Solved Possible re-infection

[Resolved] Possible re-infection

Hi there, Juliet helped me last week with this problem: http://www.windowsbbs.com/malware-v...roblem-browsers-closing-redirects-spam-3.html

I notice the thread is now closed and Juliet has said I should start a new one.

I've been using the internet ok since I last posted on the thread, but earlier this evening something strange happened to my Firefox - it froze and the processor was running on full for a good five minutes. I thought the virus may have returned.

However, it's not showing the same signs as the previous problems with web results diverting to foreign sites, and it is letting me access virus protection sites.

What I have noticed is that a lot of files and folders have now appeared in my C:, for example in my c:/windows/system32

I ran Ncleaner and it removed a massive 95mb - usually it's around 2mb per internet session. I've cleaned it a few times since and /firefox/applicationdata is showing lots of strange files which seem to be taking up a lot of space, even if firefox is open for just a minute.

I haven't visited any malicious sites, only ones I trust.

I ran an MBAM scan and it picked up a problem which is now removed. The log is below. I'm just wondering if I have a re-infection of some sort.

MBAM

Malwarebytes' Anti-Malware 1.35
Database version: 1921
Windows 5.1.2600 Service Pack 3

09/04/2009 21:35:22
mbam-log-2009-04-09 (21-35-22).txt

Scan type: Quick Scan
Objects scanned: 75521
Time elapsed: 5 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

Welcome back


Sorry for the delay...


Download Combofix from any of the links below.

Save it to your desktop.

Link 1
Link 2
Link 3

--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
(Click on this link to see a list of programs that should be disabled.)
http://www.bleepingcomputer.com/forums/topic114351.html


Double click on Combo-Fix.exe & follow the prompts.

Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

No Validation is Required.





** Please Note:
At times ComboFix may appear to stall, please be patient.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Please only run the tool once, ty.


You may need several replies to post the requested logs, otherwise they might get cut off.

 

Hi again Juliet!

Ok, Combofix ran ok. The report is below along with a HJT log

Thanks for your time and help

Combofix

ComboFix 09-04-13.04 - user user 2009-04-12 20:46.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.102 [GMT 1:00]
Running from: c:\documents and settings\user user\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated)
FW: Norton Internet Security *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\w32apiw.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-13 to 2009-04-13 )))))))))))))))))))))))))))))))
.

2009-04-12 19:44 . 2006-03-02 23:42 73728 ----a-w C:\pv.exe
2009-04-12 12:49 . 2009-04-12 12:49 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-02 09:33 . 2009-04-02 09:34 1878888 ----a-w C:\install_flash_player.exe
2009-04-01 13:23 . 2009-04-01 13:24 7344888 ----a-w C:\Firefox Setup 3.0.8.exe
2009-04-01 12:36 . 2009-04-01 12:36 -------- d-----w C:\worksnow
2009-03-31 12:56 . 2008-06-19 15:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-03-31 12:56 . 2009-03-31 12:56 -------- d-----w c:\program files\Panda Security
2009-03-31 12:54 . 2009-03-31 12:54 175504 ----a-w C:\activescan2_en.exe
2009-03-29 23:00 . 2009-03-29 23:00 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-29 15:47 . 2008-10-16 13:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-03-29 15:47 . 2008-10-16 13:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-03-29 15:47 . 2008-10-16 13:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-03-29 14:41 . 2009-03-29 14:41 353485 ----a-w C:\HostsXpert.zip
2009-03-29 13:10 . 2009-04-12 12:49 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-27 20:49 . 2009-03-27 21:04 -------- d-----w c:\documents and settings\user user\DoctorWeb
2009-03-26 23:53 . 2009-03-26 23:53 -------- d-----w c:\program files\Windows Defender
2009-03-26 14:57 . 2009-03-26 15:07 62729728 ----a-w C:\avg_free_stf_en_85_283a1450.exe
2009-03-25 15:54 . 2009-03-27 14:22 -------- d-----w c:\documents and settings\user user\Tracing
2009-03-25 15:49 . 2009-03-25 15:49 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-25 12:43 . 2009-03-29 12:48 -------- d-----w C:\MGtools
2009-03-25 12:41 . 2009-03-25 12:41 1339834 ----a-w C:\MGtools.exe
2009-03-24 15:37 . 2009-03-26 20:21 -------- d-----w c:\program files\Avast4
2009-03-24 15:08 . 2009-03-24 15:08 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-24 14:47 . 2009-03-24 14:47 -------- d-----w c:\documents and settings\user user\Application Data\Malwarebytes
2009-03-24 14:47 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-24 14:47 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-24 14:47 . 2009-03-24 14:47 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-24 14:46 . 2009-04-10 15:15 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-15 16:30 . 2009-03-15 16:30 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-03-15 16:30 . 2009-03-15 16:30 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-03-15 16:30 . 2009-03-15 16:30 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-03-15 16:30 . 2009-03-15 16:30 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-12 19:42 . 2005-07-11 16:37 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-12 12:49 . 2005-07-11 16:29 -------- d-----w c:\program files\Java
2009-04-10 20:21 . 2008-01-20 18:00 -------- d-----w c:\program files\Lx_cats
2009-04-09 22:43 . 2005-11-29 20:21 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-07 19:09 . 2005-11-20 17:10 77256 ----a-w c:\documents and settings\user user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-26 20:39 . 2006-12-24 11:52 -------- d-----w c:\program files\backups
2009-03-26 11:33 . 2005-11-29 20:21 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-25 11:25 . 2009-03-25 11:25 15063 ----a-w c:\program files\hijackthis.log
2009-03-25 10:04 . 2005-11-21 17:51 -------- d-----w c:\program files\MSN Messenger
2009-03-25 08:20 . 2007-10-17 23:45 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-24 15:09 . 2007-12-08 01:20 -------- d-----w c:\program files\SUPERAntiSpyware
2009-03-24 15:09 . 2007-12-08 01:20 -------- d-----w c:\documents and settings\user user\Application Data\SUPERAntiSpyware.com
2009-03-24 12:37 . 2007-12-08 01:05 -------- d-----w c:\program files\RogueRemover FREE
2009-02-26 22:00 . 2008-12-18 19:17 -------- d-----w c:\documents and settings\user user\Application Data\FileZilla
2009-02-09 11:13 . 2005-07-11 04:48 1846784 ----a-w c:\windows\system32\win32k.sys
2009-01-16 19:28 . 2008-06-07 11:06 60912 ----a-w C:\lxccscan.log
2008-12-21 14:21 . 2007-07-27 18:57 7590400 ----a-w c:\program files\ica32web.msi
2008-12-12 19:29 . 2008-06-18 21:31 186 ----a-w c:\documents and settings\user user\Application Data\wklnhst.dat
2008-06-15 12:27 . 2008-06-15 12:24 59839784 ----a-w c:\program files\iTunesSetup.exe
2008-05-30 09:41 . 2007-07-22 17:10 76672 ----a-w c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-04-10 21:17 . 2007-11-15 18:29 1495112 ----a-w c:\program files\install_flash_player.exe
2007-07-22 15:59 . 2007-07-22 15:59 41384 ----a-w c:\program files\basiccms.zip
2007-07-22 15:43 . 2007-07-22 15:42 22312757 ----a-w c:\program files\wamp5_1.7.2.exe
2007-07-21 17:38 . 2007-07-21 17:38 1126 ----a-w c:\documents and settings\user user\Application Data\filterclsid.dat
2007-01-01 15:28 . 2007-01-01 15:27 4308596 ----a-w c:\program files\BitTornado-0.3.17-w32install.exe
2006-12-29 16:19 . 2006-12-29 16:20 899414 ----a-w c:\program files\DVDDecrypter_3.5.4.0.exe
2006-12-28 20:01 . 2006-12-28 20:51 734160 ----a-w c:\program files\VobSub_2.23.exe
2006-12-20 20:59 . 2006-12-20 20:57 9918872 ----a-w c:\program files\WMEncoder.exe
2006-12-20 20:52 . 2006-12-20 20:52 878896 ----a-w c:\program files\WGAPluginInstall.exe
2006-12-20 15:13 . 2006-12-20 15:13 4865728 ----a-w c:\program files\rminstall.exe
2006-12-19 13:14 . 2006-12-19 13:14 1035271 ----a-w c:\program files\wrar362.exe
2006-12-02 14:16 . 2006-12-02 14:16 1480862 ----a-w c:\program files\aresregular196_installer.exe
2006-12-02 14:15 . 2006-12-02 14:15 1480862 ----a-w c:\program files\Ares.exe
2005-02-16 11:06 . 2006-12-23 11:32 218112 ----a-w c:\program files\HijackThis.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck "= "c:\windows\system32\dumprep 0 -u" [X]
"Apoint "= "c:\program files\Apoint\Apoint.exe" [2003-11-07 114688]
"AzMixerSel "= "c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056]
"SonyPowerCfg "= "c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 184320]
"ISBMgr.exe "= "c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2 "= "c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-01-14 151552]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-08 49768]
"Acrobat Assistant 7.0 "= "c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 483328]
"Symantec NetDriver Monitor "= "c:\progra~1\SYMNET~1\SNDMon.exe" [2007-10-18 100056]
"SsAAD.exe "= "c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-06-03 81920]
"NeroFilterCheck "= "c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"NvCplDaemon "= "c:\windows\system32\nvcpl.dll" [2005-06-09 6746112]
"LXCCCATS "= "c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 73728]
"FaxCenterServer "= "c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-04-12 148888]
"Mouse Suite 98 Daemon "= "ICO.EXE" [2002-03-14 c:\windows\system32\ico.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 13:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420 "= i420vfw.dll
"VIDC.dvsd "= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009 Demo\\fm.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
R3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 311872]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S1 PrivateDisk;PrivateDisk;c:\windows\system32\Drivers\PrivateDiskM.sys [2004-07-06 45627]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
S2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 7520337]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e8f7237-7fcc-11dc-a66c-0013ce72c456}]
\Shell\AutoRun\command - H:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0e991fc-b53d-11dc-a6cc-0013ce72c456}]
\Shell\AutoRun\command - H:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20]

2009-04-10 c:\windows\Tasks\Norton AntiVirus - Scan my computer - user user.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-07 14:47]

2009-03-24 c:\windows\Tasks\Pareto UNS.job
- c:\program files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe []

2009-04-12 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-14 12:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\user user\Application Data\Mozilla\Firefox\Profiles\9h1aav5x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - plugin: c:\documents and settings\user user\Application Data\Mozilla\Firefox\Profiles\9h1aav5x.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 20:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16??

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Std\7.0\DefaultPreset]
@DACL=(02 0000)
@SACL=
@= "c:\\Program Files\\Adobe\\Premiere Standard\\Settings\\DV - NTSC\\Standard 48kHz.prpreset "

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Std\7.0\Help]
@DACL=(02 0000)
@SACL=
"AdobeMediaEncoder "= "c:\\Program Files\\Adobe\\Premiere Standard\\Help\\1_0_0_0.html "
"Contents "= "c:\\Program Files\\Adobe\\Premiere Standard\\Help\\1_0_0_0.html "
"ExportToDVD "= "c:\\Program Files\\Adobe\\Premiere Standard\\Help\\1_13_2_0.html "
"HowToUse "= "c:\\Program Files\\Adobe\\Premiere Standard\\Help\\0_0_0_0.html "
"Keyboard "= "c:\\Program Files\\Adobe\\Premiere Standard\\Help\\1_4_15_0.html "
"Search "= "c:\\Program Files\\Adobe\\Premiere Standard\\Help\\search.html "
"Support "= "http://www.adobe.com/support/products/premiere.html "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-04-13 20:56
ComboFix-quarantined-files.txt 2009-04-13 19:56

Pre-Run: 12,691,812,352 bytes free
Post-Run: 12,665,303,040 bytes free

216 --- E O F --- 2009-04-09 19:43

HJT

Logfile of HijackThis v1.99.1
Scan saved at 21:02:46, on 13/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Orange Toolbar - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer192.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] //~rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [TABS] Tabbed Browsing
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://myconnect.bbc.co.uk/InternalSite/WhlCompMgr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot= "SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt= "Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot= "SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt= "\Addons\Packages\Mobile\Gateway" /DisplayName= "VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

 

Computer better?

Let's run a couple more checks.



Please download [color= "#FF0000"] GooredFix[/color] from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Double-click GooredFix.exe to run it.
• Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
• A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Note: Do not run Option #2 yet.





Please download RegQuery by Noviciate to your desktop

• Copy the following registry keypath by highlighting the text and pressing CTRL and C at the same time
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
• Double click RegQuery.exe to run the program
• Paste the text you have copied using CRTL and V, into the textbox
• Click the Query button
• A Notepad file will open. Please paste the contents in your next reply
• You may now close the RegQuery program

In your next reply post:
GooredLog.txt
RegQuery log

 

Hi Juliet, the computer seems to be running better than before and I've even managed to fix a few problems I was having with Flash websites.

I ran the two scans, logs are below

Gooredlog

GooredFix v1.92 by jpshortstuff
Log created at 21:56 on 13/04/2009 running Option #1 (user user)
Firefox version 3.0.8 (en-GB)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins "= "C:\Program Files\Mozilla Firefox\plugins "

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components "= "C:\Program Files\Mozilla Firefox\components "

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com "= "C:\Program Files\Java\jre6\lib\deploy\jqs\ff "

Regquery

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midimapper "= "midimap.dll "
"msacm.imaadpcm "= "imaadp32.acm "
"msacm.msadpcm "= "msadp32.acm "
"msacm.msg711 "= "msg711.acm "
"msacm.msgsm610 "= "msgsm32.acm "
"msacm.trspch "= "tssoft32.acm "
"vidc.cvid "= "iccvid.dll "
"vidc.I420 "= "i420vfw.dll "
"vidc.iv31 "= "ir32_32.dll "
"vidc.iv32 "= "ir32_32.dll "
"vidc.iv41 "= "ir41_32.ax "
"VIDC.IYUV "= "iyuv_32.dll "
"vidc.mrle "= "msrle32.dll "
"vidc.msvc "= "msvidc32.dll "
"VIDC.UYVY "= "msyuv.dll "
"VIDC.YUY2 "= "msyuv.dll "
"VIDC.YVU9 "= "tsbyuv.dll "
"VIDC.YVYU "= "msyuv.dll "
"wavemapper "= "msacm32.drv "
"MSVideo8 "= "VfWWDM32.dll "
"msacm.msg723 "= "msg723.acm "
"vidc.M263 "= "msh263.drv "
"vidc.M261 "= "msh261.drv "
"msacm.msaudio1 "= "msaud32.acm "
"msacm.sl_anet "= "sl_anet.acm "
"msacm.iac2 "= "C:\\WINDOWS\\system32\\iac25_32.ax "
"vidc.iv50 "= "ir50_32.dll "
"msacm.l3acm "= "C:\\WINDOWS\\system32\\l3codeca.acm "
"wave "= "wdmaud.drv "
"midi "= "wdmaud.drv "
"mixer "= "wdmaud.drv "
"aux "= "wdmaud.drv "
"VIDC.dvsd "= "C:\\PROGRA~1\\COMMON~1\\SONYSH~1\\VideoLib\\sonydv.dll "
"vidc.yv12 "= "yv12vfw.dll "
"VIDC.FFDS "= "ff_vfw.dll "
"aux2 "=" "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server\RDP]
"wave "= "rdpsnd.dll "
"mixer "= "rdpsnd.dll "
"MaxBandwidth "=dword:000056b9
"wavemapper "= "msacm32.drv "
"EnableMP3Codec "=dword:00000001
"midimapper "= "midimap.dll "

 

Good deal.


Those scans came back clean.



Click Start >> Run and then copy/paste the following into the box and hit Enter:

"%userprofile%\Desktop\GooredFix.exe" /uninstall

If any of your security programs query a new Registry/AutoStart value being added please allow the changes.


NEXT**
You can delete RegQuery
RegQuery log <---and this file



NEXT**
Your version of Adobe is out of date.

You can obtain the latest version of Adobe Reader from [color= "red"]here[/color], and the latest version of Flash Player from [color= "red"]here[/color].
For more information and links to Adobe updates and downloads click [color= "red"]here[/color].




I'd like to see the results of an online scan.


NEXT**
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Other available links
Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition
  files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Once the scan is complete, click on View scan report To obtain the report:

Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419


In your next reply post:
Kaspersky log
New HJT log taken after the above scan has run


You may need several replies to post the requested logs, otherwise they might get cut off.

 

Hi Juliet, I followed instructions up to Kaspersky. I've ran the scan several time but it gets to a particular point and freezes having detected several threats. My Norton is fully disabled so I'm not sure why it's sticking, I've had this problem before.

Is there another scan I should try?

thanks

 

Let's try this one.

Perform an online scan with Panda ActiveScan
* Click on Scan Your PC Now
* A "pop up" window will appear, or a new tab will open.
* Click on Register
* Choose the option you like most, but we recommend the Free Registration.

Click on Register
# Enter your e-mail address, and create a password.
# Select "I do not want to receive any type of information ". (unless you want to receive such information)
# Click on Send
# Confirm registration, and continue by entering your user name and password, then click on Enter
# Select Full Scan, then Click on Scan Now
# Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
# If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
# Please ignore the offer to buy the program. Click on Export To


* Export the log and save it to your desktop.
* Please post the contents of that log in your next reply.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

 

Hi Juliet, bit of an odd problem, I ran the scan and it found three threats for the paid version and one suspicious file: C:\Documents and Settings\User User\DoctorWeb\Quarantine\A0040631.exe

I tried to send this to the laboratory but it didn't do anything.

The export function also doesnt work! I click it, try to save on the desktop and it doesn't save anything.

 

You have to click on the export button first or it will lose it.
If it was all contained in the DRWeb quarantine folder no cause for alarm....Or if it was found in system restore points as far as that goes.

Can you recall?


How's your computer?

 

Hi Juliet, it appears to be in the quarantine folder - should I manually delete the file?

The computer is a bit odd, the processor seems overworked and using multiple applications takes a while. I'm also regularly having to run ATF/CC/N Cleaners to free up lots of MBs

 

C:\Documents and Settings\User User\DoctorWeb\Quarantine <--You can delete the contents inside.

I hope it isn't Nortons causing all these problems.

How long has it been since you clicked on the Live Update button?

Do you have Microsoft Windows Updates set to automatic?

Post a new HJT log and let me see if there are items we can disable.

 

Hi Juliet, I've deleted the contents of that folder.

I haven't done a Live Update for a while, so I've just done one and after the re-boot I couldn't get on to the internet and the wireless keeps failing to connect.

Windows updates are on auto

I thought Firefox may be to blame, it seems to use a lot of the processor when open. I've re-installed the latest version a few times.

HJT

Logfile of HijackThis v1.99.1
Scan saved at 01:34:39, on 15/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Orange Toolbar - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer192.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe "
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] //~rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [TABS] Tabbed Browsing
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://myconnect.bbc.co.uk/InternalSite/WhlCompMgr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot= "SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt= "Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot= "SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt= "\Addons\Packages\Mobile\Gateway" /DisplayName= "VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

thanks

 

Welcome back


Your version of Adobe is out of date.

You can obtain the latest version of Adobe Reader from [color= "red"]here[/color], and the latest version of Flash Player from [color= "red"]here[/color].
For more information and links to Adobe updates and downloads click [color= "red"]here[/color].




Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.



We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

After all of the fixes are complete it is very important that you enable Real-time Protection again





Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)


The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
(This program is not required to start automatically as you can run it when you need to. It is advised that you disable this program so that it does not take up necessary resources.)

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 9.0\Distillr\Acrotray.exe "
(Unnecessary)

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
(Unnecessary at bootup)

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [SunJavaUpdateSched] \ "C:\Program Files\Java\jre6\bin\jusched.exe\ "
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 9.0\Reader\reader_sl.exe
(Description: Adobe reader startup - unnecessarily uses system resources.)


Now please reboot the computer.


Post back and let me know if this has helped.

 

Hi Juliet, I've downloaded the latest Adobe Reader and Flash a few times, following your previous message about them being out-of-date. Not sure why it's not displaying as the latest version.

I've followed your instructions. The PC seems to be behaving better, ocassionally before the processor would be working overtime even if one application was open and a lot of MBs had to be freed using cleaners.

I'll keep an eye on things unless you recommend any more action?

thanks

 

I've probably taken the machine down to basic items loading now, which before several things were loading that were just not needed.

Only thing I can think of since we've done quite a bit of cleaning is to defragment the computer now.

When you do, don't rely on the analyze button, go ahead and allow it to defragment the computer.
One that hasn't been defragged in a good while can take 2 or 3 times to fully defrag out.


One other point to make, some of these programs can be quite large, if you don't have adequate memory/ram available or a processor that can handle the load it can cause system slowness and hang ups.


We'll leave this topic open for a few days in case something should pop up.

 

Glad we could help.

Since this issue appears resolved ... this Topic is closed.