Jump to content

roland67

Member
  • Content Count

    39
  • Joined

  • Last visited

About roland67

  • Rank
    Lunar Novice

Personal Information

  • Gender
    Male
  • Location
    The Rock
  • Website URL
    http://
  • Country
    Canada
  • OS
    XP Pro x64
  1. roland67

    Now4Nephew's

    All good I think. Tarun I was born in New Orleans and there is no Bon Temps. Are you a vampire? Anyway thanks for everything. You rock! Even if you are a vampire
  2. roland67

    How did you find Lunarsoft?

    Can't remember now but likely some reference at What the Tech or Malware Removal forums. Great to be here. Am learning a lot.
  3. roland67

    Now4Nephew's

    Hi Tarun, glad to see you here. I cannot believe how fast you come around to look at logs. Every where else you end up waiting for days before you hear anything. I think you guys must still be under the radar.
  4. roland67

    Now4Nephew's

    Ok guys. I think this laptop is clean now but I would like a second opinion. Here is the log. I have disabled the toshiba stuff in startup. Are there any of these peripherals that would be best removed completely? Thanks very much. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:30:52 PM, on 08/03/2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\ltmoh\ltmoh.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Windows\system32\wuauclt.exe C:\Users\Brody\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1355.0\npwinext.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1355.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1355.0\npwinext.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Update Service (gupdate1c9d38714325b60) (gupdate1c9d38714325b60) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- End of file - 6548 bytes
  5. roland67

    Now4Nephew's

    Thanks Greenknight. Sorry for the misplaced post. I will put up a hijack log once I have taken care of the Hosts file problem. Fingers crossed that it will be clean.
  6. roland67

    Now4Nephew's

    Am working on nephew's Toshiba laptop. Cleaned most everythjing I think and will shortly post a hijack this log. Any help to completely remove fraud.windowsprotectionsuite? Spybot unable to remove? He was running Cyberdefender for an antivirus. This much I have remedied and avast is in it's place. Any helpful suggestions guys?
  7. roland67

    Roland redirected

    Thanks again for all the great info guys. I try to give back by assisting family and friends with their pc problems. Much of what I do I learned here and other forums.
  8. roland67

    Roland redirected

    Thanks again for all the great info. You guys have been generous and invaluable. I am familiar with Belarc. Will dl it and use forthwith. Got my audio going with realtek ac97. Don't think that will mess anything up. I have updated windows and yes it did take a really long time. I dld everything until it told me all I could get were optionals and I scooped a few of those. On a side note, what do you think of Glary Utilities? Also Secunia Software Inspector?
  9. roland67

    Roland redirected

    What would be the best utility to use to determine waht all drivers I need? Looking for the easy way out here.
  10. roland67

    Roland redirected

    Hi guys, Saved my stuff formatted and I believe rootkit is gone. I had to dl & install driver for video and am wondering if I have to do the same for sound. Do I do the same thing and figure out what my sound card is and dl driver?
  11. roland67

    Roland redirected

    Thanks G. I am scanning with Avira now. Be back later.
  12. roland67

    Roland redirected

    What if I need to recover data? I have a lot of recent family pictures that were not yet backed up. Not to mention a lot of music, work related material etc. Please tell me there is some way to recover?
  13. roland67

    Roland redirected

    Have now tried boot disc to no avail. repair does not work. I end up back at the windows countdown screen. If I select setup Windows XP it wants me to delete the old os. Not sure at all what to do here?
  14. roland67

    Roland redirected

    Thanks for the links Greenknight and Guitar Mike. The bluebirds thing was something I encountered on a pc at work. If it is associated with adware, I guess I should eliminate it.
  15. roland67

    Roland redirected

    Hey Tarun, Do you happen to know what bluebirds.exe is?
×