My computer is running awful.

Discussion in 'Windows - Virus and spyware problems' started by blrman, Oct 13, 2008.

  1. blrman

    blrman Member

    Joined:
    Apr 17, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    My computer has started to do all kinds of crazy things, it runs slow, it constantly restarts itself, it flashes and hesitates at start up, I suspect spyware. I'm running Vista, I have AVG for my anti virus, I have already run a CCleaner, I am attaching HIjack this logfile. Please help.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:56:41 PM, on 10/13/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\ltmoh\ltmoh.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\Toshiba\SmoothView\SmoothView.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Toshiba\IVP\ISM\ivpsvmgr.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://connecticut.cox.net/cci/home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/WebfettiInitialSetup1.0.1.0.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 9294 bytes
     
    blrman, Oct 13, 2008
    #1
  2. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hi birman

    Nothing in your Hijackthis log to suggest such a problem.

    Now, please download ComboFix.
    With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

    Please disable all security programs, such as antiviruses, antispywares, and firewalls.
    Also disable your internet connection.

    • Run Combo-Fix.exe and follow the prompts.
    **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

    Do not click on the ComoboFix window, as it may cause it to stall.

    Best Regards :D
     
    cdavfrew, Oct 14, 2008
    #2
  3. blrman

    blrman Member

    Joined:
    Apr 17, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    This is the combo fix log sorry it took so long

    ComboFix 08-10-19.04 - Robin 2008-10-20 8:51:50.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.305 [GMT -4:00]
    Running from: C:\Users\Robin\Desktop\Combo-Fix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\FunWebProducts
    C:\Program Files\MyWebSearch
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
    C:\Windows\system32\x64

    .
    ((((((((((((((((((((((((( Files Created from 2008-09-20 to 2008-10-20 )))))))))))))))))))))))))))))))
    .

    2008-10-15 06:22 . 2008-10-15 06:22 <DIR> d-------- C:\Users\All Users\WindowsSearch
    2008-10-15 06:22 . 2008-10-15 06:22 <DIR> d-------- C:\ProgramData\WindowsSearch
    2008-10-14 21:14 . 2008-09-18 01:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
    2008-10-14 21:14 . 2008-09-18 01:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
    2008-10-14 21:14 . 2008-09-17 22:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
    2008-10-14 21:14 . 2008-08-26 21:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
    2008-10-14 21:13 . 2008-10-01 21:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
    2008-10-14 21:13 . 2008-10-01 23:49 827,392 --a------ C:\Windows\System32\wininet.dll
    2008-10-14 21:11 . 2008-10-14 21:11 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-10-13 19:55 . 2008-10-13 19:55 <DIR> d-------- C:\Program Files\Trend Micro
    2008-10-12 09:44 . 2008-10-12 09:44 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
    2008-10-12 06:39 . 2008-10-12 06:41 <DIR> d-------- C:\Program Files\Common Files\Adobe
    2008-10-10 14:40 . 2008-04-26 04:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
    2008-10-09 17:24 . 2008-10-09 17:24 <DIR> d-------- C:\PerfLogs
    2008-09-29 17:22 . 2008-01-19 03:32 5,714,432 --a------ C:\Windows\System32\logon.scr
    2008-09-29 17:21 . 2008-01-19 01:53 61,952 --a------ C:\Windows\System32\drivers\ohci1394.sys
    2008-09-29 17:21 . 2008-01-19 01:53 53,376 --a------ C:\Windows\System32\drivers\1394bus.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-20 10:47 --------- d-----w C:\Users\Robin\AppData\Roaming\LimeWire
    2008-10-18 23:48 --------- d-----w C:\ProgramData\avg7
    2008-10-15 10:32 --------- d-----w C:\Program Files\Windows Mail
    2008-10-12 09:58 --------- d-----w C:\Users\Robin\AppData\Roaming\Move Networks
    2008-10-11 14:20 --------- d-----w C:\Program Files\LimeWire
    2008-10-09 21:38 174 --sha-w C:\Program Files\desktop.ini
    2008-10-09 21:29 --------- d-----w C:\Program Files\Windows Sidebar
    2008-10-09 21:29 --------- d-----w C:\Program Files\Windows Collaboration
    2008-10-09 21:29 --------- d-----w C:\Program Files\Windows Calendar
    2008-10-09 21:28 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-10-09 21:28 --------- d-----w C:\Program Files\Windows Journal
    2008-10-09 21:28 --------- d-----w C:\Program Files\Windows Defender
    2008-09-11 21:27 --------- d-----w C:\Program Files\MySpace
    2008-08-29 11:36 --------- d-----w C:\Program Files\iTunes
    2008-08-29 11:35 --------- d-----w C:\Program Files\iPod
    2008-08-29 11:32 --------- d-----w C:\Program Files\QuickTime
    2008-08-29 11:21 --------- d-----w C:\Program Files\Apple Software Update
    2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2007-06-06 22:28 0 ----a-w C:\Users\Robin\AppData\Roaming\wklnhst.dat
    2007-01-05 23:16 262,144 ----a-w C:\ProgramData\ntuser.dat
    2007-10-19 18:21 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2007-10-19 18:21 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2007-10-19 18:21 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2007-09-28 21:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007092820070929\index.dat
    2007-09-28 21:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 417792]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-08-24 141848]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-08-24 154136]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-08-24 129560]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-27 898344]
    "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
    "TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
    "HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
    "SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2006-12-11 448632]
    "00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-15 530552]
    "HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
    "SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-18 421888]
    "PINGER"="C:\TOSHIBA\IVP\ISM\pinger.exe" [2006-07-20 151552]
    "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-21 579584]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 C:\Windows\RtHDVCpl.exe]
    "NDSTray.exe"="NDSTray.exe" [BU]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-21 219136]

    C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-09-18 147456]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
    2008-04-21 09:10 9216 C:\Windows\System32\avgwlntf.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiSpywareOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{C071C503-85A9-42F0-89E4-54CCD6A59C42}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
    "{19AFF3F7-C40A-4ECD-ADF5-43E29791B3AE}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{D927705F-DFDE-4287-9314-26339755ECB1}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{6C9C493C-B9F2-4771-8827-EEC683B1D969}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{43218DE0-5F16-4CAC-B3FA-2EE0B81F3F47}"= UDP:C:\Program Files\Lexmark 2400 Series\lxcrmon.exe:Device Monitor
    "{37CA4ACB-8A13-4413-B1D1-84DF4E3D39CD}"= TCP:C:\Program Files\Lexmark 2400 Series\lxcrmon.exe:Device Monitor
    "{9A71EA2A-301B-4963-A8CA-14937B1DFF30}"= UDP:C:\Program Files\Lexmark 2400 Series\LXCRaiox.exe:All In One Center
    "{E5490C8B-E98C-4499-8F5F-8BAEC2D97617}"= TCP:C:\Program Files\Lexmark 2400 Series\LXCRaiox.exe:All In One Center
    "{7B65DAA9-EA2F-466D-9588-7016006368E9}"= UDP:C:\Windows\System32\lxcrcoms.exe:Lexmark Communications System
    "{983DDC15-B6CE-4EAD-8A6C-6EEB38C5A7B9}"= TCP:C:\Windows\System32\lxcrcoms.exe:Lexmark Communications System
    "{349088C3-D13A-4A9D-85DF-E7BD14ADA4F8}"= Disabled:UDP:135:TCP Port 135
    "{BD73BDE3-9AF7-42BC-8062-94C2D36229BD}"= Disabled:UDP:5000:TCP Port 5000
    "{7F80DBA2-3716-4039-84A2-FC044243ED61}"= Disabled:UDP:5001:TCP Port 5001
    "{2923A907-5DD4-4AAC-A7CF-3502E680B840}"= Disabled:UDP:5002:TCP Port 5002
    "{585569F9-5023-45C9-A02C-8F745753CEBA}"= Disabled:UDP:5003:TCP Port 5003
    "{264B6DEC-C3D5-485B-8A2D-94FCD34032D8}"= Disabled:UDP:5004:TCP Port 5004
    "{05FC6B99-D5AF-4990-9973-5848087E365F}"= Disabled:UDP:5005:TCP Port 5005
    "{E68B335B-97F8-482D-8C69-E660E7BCC4FF}"= Disabled:UDP:5006:TCP Port 5006
    "{6B8737DA-EAE9-41A0-AC26-F541DDB25CAB}"= Disabled:UDP:5007:TCP Port 5007
    "{8E9E13DA-0B9C-4585-8326-176289437227}"= Disabled:UDP:5008:TCP Port 5008
    "{4F1EA48D-A847-4B00-86BA-9C5F4A428863}"= Disabled:UDP:5009:TCP Port 5009
    "{60B74004-4DE5-4768-BF5E-01BB9BF6C2DD}"= Disabled:UDP:5010:TCP Port 5010
    "{79AB6DF8-A5D4-4A3C-83CB-15A0A03F6EA8}"= Disabled:UDP:5011:TCP Port 5011
    "{F66869E3-B7AC-4631-924B-C24F1E2FE239}"= Disabled:UDP:5012:TCP Port 5012
    "{75580289-459B-4ABA-AB73-480EB66CD3BA}"= Disabled:UDP:5013:TCP Port 5013
    "{A893EA37-74EF-455E-AF44-5EE3B08BB99C}"= Disabled:UDP:5014:TCP Port 5014
    "{DAD20A7E-C375-4ACE-BE52-595CA2F34B90}"= Disabled:UDP:5015:TCP Port 5015
    "{F313620F-1AA9-4F65-8A24-4BB243CED498}"= Disabled:UDP:5016:TCP Port 5016
    "{82FC5F71-A0FD-494E-A1C5-95E0230C3CCA}"= Disabled:UDP:5017:TCP Port 5017
    "{E064CD32-4A16-437D-AC75-E66CD6419673}"= Disabled:UDP:5018:TCP Port 5018
    "{8352D112-B83C-478E-B6E2-BB67BA6E8985}"= Disabled:UDP:5019:TCP Port 5019
    "{1DD34B42-0878-44F7-AF6C-2E12CECDCE50}"= Disabled:UDP:5020:TCP Port 5020
    "TCP Query User{CC9931A8-75A2-4C38-A7D5-7B1F5F0340D9}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "UDP Query User{0915DEE0-9978-47E2-B54F-8BA59DCF9E5D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
    "{CDF4E2FB-04AC-4E75-848D-869E6D5ECB34}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{A771F602-EBC2-418F-AB40-B04B55CF0CE7}"= UDP:C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:TurboTax
    "{4FC09685-2642-4FF9-BA4E-6BBEEFBCB02D}"= TCP:C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:TurboTax
    "{FC722113-9292-4360-9E57-4A7722FC6A74}"= UDP:C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:TurboTax Update Manager
    "{2AC22E2F-B948-4768-AD13-F18D1FDA9ADE}"= TCP:C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:TurboTax Update Manager
    "TCP Query User{9761D366-8161-4EF4-ADA6-F4F393E89A21}C:\\program files\\myspace\\im\\myspaceim.exe"= UDP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
    "UDP Query User{48EF0136-79DB-4766-A7CD-F8C0736F5B73}C:\\program files\\myspace\\im\\myspaceim.exe"= TCP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
    "TCP Query User{5BC22415-1116-40EC-A7E2-505BBEC20A9E}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
    "UDP Query User{05375F68-A828-43AD-9E18-C1D21B74B5F2}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
    "{D2981E84-993B-4B3B-92E1-5D07B8C4599A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{DEC03A87-4D86-4FF4-845B-615C2BF689DA}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "TCP Query User{C249A363-FC7E-4967-A522-6E3CEE09958E}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
    "UDP Query User{7902BA8C-31F2-4826-91A4-D9F61478716C}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
    "C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    Contents of the 'Scheduled Tasks' folder

    2008-10-19 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

    2008-10-20 C:\Windows\Tasks\User_Feed_Synchronization-{90F7671C-600E-4773-9F38-5515461DF255}.job
    - C:\Windows\system32\msfeedssync.exe [2008-01-19 03:33]
    .
    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://connecticut.cox.net/cci/home
    R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
    R1 -: HKCU-Internet Settings,ProxyOverride = *.local
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
    O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-20 09:00:04
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????['C~????\?8?\?p?\???\???

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-10-20 9:04:12
    ComboFix-quarantined-files.txt 2008-10-20 13:04:08

    Pre-Run: 77,610,729,472 bytes free
    Post-Run: 77,399,343,104 bytes free

    202 --- E O F --- 2008-10-15 10:28:57

     
    blrman, Oct 20, 2008
    #3
  4. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    Hey birman

    Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required.

    Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop.

    Configuring Malwarebytes

    • Click on the tab Settings.
    • Make sure only these boxes are checked:
    Code:
    Terminate Internet Explorer
Automatically save and display logfile after removal
Always scan memory objects
Always scan registry objects
Always scan filesystem
Always scan extra and heuristics objects
    Updating Malwarebytes

    • Click on the tab Update.
    • Press the button Check for Updates
    • Wait for Malwarebytes to be fully updated.

    Scanning Time

    • Click on the tab Scanner.
    • Check Perform full scan and click on Scan
    • Wait for the scan to complete, and then click on Show Results.
    • Make sure all items are checked, then click on Remove Selected.
    **If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.

    Post A Log

    • A text box will pop up after the removal process is over. Post the contents of the text here.
    • If no text box pops up, launch Malwarebytes, and click on the tab Logs.
    • The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open.
    Post the log here.

    Also post a new HijackThis log and tell me what problems you have left.

    Best Regards :D
     
    cdavfrew, Oct 21, 2008
    #4
  5. blrman

    blrman Member

    Joined:
    Apr 17, 2007
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    11
    This si the log file you requested
    Malwarebytes' Anti-Malware 1.29
    Database version: 1300
    Windows 6.0.6001 Service Pack 1

    10/21/2008 4:02:58 PM
    mbam-log-2008-10-21 (16-02-52).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 122363
    Time elapsed: 1 hour(s), 30 minute(s), 11 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 15
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.
    HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    blrman, Oct 21, 2008
    #5
  6. cdavfrew

    cdavfrew Regular member

    Joined:
    May 19, 2008
    Messages:
    1,183
    Likes Received:
    0
    Trophy Points:
    46
    cdavfrew, Oct 21, 2008
    #6

Share This Page