Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

CPU Usage Meter Running High & PC Running Slow!

This is a discussion on CPU Usage Meter Running High & PC Running Slow! within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. My CPU usage meter runs real high, sometimes all the way up to 100%, even when the PC is idle


Closed Thread
 
Thread Tools Search this Thread
Old 07-17-2009, 09:43 PM   #1
Guest
 
Join Date: Oct 2005
Posts: 67
OS:


Mistake

My CPU usage meter runs real high, sometimes all the way up to 100%, even when the PC is idle and not doing anything! This is really slowing my system down. I'm thinking it could be some kind of virus or spyware. Please help! Here are my scans.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Krish Sincere at 18:43:53.54 on Fri 07/17/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.765 [GMT -4:00]

AV: avast! antivirus 4.8.1229 [VPS 081219-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! antivirus 4.8.1229 [VPS 081219-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\lxddcoms.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Krish Sincere\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Krish Sincere\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Aim6]
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [BitTorrent DNA] "c:\users\krish sincere\program files\dna\btdna.exe"
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] \HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe"
mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [Skytel] Skytel.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\users\krishs~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\krishs~1\appdata\roaming\mozilla\firefox\profiles\hhatd7ln.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\krish sincere\program files\dna\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-22 114768]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\C2SCSI.SYS [2007-8-18 252152]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-22 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-4-22 51792]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-12 24652]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-5-25 99248]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2007-8-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888]
S3 SeratoUsb;SeratoUsb driver;c:\windows\system32\drivers\SeratoUsb.sys [2007-5-21 29696]
S3 US428;US428 Driver;c:\windows\system32\drivers\US428.sys [2009-2-8 130048]
S3 US428DL;US428 Firmware Downloader;c:\windows\system32\drivers\US428DL.sys [2009-2-8 18048]
S3 Us428WdmService;US428 Wdm Audio;c:\windows\system32\drivers\US428Wdm.sys [2009-2-8 39296]

=============== Created Last 30 ================

2009-07-17 18:25 <DIR> --d----- c:\windows\system32\eu-ES
2009-07-17 18:25 <DIR> --d----- c:\windows\system32\ca-ES
2009-07-17 18:25 <DIR> --d----- c:\windows\system32\vi-VN
2009-07-17 16:05 <DIR> --d----- c:\windows\system32\EventProviders
2009-07-17 16:04 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-07-17 16:04 3,408,896 a------- c:\windows\system32\SLsvc.exe
2009-07-17 16:04 1,081,344 a------- c:\windows\system32\SLCExt.dll
2009-07-17 16:04 2,134,528 a------- c:\windows\system32\FunctionDiscoveryFolder.dll
2009-07-17 16:04 65,536 a------- c:\windows\system32\DevicePairingWizard.exe
2009-07-17 16:02 385,536 a------- c:\windows\system32\vds.exe
2009-07-17 16:01 187,904 a------- c:\windows\system32\eapp3hst.dll
2009-07-14 20:29 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-14 20:29 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-14 20:29 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-14 20:29 34,304 a------- c:\windows\system32\atmlib.dll
2009-07-14 20:29 23,552 a------- c:\windows\system32\lpk.dll
2009-07-14 20:29 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-09 03:29 <DIR> --d----- c:\programdata\Lavasoft
2009-07-09 03:29 <DIR> --d----- c:\program files\Lavasoft
2009-07-03 15:58 <DIR> --d----- C:\New Folder (2)
2009-06-21 15:31 <DIR> --d----- c:\users\krishs~1\appdata\roaming\FaxCtr
2009-06-21 15:26 <DIR> --d----- c:\users\krishs~1\appdata\roaming\Lexmark Productivity Studio
2009-06-21 15:22 <DIR> --d----- c:\program files\Lx_cats
2009-06-21 15:21 45,056 a------- c:\windows\system32\LXF3PMON.DLL
2009-06-21 15:21 32,768 a------- c:\windows\system32\LXF3FXPU.DLL
2009-06-21 15:20 339,968 a------- c:\windows\system32\IMGMAN32.DLL
2009-06-21 15:20 98,345 a------- c:\windows\system32\IMHOST32.DLL
2009-06-21 15:20 98,304 a------- c:\windows\system32\IM31XPNG.DEL
2009-06-21 15:20 69,632 a------- c:\windows\system32\IM31XTIF.DEL
2009-06-21 15:20 49,152 a------- c:\windows\system32\IM31IMG.DIL
2009-06-21 15:20 36,864 a------- c:\windows\system32\lxf3oem.dll
2009-06-21 15:20 12,288 a------- c:\windows\system32\LXF3PMRC.DLL
2009-06-21 15:20 <DIR> --d----- c:\programdata\FaxCtr
2009-06-21 15:20 <DIR> --d----- c:\progra~2\FaxCtr
2009-06-21 15:19 <DIR> --d----- c:\program files\Lexmark Fax Solutions
2009-06-21 15:18 44 a------- c:\windows\system32\lxddrwrd.ini
2009-06-21 15:18 <DIR> --d----- c:\program files\Lexmark Toolbar
2009-06-21 15:18 <DIR> --d----- c:\program files\Lexmark 2500 Series
2009-06-21 15:18 <DIR> --d----- c:\program files\Abbyy FineReader 6.0 Sprint
2009-06-21 15:18 323,584 a------- c:\windows\system32\LXDDhcp.dll
2009-06-21 15:18 286,720 a------- c:\windows\system32\LXDDinst.dll
2009-06-21 15:18 394,160 a------- c:\windows\system32\lxddcfg.exe
2009-06-21 15:17 147,695 a------- c:\windows\system32\LexFiles.ulf
2009-06-21 15:17 <DIR> --d----- C:\logs
2009-06-21 15:15 344,064 a------- c:\windows\system32\lxddcoin.dll
2009-06-21 15:15 77,906 a------- c:\windows\system32\lxddcfg.dll
2009-06-21 15:14 <DIR> --d----- c:\users\krish sincere\{488b6178-f83c-49ab-8632-c76969610a6a}
2009-06-21 13:45 <DIR> --d----- c:\program files\common files\Logitech
2009-06-21 13:36 <DIR> --d----- c:\programdata\Logishrd
2009-06-21 13:22 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-06-21 13:21 127,034 -----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-06-21 13:20 4,658,584 a------- c:\windows\system32\drivers\lvuvc.sys
2009-06-21 13:20 490,008 a------- c:\windows\system32\LVUI2.dll
2009-06-21 13:20 465,432 a------- c:\windows\system32\LVUI2RC.dll
2009-06-21 13:20 416,280 a------- c:\windows\system32\lvcodec2.dll
2009-06-21 13:20 195,096 a------- c:\windows\system32\lvci11801048.dll
2009-06-21 13:20 66,482 a------- c:\windows\system32\lvcoinst.ini
2009-06-21 13:20 41,752 a------- c:\windows\system32\drivers\LVUSBSta.sys
2009-06-21 13:20 627,864 a------- c:\windows\system32\drivers\lvrs.sys
2009-06-21 13:20 25,974 a------- c:\windows\system32\Repository.reg
2009-06-21 13:18 <DIR> --d----- c:\programdata\Logitech

==================== Find3M ====================

2009-07-17 18:32 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-17 18:32 86,016 a------- c:\windows\inf\infstor.dat
2009-07-17 18:32 51,200 a------- c:\windows\inf\infpub.dat
2009-07-17 18:25 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-23 08:15 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 08:14 623,616 a------- c:\windows\system32\localspl.dll
2009-04-21 07:39 2,034,688 a------- c:\windows\system32\win32k.sys
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 18:44:41.17 ===============
Attached Files
File Type: zip attach.zip (3.3 KB, 20 views)
Sincere is offline  
Sponsored Links
Advertisement
 
Old 07-20-2009, 01:44 PM   #2
Guest
 
Join Date: Oct 2005
Posts: 67
OS:



Still seeking help!!
Sincere is offline  
Old 07-21-2009, 02:41 PM   #3
Guest
 
Join Date: Oct 2005
Posts: 67
OS:



BUMP, please
Sincere is offline  
Sponsored Links
Advertisement
 
Old 07-21-2009, 03:39 PM   #4
TSF Team, Emeritus
 
Katana's Avatar
 
Join Date: Nov 2007
Location: Manchester, UK
Posts: 1,380
OS: W2K SP4 + XP SP2 + Vista



Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Failure to reply within 5 days will result in the topic being closed.
  5. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

----------------------------------------------------------------------------------------



Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If requested, please reboot
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
__________________
Katana is offline  
Old 07-21-2009, 05:58 PM   #5
Guest
 
Join Date: Oct 2005
Posts: 67
OS:



Malwarebytes' Anti-Malware 1.39
Database version: 2475
Windows 6.0.6002 Service Pack 2

7/21/2009 7:57:47 PM
mbam-log-2009-07-21 (19-57-47).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 332052
Time elapsed: 1 hour(s), 57 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\krish sincere\downloads\ZwinkySetup2.3.50.45.ZJfox000.exe (Adware.MyWeb) -> Quarantined and deleted successfully.
Sincere is offline  
Old 07-22-2009, 03:26 AM   #6
TSF Team, Emeritus
 
Katana's Avatar
 
Join Date: Nov 2007
Location: Manchester, UK
Posts: 1,380
OS: W2K SP4 + XP SP2 + Vista



Information

IMPORTANT
I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BitTorrent
DNA
LimeWire PRO 5.1.2

I'd like you to read the perils-p2p-file-sharing where we explain why it's not a good idea to have them.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall any P2P programs
Please note: you must NOT use any P2P whilst we are cleaning your machine.


----------------------------------------------------------------------------------------
Step 1


Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial
  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Quote:
For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
----------------------------------------------------------------------------------------
Step 2

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here https://www.kaspersky.com/kos/eng/par...avwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
  • Combofix Log
  • Kaspersky Log
  • How are things running now ?



---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
Additional Notes



Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from https://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.
  • Please go to this link Adobe Acrobat Reader Download Link
  • Click Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download Java SE Runtime Environment (JRE) . ( don't install it yet )
  • Scroll down to where it says "Java SE Runtime Environment (JRE)".
  • Click the "Download" button to the right.
    • Platform = Windows
    • Language = Multi Language
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Now download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

Now install the Java SE Runtime Environment (JRE) package you downloaded
(it comes with a toolbar pre-selected, so make sure you uncheck the box)

You can delete JavaRa (zip and exe)

Remove Programs

Older versions of some programs have vulnerabilities that malware can use to infect your system.

Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) .
If any of the following programs are still listed there, click on the program to highlight it, and click on remove.
  • Adobe Reader 8.1.5

    Java(TM) 6 Update 13
    Java(TM) 6 Update 3
Now close the Control Panel.
__________________
Katana is offline  
Old 07-26-2009, 02:49 PM   #7
Guest
 
Join Date: Oct 2005
Posts: 67
OS:



I haven't noticed any difference, CPU usage meter is still running high when idle, still sluggish.

ComboFix 09-07-24.03 - Krish Sincere 07/25/2009 22:24.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.999 [GMT -4:00]
Running from: c:\users\Krish Sincere\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081219-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081219-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2579673529-246469682-3012347828-500
c:\$recycle.bin\S-1-5-21-2784229868-1999835189-2994524074-500
c:\windows\Installer\4dc85b3.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\msvcsv60.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.

2009-07-26 02:32 . 2009-07-26 02:32 -------- d-----w- c:\users\Jamil\AppData\Local\temp
2009-07-21 21:58 . 2009-07-21 21:58 -------- d-----w- c:\users\Krish Sincere\AppData\Roaming\Malwarebytes
2009-07-21 21:58 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 21:58 . 2009-07-21 21:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 21:58 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-18 03:34 . 2009-07-18 03:34 -------- d-----w- c:\users\Krish Sincere\AppData\Local\WinZip
2009-07-17 22:25 . 2009-07-17 22:25 -------- d-----w- c:\windows\system32\ca-ES
2009-07-17 22:25 . 2009-07-17 22:25 -------- d-----w- c:\windows\system32\eu-ES
2009-07-17 22:25 . 2009-07-17 22:25 -------- d-----w- c:\windows\system32\vi-VN
2009-07-17 20:05 . 2009-07-17 20:05 -------- d-----w- c:\windows\system32\EventProviders
2009-07-17 20:04 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-07-17 20:04 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2009-07-17 20:04 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2009-07-17 20:04 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2009-07-17 20:04 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2009-07-17 20:02 . 2009-04-11 06:28 385536 ----a-w- c:\windows\system32\vds.exe
2009-07-17 20:01 . 2009-04-11 06:28 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-07-15 00:29 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 00:29 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 00:29 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 00:29 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 00:29 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 00:29 . 2009-04-11 06:28 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-07-09 07:29 . 2009-07-09 07:55 -------- d-----w- c:\program files\Lavasoft
2009-07-03 19:58 . 2009-07-09 01:51 -------- d-----w- C:\New Folder (2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 02:32 . 2009-05-29 00:51 -------- d-----w- c:\users\Krish Sincere\AppData\Roaming\DNA
2009-07-25 10:37 . 2009-05-29 00:51 -------- d-----w- c:\users\Krish Sincere\AppData\Roaming\BitTorrent
2009-07-25 09:33 . 2008-04-23 02:30 -------- d-----w- c:\users\Krish Sincere\AppData\Roaming\LimeWire
2009-07-22 00:19 . 2009-06-21 17:22 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-07-17 22:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-17 22:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-17 22:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-17 22:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-17 22:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-17 22:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-17 22:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-17 22:25 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-17 22:19 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-17 01:23 . 2009-06-21 19:22 -------- d-----w- c:\program files\Lx_cats
2009-06-21 19:31 . 2009-06-21 19:31 -------- d-----w- c:\users\Krish Sincere\AppData\Roaming\FaxCtr
2009-06-21 19:26 . 2009-06-21 19:26 -------- d-----w- c:\users\Krish Sincere\AppData\Roaming\Lexmark Productivity Studio
2009-06-21 19:22 . 2009-06-21 19:18 -------- d-----w- c:\program files\Lexmark 2500 Series
2009-06-21 19:22 . 2009-06-21 19:19 -------- d-----w- c:\program files\Lexmark Fax Solutions
2009-06-21 19:18 . 2009-06-21 19:18 -------- d-----w- c:\program files\Lexmark Toolbar
2009-06-21 19:18 . 2009-06-21 19:18 -------- d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2009-06-21 17:45 . 2009-06-21 17:45 -------- d-----w- c:\program files\Common Files\Logitech
2009-06-21 17:36 . 2009-06-21 17:18 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-06-21 17:36 . 2009-06-21 17:18 -------- d-----w- c:\program files\Logitech
2009-06-21 17:21 . 2009-06-21 17:21 127034 ------r- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-06-21 17:21 . 2008-02-19 02:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-21 17:21 . 2009-06-21 17:21 -------- d-----w- c:\users\Krish Sincere\AppData\Roaming\Leadertech
2009-06-11 21:54 . 2005-01-02 06:47 -------- d-----w- c:\program files\Microsoft Works
2009-06-11 06:03 . 2009-06-11 06:03 -------- d-----w- c:\program files\Antares Audio Technologies
2009-06-11 05:11 . 2008-04-23 17:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-11 04:21 . 2009-02-06 04:56 1356 ----a-w- c:\users\Krish Sincere\AppData\Local\d3d9caps.dat
2009-06-11 04:08 . 2009-03-23 21:26 16 ----a-w- c:\windows\msocreg32.dat
2009-06-11 04:08 . 2009-03-23 21:16 -------- d-----w- c:\users\Krish Sincere\AppData\Roaming\InstallShield
2009-06-11 04:00 . 2009-06-11 04:00 -------- d-----w- c:\program files\SampleTank 2
2009-06-11 04:00 . 2009-06-11 04:00 -------- d-----w- c:\program files\digidesign
2009-06-01 15:26 . 2008-04-23 19:09 -------- d-----w- c:\program files\CCleaner
2009-05-29 00:51 . 2009-05-29 00:51 -------- d-----w- c:\program files\BitTorrent
2009-05-29 00:51 . 2009-05-29 00:51 -------- d-----w- c:\program files\DNA
2009-05-09 17:08 . 2008-04-23 01:32 99344 ----a-w- c:\users\Krish Sincere\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-09 05:50 . 2009-06-11 20:10 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-11 20:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-23 00:28 . 2008-09-01 18:31 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-04-23 01:32 . 2008-04-23 01:32 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2008-04-23 01:32 . 2008-04-23 01:32 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 14:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]
"BitTorrent DNA"="c:\users\Krish Sincere\Program Files\DNA\btdna.exe" [2009-06-09 321344]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-05 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"NDSTray.exe"="NDSTray.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-30 4911104]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-21 1826816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

c:\users\Krish Sincere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-2-10 576000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-6-21 66864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smoothview
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):17,c2,fd,eb,2e,07,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{087F007B-2697-4B8C-BC19-A43CEFF8B1B2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{09FDA0D4-422C-4F29-B063-92BB3C49EE9F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{0555613A-7F59-4D48-9B9C-6B2F15413549}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{3A0A325E-7BE6-4E8D-B074-A98C2709C87C}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{212089B7-BC60-40CB-9F08-BA154DA90734}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{3C69A75B-3274-4C53-8320-A7AF7074D20E}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{6BE0DC31-B8A3-46D1-B758-5E01E2D31962}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{60AF73E2-22BC-45BA-83C0-766C1AFBE4AC}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B29524A8-65E1-4675-B1BE-1799C4891770}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3BAAF839-031C-4E62-803B-4E2ED93A58C7}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{114A59A9-E4DC-4124-BCE6-5F892358772D}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{9E9296E1-B28E-484D-B3AD-A5A8E741FAE4}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{C82BD0F9-B780-4C99-B55D-A04D7A7E16A0}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{858F342E-7B13-4112-BD1A-E2944902ADE1}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{667A339F-FF1F-4BBE-85A6-1E0F70DACEC0}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{60CE887F-C642-4DC9-94CE-1E0E3DC63F3E}"= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{821A9DB1-ADEE-4C28-B28D-C31F5909A729}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{E672D89B-9E29-4CE7-A933-3C3E7FA24245}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{905255B7-00A8-4128-892F-181FF5DC1A62}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{06F23AA8-B405-463E-BC2A-3B387AEF280D}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{B2A942B9-F055-4900-ABD6-6CA599F9559F}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{42B3DB24-7AFE-45AA-8BA3-49426FC5CDC4}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{D5A0BE60-72A9-4038-B09C-F5B96C57E421}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{D02388C8-E0C0-419E-A1C5-CD3DAE1FE40F}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6A331B70-CE7C-47B6-A6DF-DD3DEC3B8D9A}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3D3071CE-AAB8-4D2F-A1CF-CF7A25027EB1}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{B6B9AF50-0F60-49F6-97B4-A0F62B970FB5}"= UDP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{4CBDC130-77E2-4C76-9982-596DD834526C}"= TCP:c:\windows\System32\lxddcoms.exe:Lexmark Communications System
"{C882E8B0-3E79-4236-ADBB-DA9790A07A9F}"= UDP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{25A5E564-97D5-499F-BE64-3A547B772888}"= TCP:c:\program files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{8738F990-93A6-4A5C-B2B8-95970242F840}"= UDP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{CF5662C2-951D-4C9A-8659-87103748675F}"= TCP:c:\program files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{267E0EC7-9AF4-4BF0-AC17-6168D754E354}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{252C495B-8C04-478F-89B4-BBCEDD6C136D}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddpswx.exe:
"{7D464073-CA26-4920-831B-686304B326AB}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddjswx.exe:
"{F83D2F44-E781-49DB-9701-6AB00AA3354F}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddjswx.exe:
"{58FC9B91-DCA0-4523-894C-AD972EEB859B}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"{D5E43EEE-E277-47D2-BB6C-96F1F7EBC8AB}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxddtime.exe:
"{8C00BDB5-37CA-4726-BB87-3CCB63E818FA}"= UDP:c:\program files\Lexmark 2500 Series\lxddmon.exe:
"{EC1F80F0-A13D-4173-81E9-36755C47C520}"= TCP:c:\program files\Lexmark 2500 Series\lxddmon.exe:

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [4/22/2008 9:49 PM 114768]
R1 c2scsi;c2scsi;c:\windows\System32\drivers\C2SCSI.SYS [8/18/2007 1:34 AM 252152]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [4/22/2008 9:49 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [4/22/2008 9:49 PM 51792]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [12/25/2007 5:07 PM 40960]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [8/24/2007 3:52 PM 166384]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [12/3/2007 8:03 PM 126976]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/12/2008 8:23 PM 24652]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxddserv.exe [5/25/2007 5:41 AM 99248]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [8/24/2007 3:53 PM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [8/24/2007 3:52 PM 309744]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [8/24/2007 3:53 PM 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [8/24/2007 3:52 PM 1083888]
S3 SeratoUsb;SeratoUsb driver;c:\windows\System32\drivers\SeratoUsb.sys [5/21/2007 5:04 PM 29696]
S3 US428;US428 Driver;c:\windows\System32\drivers\US428.sys [2/8/2009 5:18 PM 130048]
S3 US428DL;US428 Firmware Downloader;c:\windows\System32\drivers\US428DL.sys [2/8/2009 5:18 PM 18048]
S3 Us428WdmService;US428 Wdm Audio;c:\windows\System32\drivers\US428Wdm.sys [2/8/2009 5:18 PM 39296]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-HWSetup - \HWSetup.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Krish Sincere\AppData\Roaming\Mozilla\Firefox\Profiles\hhatd7ln.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Krish Sincere\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-07-25 23:26
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\KRISHS~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(9692)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\audiodg.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\wlanext.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\System32\lxddcoms.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\System32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\toshiba\IVP\ISM\Ivpsvmgr.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
.
**************************************************************************
.
Completion time: 2009-07-26 23:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-26 03:31

Pre-Run: 70,881,988,608 bytes free
Post-Run: 70,764,224,512 bytes free

314 --- E O F --- 2009-07-24 04:13


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, July 26, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, July 26, 2009 07:13:14
Records in database: 2534287
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 223176
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 10:11:47


File name / Threat name / Threats count
E:\MUSIC\My Music\Top of Charts - 2004 (vampire).wma Infected: Trojan-Downloader.WMA.Wimad.k 1

The selected area was scanned.
Sincere is offline  
Old 07-26-2009, 03:52 PM   #8
TSF Team, Emeritus
 
Katana's Avatar
 
Join Date: Nov 2007
Location: Manchester, UK
Posts: 1,380
OS: W2K SP4 + XP SP2 + Vista



Delete this file :-
E:\MUSIC\My Music\Top of Charts - 2004 (vampire).wma

Download Winpatrol It is an excellent startup manager and then some !!

Install Winpatrol, and when running click on the Startup Programs tab
Disable any programs that you don't need running at startup.

reboot your machine.
Please post a fresh DDS log
How are things running now ?
__________________
Katana is offline  
Old 07-27-2009, 01:59 AM   #9
Guest
 
Join Date: Oct 2005
Posts: 67
OS:



PC seems to have sped up slightly, cpu usage meter still runs high.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Krish Sincere at 3:57:11.20 on Mon 07/27/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1027 [GMT -4:00]

AV: avast! antivirus 4.8.1229 [VPS 081219-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! antivirus 4.8.1229 [VPS 081219-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\lxddcoms.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Users\Krish Sincere\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Toshiba\IVP\ISM\ivpsvmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Krish Sincere\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [BitTorrent DNA] "c:\users\krish sincere\program files\dna\btdna.exe"
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [NDSTray.exe] NDSTray.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe"
mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe"
mRun: [Skytel] Skytel.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\users\krishs~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: Performer Optimum - hxxp://img.livejasmin.com/performeroptimum/performer_optimum.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\krishs~1\appdata\roaming\mozilla\firefox\profiles\hhatd7ln.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\krish sincere\program files\dna\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-22 114768]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\C2SCSI.SYS [2007-8-18 252152]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-22 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-4-22 51792]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2007-8-24 166384]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-12 24652]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-5-25 99248]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2007-8-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2007-8-24 309744]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2007-8-24 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2007-8-24 1083888]
S3 SeratoUsb;SeratoUsb driver;c:\windows\system32\drivers\SeratoUsb.sys [2007-5-21 29696]
S3 US428;US428 Driver;c:\windows\system32\drivers\US428.sys [2009-2-8 130048]
S3 US428DL;US428 Firmware Downloader;c:\windows\system32\drivers\US428DL.sys [2009-2-8 18048]
S3 Us428WdmService;US428 Wdm Audio;c:\windows\system32\drivers\US428Wdm.sys [2009-2-8 39296]

=============== Created Last 30 ================

2009-07-27 03:53 <DIR> --d----- c:\users\krishs~1\appdata\roaming\WinPatrol
2009-07-27 03:53 <DIR> --d----- c:\program files\BillP Studios
2009-07-25 23:26 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-07-25 22:22 219,648 a------- c:\windows\PEV.exe
2009-07-25 22:22 161,792 a------- c:\windows\SWREG.exe
2009-07-25 22:22 98,816 a------- c:\windows\sed.exe
2009-07-21 17:58 <DIR> --d----- c:\users\krishs~1\appdata\roaming\Malwarebytes
2009-07-21 17:58 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 17:58 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-21 17:58 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-21 17:58 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-21 17:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 23:33 <DIR> --d----- c:\programdata\WinZip
2009-07-17 18:25 <DIR> --d----- c:\windows\system32\eu-ES
2009-07-17 18:25 <DIR> --d----- c:\windows\system32\ca-ES
2009-07-17 18:25 <DIR> --d----- c:\windows\system32\vi-VN
2009-07-17 16:05 <DIR> --d----- c:\windows\system32\EventProviders
2009-07-17 16:04 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-07-17 16:04 3,408,896 a------- c:\windows\system32\SLsvc.exe
2009-07-17 16:04 1,081,344 a------- c:\windows\system32\SLCExt.dll
2009-07-17 16:04 2,134,528 a------- c:\windows\system32\FunctionDiscoveryFolder.dll
2009-07-17 16:04 65,536 a------- c:\windows\system32\DevicePairingWizard.exe
2009-07-17 16:02 385,536 a------- c:\windows\system32\vds.exe
2009-07-17 16:01 187,904 a------- c:\windows\system32\eapp3hst.dll
2009-07-14 20:29 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-14 20:29 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-14 20:29 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-14 20:29 34,304 a------- c:\windows\system32\atmlib.dll
2009-07-14 20:29 23,552 a------- c:\windows\system32\lpk.dll
2009-07-14 20:29 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-09 03:29 <DIR> --d----- c:\programdata\Lavasoft
2009-07-09 03:29 <DIR> --d----- c:\program files\Lavasoft
2009-07-03 15:58 <DIR> --d----- C:\New Folder (2)

==================== Find3M ====================

2009-07-26 23:51 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-07-17 18:32 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-17 18:32 86,016 a------- c:\windows\inf\infstor.dat
2009-07-17 18:32 51,200 a------- c:\windows\inf\infpub.dat
2009-07-17 18:25 665,600 a------- c:\windows\inf\drvindex.dat
2009-06-21 13:21 127,034 -----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 3:57:56.25 ===============
Sincere is offline  
Old 07-27-2009, 02:14 AM   #10
TSF Team, Emeritus
 
Katana's Avatar
 
Join Date: Nov 2007
Location: Manchester, UK
Posts: 1,380
OS: W2K SP4 + XP SP2 + Vista



Quote:
PC seems to have sped up slightly, cpu usage meter still runs high.
Your log still shows these programs running at bootup
Quote:
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [BitTorrent DNA] "c:\users\krish sincere\program files\dna\btdna.exe"
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [NDSTray.exe] NDSTray.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe"
mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe"
mRun: [Skytel] Skytel.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
At least half of these are not needed


There is no malware that would be causing your problem.
Unfortunately you are now outside my area of knowledge, so I'm going to have to recommend that you visit the tech forum for assistance.

https://www.techsupportforum.com/f217/


----------------------------------------------------------------------------------------
Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up

Uninstall Combofix
  • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
  • Click START, type RUN into the search box, then click Enter
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.

OTCleanup
Please download OTCleanup from HERE
Click the OTC.exe icon and then click the CleanUp button.
If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
Let me know if there were any problems with OT CleanIt




You can also delete any logs we have produced, and empty your Recycle bin.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

https://www.pandasecurity.com/activescan
https://www.kaspersky.com/kos/eng/par...avwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware
  • AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner

Prevention
  • These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 4.0
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers
  • Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
  • Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
__________________
Katana is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:28 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts