1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Very sluggish comp and antivirus disabled

Discussion in 'Malware and Virus Removal Archive' started by DugE, 2010/12/05.

Page 2 of 2
  1. 2010/12/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Instead of Eset....

    Please run a BitDefender Online Scan

    • Disable your antivirus program.
    • Click Start Scanner button.
    • Click Start scan button
    • Allow browser plug-in to be installed when prompted.
    • Click I Agree to agree to the EULA.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on View log.
    • Notepad will open with scan results.
    • Save the report to your desktop and post its content in your next reply.
     
    broni,
    #21
  2. 2010/12/05
    DugE

    DugE Well-Known Member Thread Starter

    Joined:
    2002/09/10
    Messages:
    726
    Likes Received:
    3
    QuickScan Beta 32-bit v0.9.9.52
    -------------------------------
    Scan date: Sun Dec 05 20:59:43 2010
    Machine ID: E841378E



    No infection found.
    -------------------



    Processes
    ---------
    AntiVir Desktop 2200 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    AntiVir Desktop 1080 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    AntiVir Desktop 896 C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    AntiVir Desktop 1788 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    AntiVir Desktop 908 C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
    AntiVir Desktop 2028 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    Firefox 2436 C:\Program Files\Mozilla Firefox\firefox.exe
    hpsysdrv 2064 C:\WINDOWS\system\hpsysdrv.exe
    Intel(R) Common User Interface 2080 C:\WINDOWS\system32\hkcmd.exe
    Java(TM) Platform SE 6 U22 1136 C:\Program Files\Java\jre6\bin\jqs.exe
    Java(TM) Platform SE Auto Updater 2 0 2192 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    Microsoft® Windows® Operating System 1704 C:\WINDOWS\explorer.exe
    Microsoft® Windows® Operating System 3192 C:\WINDOWS\system32\alg.exe
    Microsoft® Windows® Operating System 632 C:\WINDOWS\system32\csrss.exe
    Microsoft® Windows® Operating System 4080 C:\WINDOWS\system32\ctfmon.exe
    Microsoft® Windows® Operating System 712 C:\WINDOWS\system32\lsass.exe
    Microsoft® Windows® Operating System 700 C:\WINDOWS\system32\services.exe
    Microsoft® Windows® Operating System 568 C:\WINDOWS\system32\smss.exe
    Microsoft® Windows® Operating System 1980 C:\WINDOWS\system32\spoolsv.exe
    Microsoft® Windows® Operating System 400 C:\WINDOWS\system32\svchost.exe
    Microsoft® Windows® Operating System 880 C:\WINDOWS\system32\svchost.exe
    Microsoft® Windows® Operating System 960 C:\WINDOWS\system32\svchost.exe
    Microsoft® Windows® Operating System 1056 C:\WINDOWS\system32\svchost.exe
    Microsoft® Windows® Operating System 1128 C:\WINDOWS\system32\svchost.exe
    Microsoft® Windows® Operating System 1300 C:\WINDOWS\system32\svchost.exe
    Microsoft® Windows® Operating System 656 C:\WINDOWS\system32\winlogon.exe
    Microsoft® Windows® Operating System 3316 C:\WINDOWS\system32\wscntfy.exe
    Software Manager 2232 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    TrueVector Service 1364 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    ZoneAlarm Client 2160 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe


    Network activity
    ----------------
    Process firefox.exe (2436) connected on port 80 (HTTP) --> 74.125.157.101
    Process firefox.exe (2436) connected on port 80 (HTTP) --> 69.63.189.39

    Process avmailc.exe (896) listens on ports: 44110
    Process avwebgrd.exe (908) listens on ports: 44080
    Process svchost.exe (960) listens on ports: 135 (RPC)


    Autoruns and critical files
    ---------------------------
    AntiVir Desktop C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    AutoTBar.exe C:\Documents and Settings\Owner\Start Menu\Programs\Startup\AutoTBar.exe
    AUTOTKIT.EXE C:\hp\bin\AUTOTKIT.EXE
    hpsysdrv C:\WINDOWS\system\hpsysdrv.exe
    Intel(R) Common User Interface C:\WINDOWS\system32\hkcmd.exe
    Intel(R) Common User Interface C:\WINDOWS\system32\igfxsrvc.dll
    Intel(R) Common User Interface C:\WINDOWS\system32\igfxtray.exe
    Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
    Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
    Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
    Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
    Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
    NVIDIA Compatible Windows 2000 Display C:\WINDOWS\System32\NvCpl.dll
    NVIDIA nView Desktop and Window Manager C:\WINDOWS\system32\nview.dll
    NVIDIA nView Wizard, Version 44.03 C:\WINDOWS\system32\nwiz.exe
    Realtek Audio - Event Monitor C:\WINDOWS\ALCXMNTR.EXE
    Recguard Application C:\WINDOWS\SMINST\RECGUARD.EXE
    Software Manager C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll
    ZoneAlarm Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe


    Browser plugins
    ---------------
    AntiVir Desktop C:\Program Files\Avira\AntiVir Desktop\avsda.dll
    BitDefender QuickScan C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\navjavfn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    BitDefender QuickScan C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\navjavfn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
    InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
    Java Deployment Toolkit 6.0.220.4 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    Java(TM) Platform SE 6 U22 c:\program files\java\jre6\bin\jp2ssv.dll
    Java(TM) Platform SE 6 U22 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    Java(TM) Platform SE 6 U22 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
    Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
    Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
    NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    Software Manager C:\WINDOWS\Downloaded Program Files\isusweb.dll
    Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll


    Missing files
    -------------
    File not found: C:\ComboFix\catchme.sys
    --> HKLM\System\ControlSet001\services\catchme\ "ImagePath "

    File not found: C:\WINDOWS\System32\appmgmts.dll
    --> HKLM\System\ControlSet001\services\AppMgmt\Parameters\ "ServiceDll "

    File not found: C:\WINDOWS\System32\hidserv.dll
    --> HKLM\System\ControlSet001\services\HidServ\Parameters\ "ServiceDll "

    File not found: System32\Drivers\RimUsb.sys
    --> HKLM\System\ControlSet001\services\RimUsb\ "ImagePath "


    Scan
    ----


    No file uploaded.

    Scan finished - communication took 3 sec
    Total traffic - 0.05 MB sent, 1.03 KB recvd
    Scanned 1028 files and modules - 102 seconds

    ==============================================================================
     
    DugE,
    #22


  3. to hide this advert.

  4. 2010/12/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
    broni,
    #23
  5. 2010/12/05
    DugE

    DugE Well-Known Member Thread Starter

    Joined:
    2002/09/10
    Messages:
    726
    Likes Received:
    3
    The computer is doing a lot better now. Thanks. I gotta have a talk with the wife and kids. Someone is causing me a real headache. I try to stay on top of this but sometimes its hard to do. I'm always asking myself what more can I do to further protect this computer from today's threats. Maybe a new password for start. :)

    Thanks again broni, as always you are a reliable cure. Hopefully I won't be back for a long while, but maybe I'll stick my head in the door just to say hello once in a while. Oh well, been a long day. Later.
     
    DugE,
    #24
  6. 2010/12/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good job :)

    Good luck and stay safe :)
     
    broni,
    #25
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...