Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by roland67

  1. All good I think. Tarun I was born in New Orleans and there is no Bon Temps. Are you a vampire? Anyway thanks for everything. You rock! Even if you are a vampire
  2. Can't remember now but likely some reference at What the Tech or Malware Removal forums. Great to be here. Am learning a lot.
  3. Hi Tarun, glad to see you here. I cannot believe how fast you come around to look at logs. Every where else you end up waiting for days before you hear anything. I think you guys must still be under the radar.
  4. Ok guys. I think this laptop is clean now but I would like a second opinion. Here is the log. I have disabled the toshiba stuff in startup. Are there any of these peripherals that would be best removed completely? Thanks very much. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:30:52 PM, on 08/03/2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\ltmoh\ltmoh.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Windows\system32\wuauclt.exe C:\Users\Brody\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1355.0\npwinext.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1355.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1355.0\npwinext.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Google Update Service (gupdate1c9d38714325b60) (gupdate1c9d38714325b60) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- End of file - 6548 bytes
  5. Thanks Greenknight. Sorry for the misplaced post. I will put up a hijack log once I have taken care of the Hosts file problem. Fingers crossed that it will be clean.
  6. Am working on nephew's Toshiba laptop. Cleaned most everythjing I think and will shortly post a hijack this log. Any help to completely remove fraud.windowsprotectionsuite? Spybot unable to remove? He was running Cyberdefender for an antivirus. This much I have remedied and avast is in it's place. Any helpful suggestions guys?
  7. Thanks again for all the great info guys. I try to give back by assisting family and friends with their pc problems. Much of what I do I learned here and other forums.
  8. Thanks again for all the great info. You guys have been generous and invaluable. I am familiar with Belarc. Will dl it and use forthwith. Got my audio going with realtek ac97. Don't think that will mess anything up. I have updated windows and yes it did take a really long time. I dld everything until it told me all I could get were optionals and I scooped a few of those. On a side note, what do you think of Glary Utilities? Also Secunia Software Inspector?
  9. What would be the best utility to use to determine waht all drivers I need? Looking for the easy way out here.
  10. Hi guys, Saved my stuff formatted and I believe rootkit is gone. I had to dl & install driver for video and am wondering if I have to do the same for sound. Do I do the same thing and figure out what my sound card is and dl driver?
  11. Thanks G. I am scanning with Avira now. Be back later.
  12. What if I need to recover data? I have a lot of recent family pictures that were not yet backed up. Not to mention a lot of music, work related material etc. Please tell me there is some way to recover?
  13. Have now tried boot disc to no avail. repair does not work. I end up back at the windows countdown screen. If I select setup Windows XP it wants me to delete the old os. Not sure at all what to do here?
  14. Thanks for the links Greenknight and Guitar Mike. The bluebirds thing was something I encountered on a pc at work. If it is associated with adware, I guess I should eliminate it.
  15. Hey Tarun, Do you happen to know what bluebirds.exe is?
  16. Thanks Tarun. I will let you know how it turns out. Hopefully I will be able to stop bugging you guys.
  17. Hi Tarun! Oops, thought I saw you here looking at my post.
  18. Hi Tarun, I have not yet had a chance to try to boot up with XP Pro disc. As of now pc will go to screen where you can choose from safe mode, last known config, countdown to Windows startup etc. No matter what I choose there, screen blacks out for a few seconds and then returns to Windows countdown screen. There was a Windows update the night before pc would not boot up. A friend suggests that If I can get it to boot, I should get everything off that I need and reformat the harddrive twice. He thinks that should get rid of TDSS. What do you think? I guess there is not much to say until I determine if I can get my machine booted. Regarding my chastisement by Mr. Greenknight above, I did not mean to ignore you or be rude. Just alittle spaced out after two weeks of trying to fix the worst pc problem I have ever been faced with. I love your site. I adore the antimalware toolkit. You guys rock!
  19. Playing it now, loving it. It is a little repetitive. I did not think I would like the graphics but the cartoonish quality is actually very cool.
  20. I have the XP pro boot disc now so I will try to get onto my pc with that when I am off work. Is ther a specific link at Bleeping Computer dealing with the TDSS rootkit. Also how do I figure out if it really is the rootkit?
  21. Am back. Downloaded above update and cannot reboot. Please explain usb option?
  22. Vundofix says no vundo found. I can't believe this. I have never had an infection this tough to be rid of. I really appreciate that there are people like you guys out there to help. Thanks for your efforts. Shall we try something else?
  23. Have followed your instructions. Unfortunately no joy. What next?
  24. Google chrome seems to be clean. I like firefox better and this redirect thing is driving me crazy.
  25. Ok. I have tried that now and am redirected to info.com. If I hit back button I go to intended site.
  • Create New...