Sign in to follow this  
vfankafrompoland

Multiple issues on my VAIO

Recommended Posts

My laptop has lost it completely!!! I have problems with nearly everything. Some details:

 

1. i have been recently dealing with tonnes of pictures (I'm talking thousands here). Basically I have been talking snapshots of dvds, then renaming them, moving to different files etc. I was using the option of renaming/moving/copying multiple pictures. Even though most of the time i marked all files in the folder, it would only move/rename/copy some of them. Like 100 out of 1000 or even less. I then have to repeat the action multiple times and if i am lucky it will finally do it with all the pictures. On the top of that it freezes my laptop to death whilst doing the above actions. Also, when i am browsing the pictures in the windows fax and picture viewer it takes ages to generate the preview. Each picture is only about 1mb.

 

2.When I scan my laptop with True Sword 4, it finds a Netsky backdoor in startup. When i delete it, it basically removes MSN msger from running at startup. then each time i run msn, i get warned by spybot and ArcaVir about a new registry entry being created. If i allow it, i get that Netsky thing in my startup again.

 

3. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

True Sword keeps picking bugs such as 108Solutions, Common, Dialer, Golden Palace Casino, Win32. Backdoor.Agent in this folder. I always remove the WHOLE folder from the registry because its full of crap to begin with! It contains tonnes of advertasing names or even porn names and all that. I have been removing the folder for quite a few months now but it keeps coming back, usually about once a week. All the virus names mentioned above were found on my system today, AGAIN.

 

4. My computer freezes constantly out of blue. I could be browsing something on the net (not downloading or loading anything) and then the browser freezes (i use opera and maxton). Or my windows explorer freezes and it wont stop till i shut it.

 

5. It is soooooo slow. It constantly seems to be loading something. I got a pop up ballon saying today that i was running low on virual memory whilst all i had open was one window (folder). My CPU jumps from 100 to 0 and back again when i am not doing anything.

 

6. Another problem with browsers, I used to use opera only but recently it has been freezing so much and taking ages to 'start connecting to the internet' at the beginning so i switched to maxton. The SAME problem. i always have the same browsers open and then the tabs are saved and restarted, could it be one of the websites causing it? (i dont have any nasties webbies there).

 

7. It freaked me out a few minutes ago when i turned on my laptop, it seemed to finish loading (wireless connected and skype automatically logged in). then i clicked on maxton and nothing happened, the icon didnt even highlight. I clicked again and nothing. I clicked on another icon, then on start menu and NOTHING. it was completely nonrespondive!!! i could open task mngr but thats about it. I tried to run something by clicking on new task but it totally froze my computer. i was able to restart it and then it worked but i honestly thought my laptop had died!!!

 

CAN ANYONE HELP ME PLEASE??????

 

i'm posting my hijack log.

 

By the way, you will probably bring to notice that i have two main antiviruses on my system (NOD32 and AcraVir). I normally use NOD and my problems had started BEFORE i installed AcraVir. It is only a trial version , which will expire in a few weeks and i installed it to hopefully solve my problems but that didnt happen. I know it's not good to have two antiviruses but in my case this is not the reason for my problems. Thanks again in advance!!

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:59:01 PM, on 6/26/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\ArcaBit\Common\ArcaBit.Core.Configurator2.exe

C:\PROGRA~1\ArcaBit\ArcaUpdate\update.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\rpcnet.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\PROGRA~1\ArcaBit\ArcaVir\FileMonSV.exe

C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe

C:\PROGRA~1\ArcaBit\Common\taskscheduler.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe

C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Maxthon2\Maxthon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.au/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.tpg.com.au:3128

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AvMenu] C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe

O4 - HKLM\..\Run: [ABRegmon] C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe

O4 - HKLM\..\Run: [ArcaCheck] C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe /startup

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O8 - Extra context menu item: Use ViDown to download - C:\Program Files\ViDown\vd_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll

O9 - Extra 'Tools' menuitem: ArcaVir >> - {40525A66-DB98-480D-BCF9-7AF88C1AF438} - C:\Program Files\ArcaBit\WebExtensions\ie\ArcaIEExt.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone

O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab

O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - https://www.lojackforlaptops.com/ctmweb/testoc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1B5780D3-EB3B-4AB8-9A6B-BCC7EA4E2C17}: NameServer = 203.12.160.35,203.12.160.36

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: ArcaBit FileMonitor (ABFileMon) - ArcaBit - C:\PROGRA~1\ArcaBit\ArcaVir\FileMonSV.exe

O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit - C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ArcaBit.Core.Configurator - ArcaBit - C:\PROGRA~1\ArcaBit\Common\ArcaBit.Core.Configurator2.exe

O23 - Service: ArcaBit.Core.LoggingService - ArcaBit - C:\PROGRA~1\ArcaBit\Common\ArcaBit.Core.LoggingService.exe

O23 - Service: ArcaBit.TaskScheduler - ArcaBit - C:\PROGRA~1\ArcaBit\Common\taskscheduler.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ArcaBit Update Service (AVUpdate) - ArcaBit - C:\PROGRA~1\ArcaBit\ArcaUpdate\update.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

 

--

End of file - 11552 bytes

Share this post


Link to post
Share on other sites
Sign in to follow this