Tech Support Forum banner
Cancel

My computer is in dire straits

Jump to Latest Follow
Status
Not open for further replies.
1 - 3 of 3 Posts
B

· Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
Hi,

These are the following problems my computer has been having the last 3 months. Each problem has been getting worse and worse over this period of time.

1. Applications are very, very slow to open.
2. Firefox and Internet Explorer continuously keep shutting down after a few moments of web surfing. It has shut down twice while I attempted to post this.
3. Before IE shuts down, sometimes (not always), an error message which goes something like, “IE encountered a problem with stmain.dll and needs to close.”
4. I have installed and run daily AVG 7.5. The scans have stopped finding viruses about a month ago, while the Panda scan has found all sorts of problems.
5. I have installed and run every few days, Spybot. My last scan yesterday found and fixed 120 entries. This has not improved my computer’s performance.
6. I have also installed AVG Anti rootkit yesterday for the first time. It didn’t find anything, but the Panda scan found 4 rootkits.
7. I am still getting pop-up when IE manages to run. One in particular pops up in the upper left hand corner of my screen then disappears after a ‘blip’ noise.
8. According to some of my MSN contacts, I sent them a virus in the form of a zip file. I checked the message logs, and it has me inviting the person I am chatting with to open up a zip file of some pretty girl…which I have never done.
9. Very strange computer behaviour in the last few days…I re-started my pc after firefox crashed again, and IE browser screens began to pop up very quickly and in rapid succession. The page said that the browser couldn’t show the page as the connection was down (it wasn’t) and the URL had this in it ‘63.131.144.170/c’ Also, when I restarted in another time later that day, 2 MS-DOS black screens showed up without my prompting.


Deckard's System Scanner v20071014.68
Run by Romy on 2007-11-11 09:56:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
32: 2007-11-10 22:57:19 UTC - RP314 - Deckard's System Scanner Restore Point
31: 2007-11-10 20:12:55 UTC - RP313 - Installed ZIP Reader 8.00.0018
30: 2007-11-08 17:26:58 UTC - RP312 - System Checkpoint
29: 2007-11-07 01:39:49 UTC - RP311 - System Checkpoint
28: 2007-11-06 01:09:56 UTC - RP310 - System Checkpoint


-- First Restore Point --
1: 2007-08-18 17:51:07 UTC - RP283 - Advanced WindowsCare RestorePoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 247 MiB (512 MiB recommended).


-- HijackThis (run as Romy.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-11 09:58:25
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TME3\TMESRV31.exe
C:\WINDOWS\system32\CAP2RSK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2SWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2SWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2SWK.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.exe
C:\WINDOWS\agrsmmsg.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
C:\Documents and Settings\Romy\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/Parental%20Filter/search_script.htm
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsr558.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Editor plugin - {DC1CCBD3-F6B7-458f-8412-3687E06FB393} - netmonit.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CAP2ON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAP2ONN.EXE
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = ?
O4 - Global Startup: RtlWake.lnk = C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\netfilter.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{27970AAF-689C-4C24-B5CC-909515354B83}: NameServer = 203.12.160.35,203.12.160.36
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{3E89FD67-900E-45FB-AA4A-E8535730157F}: NameServer = 203.12.160.35,203.12.160.36
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: 0Øà€ - C:\WINDOWS\system32\0Øà€ (file missing)
O20 - Winlogon Notify: €(0€ - C:\WINDOWS\system32\€(0€ (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\TMESRV31.exe


--
End of file - 9697 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 TVALG (Toshiba Value Added Logical and General Purpose Device Driver) - c:\windows\system32\drivers\tvalg.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Value Added Logical and General Purpose Device Driver>
R1 EKECioCtl (ECioCtl) - c:\program files\toshiba\e-key\ekecioctl.sys <Not Verified; TOAHIBA,; >
R1 HWSCtrl (TOSHIBA Hardware Setup) - c:\program files\toshiba\toshiba applet\hws_iodispatch.sys
R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsushita Electric Industrial Co.,Ltd.; >
R1 SPCtl (TOSHIBA Supervisor Password) - c:\program files\toshiba\windows utilities\spdispatch.sys <Not Verified; TOSHIBA; >
R1 SrvcEKIOMngr - c:\program files\toshiba\e-key\ekiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>
R1 SrvcSSIOMngr - c:\program files\toshiba\e-key\ssiomngr.sys <Not Verified; COMPAL ELECTRONIC INC.; Compal IoManager Application>
R1 StickyMesger - c:\program files\toshiba\accessibility\stickymesger.sys <Not Verified; TOSHIBA; >
R1 TMEI3E - c:\windows\system32\drivers\tmei3e.sys <Not Verified; Toshiba Corporation; Toshiba Mobile Extension>
R1 TPECioCtl - c:\program files\toshiba\touchpad\tpecioctl.sys <Not Verified; TOAHIBA,; >
R1 TPwSav (Toshiba Power Saver Driver) - c:\windows\system32\drivers\tpwsav.sys <Not Verified; TOSHIBA; >
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol>
R3 rtl8180 (Belkin 11Mbps Wireless Notebook Network Card Driver) - c:\windows\system32\drivers\bel6020.sys <Not Verified; Belkin Corporation; Belkin 11Mbps Wireless Notebook Network Card>

S0 PxHelp20 - c:\windows\system32\drivers\pxhelp20.sys (file missing)
S2 DritekPortIO (Dritek General Port I/O) - c:\drivers\fn-esse\dportio.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree(TM)>
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsushita Electric Industrial Co., Ltd.; >
R2 Tmesrv (Tmesrv3) - "c:\program files\toshiba\tme3\tmesrv31.exe" /service <Not Verified; TOSHIBA; TOSHIBA MobileExtension Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMTSSTCORP_CDW/DVD_TS-L462A_______________TF30____\345A493430373735323420202020202020202020
Manufacturer: (Standard CD-ROM drives)
Name: TSSTcorp CDW/DVD TS-L462A
PNP Device ID: IDE\CDROMTSSTCORP_CDW/DVD_TS-L462A_______________TF30____\345A493430373735323420202020202020202020
Service: cdrom


-- Files created between 2007-10-11 and 2007-11-11 -----------------------------

2007-11-11 09:54:02 21312 --a------ C:\WINDOWS\choice.exe
2007-11-11 09:52:20 0 d-------- C:\Documents and Settings\Romy\Application Data\WinRAR
2007-11-11 09:51:18 0 d-------- C:\ie-spyad
2007-11-11 09:15:24 79875 --a------ C:\WINDOWS\system32\adssite-remove.exe
2007-11-11 07:46:58 138 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2007-11-11 07:46:58 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware>
2007-11-11 07:29:37 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-11 07:29:34 0 d-------- C:\WINDOWS\LastGood
2007-11-11 07:13:02 0 d-------- C:\Program Files\Common Files\PKWARE
2007-11-11 07:12:59 0 d-------- C:\Program Files\PKWARE
2007-11-11 06:13:22 0 dr-h----- C:\Documents and Settings\Romy\Recent
2007-11-10 05:14:22 4319 --a------ C:\Documents and Settings\Abigail\cc_20071110_0514.reg
2007-11-09 08:22:04 0 d-------- C:\Program Files\SpywareBlaster
2007-11-05 20:51:50 0 d-------- C:\Program Files\uTorrent
2007-11-05 20:51:48 0 d-------- C:\Documents and Settings\Romy\Application Data\uTorrent
2007-11-04 05:52:46 0 d-------- C:\Documents and Settings\Romy\Application Data\GRETECH
2007-11-03 20:58:00 0 d-------- C:\Program Files\GRETECH
2007-11-03 15:38:03 0 d-------- C:\Documents and Settings\Romy\Application Data\Uniblue
2007-10-31 05:15:42 139264 --a------ C:\WINDOWS\system32\nsr558.dll
2007-10-31 03:31:14 75776 --a------ C:\WINDOWS\system32\gzmrotate.dll
2007-10-26 18:17:23 0 d-------- C:\Documents and Settings\Romy\Application Data\Canon
2007-10-24 17:25:59 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-24 17:02:21 0 d-------- C:\Documents and Settings\Romy\Application Data\GlarySoft
2007-10-24 16:58:47 0 d-------- C:\Program Files\Glary Utilities


-- Find3M Report ---------------------------------------------------------------

2007-11-11 08:39:16 0 d-------- C:\Program Files\QuickTime
2007-11-11 08:33:28 0 d-------- C:\Program Files\iTunes
2007-11-11 08:26:17 0 d-------- C:\Program Files\Apoint2K
2007-11-11 08:00:23 0 d-------- C:\Documents and Settings\Romy\Application Data\AVG7
2007-11-11 07:13:02 0 d-------- C:\Program Files\Common Files
2007-11-10 06:06:50 0 d-------- C:\Documents and Settings\Romy\Application Data\LimeWire
2007-11-10 05:14:51 0 d-------- C:\Program Files\Adssite Advanced Toolbar
2007-11-07 04:23:09 0 d-------- C:\Program Files\MSN Messenger
2007-10-24 17:25:48 0 d-------- C:\Program Files\OfficeUpdate11
2007-10-24 17:25:47 0 d-------- C:\Program Files\DivX
2007-10-24 17:25:47 0 d-------- C:\Program Files\Canon
2007-10-24 17:25:45 0 d-------- C:\Documents and Settings\Romy\Application Data\Apple Computer
2007-10-24 17:25:45 0 d-------- C:\Documents and Settings\Romy\Application Data\Adobe
2007-10-09 02:43:22 0 d-------- C:\Documents and Settings\Romy\Application Data\ArcSoft
2007-10-05 06:35:09 3442 --a------ C:\WINDOWS\mozver.dat
2007-10-02 02:54:39 13312 --a------ C:\WINDOWS\system32\netfilter.dll
2007-10-02 01:50:41 0 d-------- C:\Documents and Settings\Romy\Application Data\Adssite Advanced Toolbar
2007-10-01 21:59:48 0 d-------- C:\Program Files\AusLogics Disk Defrag
2007-09-27 04:02:11 39881 --a------ C:\WINDOWS\system32\gzmrot-uninst.exe
2007-09-26 01:25:02 55030 --a------ C:\WINDOWS\system32\xpdx.sys
2007-09-21 17:55:28 1 --a------ C:\WINDOWS\system32\ps1.dat
2007-09-21 17:55:28 1 --a------ C:\WINDOWS\system32\cookie1.dat
2007-09-21 17:33:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-21 01:38:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-21 01:32:12 52224 -----n--- C:\WINDOWS\system32\netmonit.dll <Not Verified; Microsoft Corporation; Flash plugin>
2007-09-20 13:30:08 2 --a------ C:\-2107230236
2007-09-20 06:00:53 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]
31/10/2007 05:15 AM 139264 --a------ C:\WINDOWS\system32\nsr558.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC1CCBD3-F6B7-458f-8412-3687E06FB393}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [02/11/2004 12:03 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [02/11/2004 11:59 AM]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [30/11/2004 04:10 AM]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [24/03/2004 01:40 AM]
"TPSMain"="TPSMain.exe" [28/08/2004 04:34 AM C:\WINDOWS\system32\TPSMain.exe]
"ZoomingHook"="ZoomingHook.exe" [15/07/2004 11:07 AM C:\WINDOWS\system32\ZoomingHook.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [16/09/2004 10:03 AM]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [24/12/2004 01:07 PM]
"TOSHIBA Accessibility"="C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe" [08/12/2004 12:24 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [03/08/2004 08:05 PM]
"TMESRV.EXE"="C:\Program Files\TOSHIBA\TME3\TMESRV31.exe" [12/11/2004 05:43 AM]
"TMERzCtl.EXE"="C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe" [07/12/2004 04:54 PM]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [24/12/2004 01:23 PM]
"AGRSMMSG"="AGRSMMSG.exe" [07/12/2004 01:49 AM C:\WINDOWS\agrsmmsg.exe]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [29/11/2004 10:06 PM]
"CAP2ON"="C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAP2ONN.EXE" [08/02/2002 08:00 PM]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [07/07/2003 10:29 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [08/02/2006 02:03 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/03/2006 06:52 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [13/04/2005 04:48 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [25/10/2007 10:55 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [05/09/2003 10:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 11:00 PM]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [24/11/2006 06:54 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 5:44:06 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [21/01/2000 7:15:54 PM]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [28/12/2004 6:42:36 PM]
RtlWake.lnk - C:\Program Files\Belkin Corporation\Belkin Wireless Network Monitor Utility and Driver\RtlWake.exe [5/04/2005 1:03:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\0Øà€]
0Øà€

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\€(0€]
€(0€

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"




-- End of Deckard's System Scanner: finished at 2007-11-11 10:00:00 ------------

If I have missed a step, please advise. I am very new at this and have had to give myself a crash course in malware and do note entirel understand computer lingo. Thanks.
 

Attachments

Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#3 ·
Hello bambina_85,

Welcome to TSF, and thank you for your patience.:smile:

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

1. Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**


2. Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% -(Drive that contains the Windows Directory, typically C:\SDFix). Do not run it yet.

--------------------------------------------------------------------

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt I'll need that in your next reply.
--------------------------------------------------------------------

After SDFix has rebooted your system into Normal Mode...

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • I'll need the C:\ComboFix.txt in your next reply

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

-----------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

C:\SDFix\Report.txt
C:\ComboFix.txt
New HijackThis log
 
Save Share
1 - 3 of 3 Posts
Status
Not open for further replies.
About this Discussion
2 Replies
2 Participants
Last post:
Ried
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top