Possible Virtumonde slowing down computer????

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 09-07-05.04 - David 07/06/2009 15:56.2 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.724 [GMT -4:00]
Running from: c:\documents and settings\David\Desktop\Combo-Fix.exe
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Verizon Internet Security Suite Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.

((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-06-28 17:49 . 2004-08-04 04:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-28 17:49 . 2004-08-04 02:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-28 17:49 . 2004-08-04 02:58 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-28 17:09 . 2009-06-28 17:09 -------- d-sh--w- C:\found.000
2009-06-27 02:23 . 2009-06-27 02:23 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\PCHealth
2009-06-27 01:25 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-27 01:25 . 2009-06-27 01:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-27 01:25 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-23 19:54 . 2009-06-23 19:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-18 23:43 . 2009-06-18 23:43 -------- d-----w- c:\windows\l2schemas
2009-06-18 23:40 . 2006-11-01 07:14 69120 ------w- c:\windows\system32\wlanapi.dll
2009-06-18 23:40 . 2005-04-20 19:21 52736 ------w- c:\windows\system32\dllcache\wzcsapi.dll
2009-06-18 23:40 . 2005-04-19 23:54 14592 ------w- c:\windows\system32\dllcache\ndisuio.sys
2009-06-18 23:40 . 2005-04-20 19:21 381440 ------w- c:\windows\system32\dllcache\wzcdlg.dll
2009-06-18 23:40 . 2005-04-20 19:21 1705472 ------w- c:\windows\system32\dllcache\netshell.dll
2009-06-18 23:40 . 2005-04-20 19:21 474624 ------w- c:\windows\system32\dllcache\wzcsvc.dll
2009-06-18 23:38 . 2008-11-26 19:19 53192 ----a-w- c:\windows\system32\drivers\rp_skt32.sys
2009-06-18 23:38 . 2008-08-07 01:20 48384 ----a-w- c:\windows\system32\drivers\rp_pkt32.sys
2009-06-18 23:37 . 2008-08-28 17:16 71184 ----a-w- c:\windows\system32\drivers\DefragFS.sys
2009-06-18 23:37 . 2009-06-18 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Raxco
2009-06-18 23:37 . 2009-06-18 23:37 -------- d-----w- c:\program files\Raxco
2009-06-18 23:36 . 2009-06-18 23:36 -------- d-----w- c:\program files\MSXML 6.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 00:12 . 2008-12-23 01:50 27998240 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-04 02:36 . 2009-05-09 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-25 21:04 . 2008-12-23 01:50 66188 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-25 21:04 . 2008-12-23 01:50 794400 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-25 21:04 . 2008-12-23 01:50 370064 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-25 21:03 . 2009-01-20 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-19 00:06 . 2008-08-18 14:32 -------- d-----w- c:\documents and settings\David\Application Data\Verizon
2009-06-18 23:36 . 2008-08-18 14:32 -------- d-----w- c:\program files\Verizon
2009-06-18 23:35 . 2008-08-18 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Verizon
2009-06-18 19:48 . 2005-08-25 18:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-17 20:05 . 2008-10-03 00:18 -------- d-----w- c:\program files\dl_Cats
2009-05-27 17:44 . 2009-05-27 17:44 622592 ----a-w- c:\documents and settings\David\Application Data\Verizon\VSP\downloads\Verizon-Welcome-70-WithAdsTracking.41.zip.dir\all\tools\TCC.exe
2009-05-27 17:44 . 2009-05-27 17:44 622592 ----a-w- c:\documents and settings\David\Application Data\Verizon\VSP\downloads\Verizon-VISS-Fulfillment-RED-WithAdsTracking.6334.zip.dir\all\tools\TCC.exe
2009-05-09 21:42 . 2009-05-09 21:38 -------- d-----w- c:\program files\Google
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-09 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-08-25 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-08-25 98304]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-01 339968]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-01-31 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-22 73728]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-21 136600]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-03-12 2303216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-8-25 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-8-25 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlbtcoms.exe"=

S2 gupdate1c9d0eeaadcfca0;Google Update Service (gupdate1c9d0eeaadcfca0);c:\program files\Google\Update\GoogleUpdate.exe [5/9/2009 5:39 PM 133104]
S2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [9/22/2008 4:58 PM 693512]
S2 RadialpointSafeConnectAgent;Verizon Internet Security Suite SafeConnectAgent;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\bin\SanaAgent.exe [11/14/2008 6:28 PM 4937752]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [11/29/2008 10:46 AM 33752]
S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [12/5/2007 3:47 PM 20640]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [9/22/2008 4:58 PM 910600]
S3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe [4/22/2009 10:38 AM 170736]
S3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys [11/14/2008 6:28 PM 161304]
S3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys [11/14/2008 6:28 PM 29720]
S3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys [11/14/2008 6:28 PM 27376]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AUJASNKJ
*Deregistered* - aujasnkj
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-09 21:38]

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 21:39]

2009-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 21:39]
.
- - - - ORPHANS REMOVED - - - -

BHO-{DDBB3AEE-6C50-4FE9-86F0-BE9C4E0DA3F4} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 16:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}]
"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1268)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-07-06 16:05
ComboFix-quarantined-files.txt 2009-07-06 20:04
ComboFix2.txt 2009-07-06 19:49

Pre-Run: 21,156,429,824 bytes free
Post-Run: 21,134,856,192 bytes free

148 --- E O F --- 2009-02-11 01:34

Hello.
Doesn't appear to be malware, probably just a number of un-needed items running in the background. We can stop some of them now.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
  O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
  O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
  O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
  O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
  O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
  O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
  O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
  O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
  O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
  O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
  O4 - Global Startup: Digital Line Detect.lnk = ?
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Reboot normally.
Startup should be quicker and overall performance will have picked up.

Let me know how it's running now.

Start up was a little slow but the computer seems to be running better. Is there anything else that I can do to help performance. Thnk you for all the help.

Don't run many processes as it slows down the computer and close programs that are not being used.

Just used SpyBot to scan my computer and it found another Virtumonde and it is unable to delete it.

Does it say where?

No it doesn't say where and it won't let me copy it.

Try running Malwarebytes to see if it catches it:

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

It said nothing was found but the computer still doesn't seem right

Malwarebytes' Anti-Malware 1.38
Database version: 2388
Windows 5.1.2600 Service Pack 2

7/7/2009 4:39:46 PM
mbam-log-2009-07-07 (16-39-46).txt

Scan type: Quick Scan
Objects scanned: 92852
Time elapsed: 31 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)