92504	--a------	C:\WINDOWS\system32\cdm.dll2007-07-30 19:19	549720	--a------	C:\WINDOWS\system32\wuapi.dll2007-07-30 19:19	53080	--a------	C:\WINDOWS\system32\wuauclt.exe2007-07-30 19:19	43352	--a------	C:\WINDOWS\system32\wups2.dll2007-07-30 19:19	325976	--a------	C:\WINDOWS\system32\wucltui.dll2007-07-30 19:19	203096	--a------	C:\WINDOWS\system32\wuweb.dll2007-07-30 19:19	1712984	--a------	C:\WINDOWS\system32\wuaueng.dll2007-07-30 19:18	33624	--a------	C:\WINDOWS\system32\wups.dll2007-07-29 04:03	6506	---hs----	C:\WINDOWS\system32\ybeeg.bak22007-07-18 14:13	---------	d--------	C:\Program Files\OpenOffice.org 2.22007-07-18 14:11	---------	d--------	C:\Program Files\OpenOffice.org 2.12007-06-25 23:08	1104896	--a------	C:\WINDOWS\system32\msxml3.dll2007-06-21 00:30	120405	--a------	C:\WINDOWS\File Renamer - Basic Uninstaller.exe2007-06-19 06:31	282112	--a------	C:\WINDOWS\system32\gdi32.dll.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))). *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]2005-10-14 10:21	102400	--a------	C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 00:07]"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54]"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-07-18 14:00]"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-14 01:16]"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Aim6"="" []"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-09-14 03:58]"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-07-10 14:01:39]Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]Canon PC1200 iC D700 Status Window.LNK - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3LAK.EXE [2004-01-14 14:36:09]Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-01-22 12:21:00]C:\DOCUME~1\User\STARTM~1\Programs\Startup\OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]"DisableRegistryTools"=0 (0x0)[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-09-14 03:58 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geeby] C:\WINDOWS\system32\geeby.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] VESWinlogon.dll 2005-05-20 18:42 73728 C:\WINDOWS\system32\VESWinlogon.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32] winjvd32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvurq] xxyvurq.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnkbackup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]ALCMTR.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]C:\Program Files\Apoint\Apoint.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]C:\Program Files\Realtek\InstallShield\AzMixerSel.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExecAfterFirstBoot]C:\WINDOWS\SONYSYS\EFlyer\ExecAfterFirstBoot.exe /fC:\WINDOWS\SONYSYS\Docs\Latest Information.pdf /d4[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]C:\Program Files\Common Files\AOL\1141742783\ee\AOLHostManager.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]C:\WINDOWS\system32\hkcmd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]C:\WINDOWS\system32\igfxpers.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]C:\WINDOWS\system32\igfxtray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]C:\Program Files\Sony\ISB Utility\ISBMgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]"C:\Program Files\Messenger\msmsgs.exe" /background[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]RTHDCPL.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]C:\Program Files\Sony\VAIO Power Management\SPMgr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]"C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSecurity]"C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDBS2 IcRecUsb;IC Recorder Driver;C:\WINDOWS\system32\Drivers\IcRecUsb.sysS2 RapidPortM3;RapidPortM3;\??\C:\WINDOWS\system32\Drivers\CAPM3LP.SYSS3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exeS3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sysS3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f093561-1c75-11dc-b192-00166f94a60f}]AutoRun\command- F:\DTE_Privacy_launcher.exe.Contents of the 'Scheduled Tasks' folder"2007-09-12 05:07:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"- C:\Program Files\Apple Software Update\SoftwareUpdate.exe"2007-05-08 15:29:40 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"- C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe.**************************************************************************catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2007-09-18 13:11:03Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...scanning hidden autostart entries ...scanning hidden files ...scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2007-09-18 13:19:15 - machine was rebootedC:\ComboFix-quarantined-files.txt ... 2007-09-18 13:19.	--- E O F ---

Edited by FidelGonzales, 18 September 2007 - 02:51 PM.

  • 0

#6
FidelGonzales
Posted 18 September 2007 - 03:11 PM

FidelGonzales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
THE LATEST HIJACKTHIS LOG - There are some obvious "missing files" that ought to be deleted, but before my ambitions get the best of me, I will wait a while to see if any pros have some much-needed guidance to render.

Logfile of HijackThis v1.99.1
Scan saved at 1:56:58 PM, on 9/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\CAPM3RSK.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3LAK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3SWK.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon PC1200 iC D700 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3LAK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://69.213.66.54/TSWEB/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O20 - Winlogon Notify: xxyvurq - xxyvurq.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

  • 0

#7
FidelGonzales
Posted 18 September 2007 - 03:31 PM

FidelGonzales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Couldn't wait. Hopefully, this isn't my "LAST STAND" and ultimate demise. I'm removing these no long needed program-related apps:

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

I'm removing these referenced in other forms. Some said to remove via HijackThis and others using other applications. I'm using HJT for now. Please advise if otherwise. Included are links for my reference.

O20 - Winlogon Notify: winjvd32 - winjvd32.dll (file missing)
http://www.geekstogo...og-t108755.html
http://www.geekstogo...an-t129165.html
http://www.geekstogo...zb-t118858.html

O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
http://www.geekstogo...dll-t70751.html
http://www.geekstogo...elp-t70677.html
http://www.geekstogo...elp-t77029.html


OTHER CONCERNS NOT DEALT WITH (LEFT IN PLACE)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
  • 0

#8
FidelGonzales
Posted 18 September 2007 - 03:58 PM

FidelGonzales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
LATEST HIJACKTHIS LOG - I'm back. I wasn't sure if I'd make it after the last deletes. It seems to be looking clean so far. There are some areas of interest that I'll check out, but I'm running out of options on what to look for. I'm hoping I have done everything relatively well. The results so far are promising, since I have not blown up my computer and have made progress on the speed of the computer and identification and removal of issues. HELP???

Logfile of HijackThis v1.99.1
Scan saved at 2:51:59 PM, on 9/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CAPM3RSK.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3LAK.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3SWK.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon PC1200 iC D700 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3LAK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://69.213.66.54/TSWEB/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O20 - Winlogon Notify: xxyvurq - xxyvurq.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

  • 0

#9
FidelGonzales
Posted 18 September 2007 - 04:16 PM

FidelGonzales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
AREAS OF INTEREST - I'm not sure if this has anything to do with anything, but it's all I can find that may remain as an issue. Until then, I'm running an F-Secure Scan as well as another VundoFix scan. Everything seems smooth and fast, but forms are still somewhat slow. Should I update Java or something like that? If so, how?

O20 - Winlogon Notify: xxyvurq - xxyvurq.dll (file missing)
http://www.techsuppo...1383-post3.html
  • 0

#10
FidelGonzales
Posted 18 September 2007 - 06:00 PM

FidelGonzales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
F-SCAN

Scanning Report
Tuesday, September 18, 2007 15:15:02 - 16:23:05

Computer name: 078A6A7107074FC
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 1 malware found
Tracking Cookie (spyware)

	* System (Disinfected) 

Statistics
Scanned:

	* Files: 28801
	* System: 5685
	* Not scanned: 3 

Actions:

	* Disinfected: 1
	* Renamed: 0
	* Deleted: 0
	* None: 0
	* Submitted: 0 

Files not scanned:

	* C:\PAGEFILE.SYS
	* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
	* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{CF8158D0-492E-40AE-97D3-0BD42AA1A0A9}.BIN 

Options
Scanning engines:

	* F-Secure Libra: 2.4.2, 2007-09-18
	* F-Secure AVP: 7.0.171, 2007-09-18
	* F-Secure Orion: 1.2.37, 2007-09-18
	* F-Secure Blacklight: 1.0.64
	* F-Secure Draco: 1.0.35, 0597-150-72
	* F-Secure Pegasus: 1.19.0, 2007-08-10 

Scanning options:

	* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
	* Use Advanced heuristics

  • 0

Advertisements

#11
FidelGonzales
Posted 18 September 2007 - 09:46 PM

FidelGonzales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
CURRENT STATUS -

I've been cycling back and forth between the various scans. At this point I don't know what else I can find.

The current status of the computer includes occasional spikes of slow periods. Though, these are not as frequent and occur every 10 to 20 minutes or less generally under nominally heavy loads and not constant as before. Nevertheless, this situation never occurred previous to the malware issue.

Also, anytime I utilize the submit button on this forum or on any website, it continually takes approximately 15 to 30 seconds. During this time, Firefox freezes. At the end of this period, the FF window goes white and the Windows tab vanishes. When it returns, it begins processing the submit as usual. Currently, this is amid the most annoying part of the series of errors I have encountered thus far, particularly since I use the web all day and utilize CMSs and forums all day long in the course of the work day.

Nevertheless, I'll forge a path forward in search of a solution to the various remaining issues. Moving forward, before I call it a night, I'll perform another full Panda scan or other scan that is recommended on a thread that parallels the issues within this thread. Thank you in advance for any future assistance you may provide.

DELETED FILES - Referenced URL noted below each file.

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
http://www.geekstogo...r....html&st=15

LATEST HIJACKTHIS LOG

Logfile of HijackThis v1.99.1
Scan saved at 8:30:13 PM, on 9/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\CAPM3RSK.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3LAK.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3SWK.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon PC1200 iC D700 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM3LAK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://69.213.66.54/TSWEB/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O20 - Winlogon Notify: xxyvurq - xxyvurq.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

  • 0

#12
FidelGonzales
Posted 18 September 2007 - 10:02 PM

FidelGonzales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
FIREFOX

After several days of looking, it seems that my issue with Firefox and the submit button may be attributable to Firefox itself, since I am not encountering this issue with IE. I am, though, still encountering the garbled audio stream when using IE, but it doesn't seem as often. Below is a URL with some information that references Firefox being slow and the reason for this being Spybot Search And Destroy. I have not installed this but assume there may be an associated issue pertaining to another Spyware program. I have listed those I have installed within this thread. Does anyone have any idea whether this is strictly a FF issue or whether this has something to do with the malware issue?

http://forums.mozill...ic.php?t=580585
  • 0

#13
FidelGonzales
Posted 19 September 2007 - 01:14 AM

FidelGonzales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I determined there was a FireFox Add On that was conflicting and causing the form submit and related issues. Some of the other issues seem to remain. I'll be doing some more checking here in a while.
  • 0

#14
Essexboy
Posted 29 September 2007 - 08:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there sorry for the delay could you please post a new Hijackthis log and a synopsis of your problems as they stand ... Ta
  • 0

#15
FidelGonzales
Posted 29 September 2007 - 01:57 PM

FidelGonzales

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Thank you. No apology necessary.

A RECAP FROM THE OTHER THREAD

I have downloaded the Tune Up software and performed several operations designed to speed things up. When running CHKDSK, the computer got to stage four of five at 22 percent and didn't seem to move any more after approximately four hours. I then rebooted. I do recall something similar occurring previously, possibly with CHKDSK.

OTHER POSSIBLE CONCERN / CONTRIBUTING FACTOR / ISSUE

Ever since I purchased this laptop, every once in a great while the screen goes blank to a blue screen. When this occurs, I believe everything is still operating as usual, but since the screen is completely blank, you cannot see what is going on and is therefore useless. The only way to overcome this that I know of is to turn off the computer and turn it back on by manually using the power button. I realize this could be the cause of an error, and since it occurred recently and reminded me, I figure it is definitely worthy of note, particularly since CHKDSK is not able to completely cycle.

PERFORMANCE

Currently, the computer works well at times but is excruciatingly slow at others. Before this issue arose, I used to be able to run Photoshop, Dreamweaver, Fireworks, Thunderbird and any other program simultaneously, working with large files, but now, even at best, its too slow to want to do that for a long time, and at worse, I only run one program and it's even tough to get the job done.

HI-JACK-THIS LOG - I've long wondered what this is "O20 - Winlogon Notify: xxyvurq - xxyvurq.dll (file missing)"

Logfile of HijackThis v1.99.1
Scan saved at 12:22:48 PM, on 9/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment

Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\CAPM3RSK.EXE
C:\Program Files\TuneUp Utilities 2007\Integrator.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.sony.com/vaiopeople
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} -

C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} -

C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program

Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program

Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program

Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200

Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar

3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program

Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program

Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

(file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) -

http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) -

http://a516.g.akamai...25175/citrix/wf

icat-no-eula.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control

(redist)) - http://69.213.66.54/TSWEB/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoft...free/asinst.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) -

http://dlm.tools.aka...vex-2.2.1.6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xxyvurq - xxyvurq.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony

Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony

Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony

Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program

Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation -

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common

Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program

Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program

Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation -

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment

Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO

Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server

(VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program

Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP)

(VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program

Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe"

/Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony

Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP

(file missing)
O23 - Service: VAIO Media Integrated Server (UPnP)

(VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program

Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) -

Unknown owner - C:\Program Files\Sony\VAIO Media Integrated

Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway

/RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0"

/RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server

(file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation -

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation -

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment

Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation -

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

Edited by Essexboy, 29 September 2007 - 02:00 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP