zbad2000 Posted June 6, 2012 ID:557875 Share Posted June 6, 2012 Hey all I think my computer may be infected. Its running very hot and very slow. At first I thought there may be some blockage in the fan area, and I did remove excess dust but its still running hot and slow. Once or twice, I did get re-directed to a "protect against malware" site, so I suspect I may be infected. I would really appreciate any help you guys can give me. THanks. Logs below..DDS (Ver_2011-08-26.01) - NTFSx86Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1Run by Brian at 21:39:47 on 2012-06-05Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1914.829 [GMT -4:00].AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\DisplayLink Core Software\DisplayLinkService.exeC:\Windows\RtkAudioService.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\DisplayLink Core Software\DisplayLinkManager.exeC:\Program Files\DisplayLink Core Software\DisplayLinkUI.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\taskeng.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exeC:\Program Files\Sony\VAIO Event Service\VESMgr.exeC:\Program Files\Sony\VAIO Power Management\SPMService.exeC:\Windows\system32\DllHost.exeC:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\DRIVERS\xaudio.exeC:\Windows\system32\DllHost.exeC:\Program Files\Sony\VAIO Event Service\VESMgrSub.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\igfxext.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Sony\VAIO Power Management\SPMgr.exeC:\Windows\system32\taskeng.exeC:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exeC:\Program Files\Sony\VAIO Care\VCsystray.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\system32\taskeng.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Sony\ISB Utility\ISBMgr.exeC:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehtray.exeC:\Program Files\InFocus\DisplayLink Manager\InFocusDisplayLinkManagerSetup.exeC:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEC:\Windows\ehome\ehmsas.exeC:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exeC:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exeC:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exeC:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\svchost.exe -k HPServiceC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://espn.com/BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dllTB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No FileuRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRunuRun: [ehTray.exe] c:\windows\ehome\ehTray.exemRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [RtHDVCpl] RtHDVCpl.exemRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"mRun: [smartWiHelper] "c:\program files\sony corporation\smartwi connection utility\SmartWiHelper.exe" /WindowsStartupmRun: [VAIOMyMemCenter] "c:\program files\sony\vaio my memory center\VAIO MyMemCenter.exe" 1mRun: [VAIORegistration] "c:\program files\sony\first experience\WelcomeLauncher.exe"mRun: [VAIOSurvey] "c:\program files\sony\vaio survey\VAIO Sat Survey.exe"mRun: [VWLASU] "c:\program files\sony\vaio wireless wizard\AutoLaunchWLASU.exe"mRun: [skytel] Skytel.exemRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservicemRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silentStartupFolder: c:\users\brian\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXEStartupFolder: c:\users\brian\appdata\roaming\micros~1\windows\startm~1\programs\startup\zooskm~1.lnk - c:\program files\zooskmessenger\ZooskMessenger.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\aolddi.lnk - c:\ddi\AOLICON.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\infocu~1.lnk - c:\program files\infocus\displaylink manager\InFocusDisplayLinkManagerSetup.exemPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLLDPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cabDPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cabDPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{2BEEDDE3-9D19-4856-BC49-7AC5C8321FD5} : DhcpNameServer = 192.168.1.1Notify: igfxcui - igfxdev.dllNotify: VESWinlogon - VESWinlogon.dll.================= FIREFOX ===================.FF - ProfilePath - c:\users\brian\appdata\roaming\mozilla\firefox\profiles\z57s78nq.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - espn.comFF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dllFF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dllFF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\plugin2\npjp2.dllFF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dllFF - plugin: c:\users\brian\appdata\roaming\move networks\plugins\071802000001\npqmp071802000001.dllFF - plugin: c:\windows\system32\npdeployJava1.dllFF - plugin: c:\windows\system32\npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2011-12-14 13424]R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-7-29 115008]R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]R2 DisplayLinkService;DisplayLink Service;c:\program files\displaylink core software\DisplayLinkService.exe [2009-4-6 447848]R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-9-3 137144]R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-11-4 810144]R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-7-29 96920]R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-8-1 104992]R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects\uCamMonitor.exe [2008-8-21 104960]R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-8-1 411488]R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-6-20 415744]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-7 24652]R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-8-21 17408]R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2011-12-14 367728]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-6-5 40776]R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-8-1 9344]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort.sys [2009-4-6 20992]S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-4 129976]S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-8-21 103712]S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-8-21 353568]S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-8-21 62752]S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-8-21 337184]S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-8-21 83232]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== Created Last 30 ================.2012-06-06 01:38:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2012-06-06 01:17:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-06-06 01:17:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-06-06 00:49:38 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{88facf61-d0f5-4ed7-906c-29d55b863bd5}\mpengine.dll2012-05-08 23:39:21 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys2012-05-08 23:39:19 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys2012-05-08 23:39:16 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL2012-05-08 23:39:15 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll2012-05-08 23:39:14 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll2012-05-08 23:39:13 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll2012-05-08 23:39:12 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll2012-05-08 23:39:11 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe2012-05-08 23:39:01 1069056 ----a-w- c:\windows\system32\DWrite.dll2012-05-08 23:39:00 219648 ----a-w- c:\windows\system32\d3d10_1core.dll2012-05-08 23:38:59 1172480 ----a-w- c:\windows\system32\d3d10warp.dll2012-05-08 23:38:58 683008 ----a-w- c:\windows\system32\d2d1.dll2012-05-08 23:38:58 160768 ----a-w- c:\windows\system32\d3d10_1.dll2012-05-08 23:38:38 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe2012-05-08 23:38:37 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe2012-05-08 23:38:37 2044928 ----a-w- c:\windows\system32\win32k.sys.==================== Find3M ====================..============= FINISH: 21:40:57.16 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft® Windows Vista™ Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 1/3/2009 12:59:48 PMSystem Uptime: 6/5/2012 9:08:14 PM (0 hours ago).Motherboard: Sony Corporation | | VAIOProcessor: Intel® Pentium® Dual CPU T3200 @ 2.00GHz | N/A | 1000/166mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 140 GiB total, 83.875 GiB free.D: is RemovableE: is RemovableF: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Description: Photosmart Prem C310 seriesDevice ID: ROOT\IMAGE\0000Manufacturer: HPName: Photosmart Prem C310 seriesPNP Device ID: ROOT\IMAGE\0000Service: StillCam.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Photosmart Prem C310 seriesDevice ID: ROOT\MULTIFUNCTION\0000Manufacturer: HPName: Photosmart Prem C310 seriesPNP Device ID: ROOT\MULTIFUNCTION\0000Service:.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: HP LaserJet P4014Device ID: ROOT\MULTIFUNCTION\0001Manufacturer: Hewlett-PackardName: HP LaserJet P4014PNP Device ID: ROOT\MULTIFUNCTION\0001Service:.==== System Restore Points ===================..==== Installed Programs ======================..Update for Microsoft Office 2007 (KB2508958)32 Bit HP CIO Components InstallerAcrobat.comAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.1)Adobe Shockwave Player 11Apple Mobile Device SupportApple Software UpdateArcSoft Magic-i Visual EffectsArcSoft WebCam Companion 2BitTorrentCompatibility Pack for the 2007 Office systemDisplayLink Core SoftwareDisplayLink InFocus SupportESET NOD32 AntivirusESET Online Scanner v3HDAUDIO SoftV92 Data Fax Modem with SmartCPHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)HP Photosmart Prem C310 All-In-One Driver 14.0 Rel. 7InFocus DisplayLink ManagerIntel® Graphics Media Accelerator DriverJava Auto UpdaterJava™ 7 Update 3JavaFX 2.0.3Malwarebytes Anti-Malware version 1.61.0.1400Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Suite Activation AssistantMicrosoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft VC9 runtime librariesMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WorksMove Media PlayerMozilla Firefox 12.0 (x86 en-US)Mozilla Maintenance ServiceMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKNetworkOGA Notifier 2.0.0048.0OpenMG Secure Module 5.1.00PrimoPS_AIO_07_C310_SW_MinRealtek High Definition Audio DriverRoxio Central AudioRoxio Central CopyRoxio Central CoreRoxio Central DataRoxio Central ToolsRoxio Easy Media Creator 10 LJRoxio Easy Media Creator HomeScanSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596880) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597162) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2598041) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2596917) 32-Bit EditionSetting Utility SeriesSmartWi Connection UtilitySony Picture UtilitySony Video Shared LibrarySpelling Dictionaries Support For Adobe Reader 9SupportSoft Assisted ServiceSynaptics Pointing Device DriverToolboxUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Update ServiceVAIO CareVAIO Content Folder SettingVAIO Content Metadata Intelligent Analyzing ManagerVAIO Content Metadata Manager SettingVAIO Content Metadata XML Interface LibraryVAIO Control CenterVAIO Data Restore ToolVAIO Entertainment PlatformVAIO Event ServiceVAIO Help and SupportVAIO LauncherVAIO Media plusVAIO Movie StoryVAIO My Memory CenterVAIO OOBE and Welcome CenterVAIO Original Function SettingVAIO Power ManagementVAIO Presentation SupportVAIO Startup AssistantVAIO SurveyVAIO Update 4VAIO Wireless WizardViewpoint Media PlayerWindows Essentials Media Codec Pack 3.3Windows Media Player Firefox PluginWinDVD for VAIOYahoo! Detect.==== Event Viewer Messages From Past Week ========.6/5/2012 9:13:37 PM, Error: Service Control Manager [7022] - The HP Network Devices Support service hung on starting.6/5/2012 9:10:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.6/5/2012 9:10:23 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.6/5/2012 9:10:23 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.6/5/2012 9:09:19 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 1265/29/2012 9:18:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Network Devices Support service to connect.5/29/2012 9:18:36 PM, Error: Service Control Manager [7000] - The HP Network Devices Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion..==== End Of File =========================== Link to post Share on other sites More sharing options...
LDTate Posted June 7, 2012 ID:558357 Share Posted June 7, 2012 Logs will be closed if you haven't replied within 3 days Please don't attach the scans / logs for these tools, use "copy/paste".DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.Please run a new MBAM scan being sure to update before scanning.Post the scan resultsAlso please describe how your computer behaves at the moment.Please don't attach the scans / logs, use "copy/paste". Link to post Share on other sites More sharing options...
zbad2000 Posted June 7, 2012 Author ID:558447 Share Posted June 7, 2012 I update MBAM and here is the log. My computer is not running badly. It is running hot pretty much all the time a web browser is open; I can hear the fan working overtime. Internet (Firefox and/or IE) is still ridiculously slow. It takes 45-60 seconds to load one page, if it loads at all. System start-up is not abnormally slow and opening applications such as Excel or Word is also a little slow. Mainly, its the Internet that is just killing me right now. ThanksMalwarebytes Anti-Malware (Trial) 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.06.07.05Windows Vista Service Pack 2 x86 NTFSInternet Explorer 9.0.8112.16421Brian :: BRIANS-VAIO [administrator]Protection: Enabled6/7/2012 5:21:05 PMmbam-log-2012-06-07 (17-21-05).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 263710Time elapsed: 13 minute(s), 55 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
LDTate Posted June 7, 2012 ID:558456 Share Posted June 7, 2012 Laptop or desktop?Please do not attach the scan results from Combofx. Use copy/paste.Vista and Windows 7 users:1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator")Download ComboFix from one of these locations:Link 1Link 2 If using this link, Right Click and select Save As.* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective ProgramsDouble click on ComboFix.exe & follow the prompts.Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7. Note: If you have XP SP3, use the XP SP2 package.If Vista or Windows 7, skip the Recovery Console partAs part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.Notes:1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.Give it atleast 20-30 minutes to finish if needed.Please do not attach the scan results from Combofx. Use copy/paste.Also please describe how your computer behaves at the moment. Link to post Share on other sites More sharing options...
zbad2000 Posted June 10, 2012 Author ID:559152 Share Posted June 10, 2012 its a laptop. its working a lot faster now, and the fan doesnt sound like it is being overworked. Its a lot better, still a tad slow but nothing like before. here is the logComboFix 12-06-09.01 - Brian 06/09/2012 13:57:29.2.2 - x86Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1914.629 [GMT -4:00]Running from: c:\users\Brian\Desktop\ComboFix.exeAV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))..2012-06-09 18:16 . 2012-06-09 18:16 -------- d-----w- c:\users\Public\AppData\Local\temp2012-06-09 18:16 . 2012-06-09 18:16 -------- d-----w- c:\users\Default\AppData\Local\temp2012-06-09 17:45 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8CB482C-B98C-42E7-BBA7-B3E76AF37F0A}\mpengine.dll2012-06-09 17:43 . 2012-06-09 17:43 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2012-06-06 01:17 . 2012-06-06 01:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-06-06 01:17 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-04-03 08:16 . 2012-05-08 23:38 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe2012-04-03 08:16 . 2012-05-08 23:38 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe2012-04-02 13:36 . 2012-05-08 23:38 2044928 ----a-w- c:\windows\system32\win32k.sys2012-03-30 12:39 . 2012-05-08 23:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys2012-03-20 23:28 . 2012-05-08 23:39 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys2012-03-15 03:22 . 2012-03-15 03:22 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll2012-03-15 03:21 . 2012-03-15 03:21 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll2012-03-15 03:21 . 2012-03-15 03:21 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll2012-05-04 04:12 . 2011-12-26 04:56 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]2008-06-14 00:07 303104 ----a-w- c:\ddi\OverIcon.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520]"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944]"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2008-06-27 77824]"VAIOMyMemCenter"="c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" [2008-02-29 679936]"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]"VAIOSurvey"="c:\program files\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]"VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]"Skytel"="Skytel.exe" [2008-07-03 1826816]"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408].c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]ZooskMessenger.lnk - c:\program files\ZooskMessenger\ZooskMessenger.exe [N/A].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AOLDDI.LNK - c:\ddi\AOLICON.exe [N/A]InFocus DisplayLink Manager Startup.lnk - c:\program files\InFocus\DisplayLink Manager\InFocusDisplayLinkManagerSetup.exe [2011-12-14 10554008].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]2008-07-16 01:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll.S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceAndNoImpersonation REG_MULTI_SZ FontCacheHPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12HPService REG_MULTI_SZ HPSLPSVC..------- Supplementary Scan -------.uStart Page = hxxp://espn.com/IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\z57s78nq.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - espn.comFF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=.- - - - ORPHANS REMOVED - - - -.AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-06-09 14:17Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'Explorer.exe'(4908)c:\ddi\overicon.dll.Completion time: 2012-06-09 14:20:04ComboFix-quarantined-files.txt 2012-06-09 18:20ComboFix2.txt 2012-01-04 04:02.Pre-Run: 103,514,017,792 bytes freePost-Run: 104,182,120,448 bytes free.- - End Of File - - BADFC9F2940293C1D3D5633BF04BB21A Link to post Share on other sites More sharing options...
zbad2000 Posted June 11, 2012 Author ID:559311 Share Posted June 11, 2012 I apologize for posting again before you did, I dont mean to rush at all. I shut my computer off and turn it back on, and its up to its old tricks. Ive been waiting for pages to load for upwards of a minute. I didn't really do much of anything between running ComboFix and now, but somehow its right back to the beginning behavior of being slow and running hot. I can hear the fan working HARD and feel the heat coming out of the vents. The bottom is also blazing hot. Link to post Share on other sites More sharing options...
LDTate Posted June 11, 2012 ID:559484 Share Posted June 11, 2012 How to use MSCONFIG in Windows Vista Go into msconfig and uncheck everything except your protection programs like your anti-virus anti-malware.Reboot and see what happens.http://www.netsquirrel.com/msconfig/msconfig_vista.html Link to post Share on other sites More sharing options...
zbad2000 Posted June 11, 2012 Author ID:559644 Share Posted June 11, 2012 A little better. Startup is faster, but no change in the loading tim for web pages, and also the fan is still working overtime. Link to post Share on other sites More sharing options...
LDTate Posted June 11, 2012 ID:559658 Share Posted June 11, 2012 Have you've cleaned all the air vent? Link to post Share on other sites More sharing options...
zbad2000 Posted June 13, 2012 Author ID:560030 Share Posted June 13, 2012 I did. I took it apart and removed a pretty large collection of dust. I'm not an expert so I don't know for sure if I got every nook and cranny. I did remove the bottom of the laptop, and then fan cover to remove the dust. Anything else I should try? I was a little wary of compressed air because one user said it could just compress any dust or particles together to form a bigger blockage. Should I just try some compressed air? Link to post Share on other sites More sharing options...
LDTate Posted June 13, 2012 ID:560116 Share Posted June 13, 2012 At this point you might consider taking it to your local computer repair shop that is authorized to repair the brand of laptop you have.The Dell laptops we use at work have 2 areas.One on the bottom and one on the back of the case.Make sure you don't cover up the bottom vent when in use. Link to post Share on other sites More sharing options...
zbad2000 Posted June 14, 2012 Author ID:560311 Share Posted June 14, 2012 So you think this is just a hardware issue? I'm not missing any viruses or malware thats slowing down my computer, especially the Internet browsing? Link to post Share on other sites More sharing options...
LDTate Posted June 14, 2012 ID:560382 Share Posted June 14, 2012 This isn't malware, but I wouldn't want it on my computer.FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirectYou can try uninstall FireFox and download a fresh copy.I'm not seeing any infections but one can never be 100% sure, even after cleaning. Link to post Share on other sites More sharing options...
zbad2000 Posted June 15, 2012 Author ID:560666 Share Posted June 15, 2012 OK ill do all that- download a new firefox and get someone to look at it. Thanks for all your help. Very much appreciated Link to post Share on other sites More sharing options...
LDTate Posted June 15, 2012 ID:560741 Share Posted June 15, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts