BAD VIRUS...computer slow

[jvargus]

Hello Cybertech,

i need help with My laptop it's really bad. Here is my hijackthis log. I hope someone can help me out with this

Logfile of HijackThis v1.99.1
Scan saved at 2:01:59 PM, on 6/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O1 - Hosts: 84.252.148.113 www.affinityfcu.org
O1 - Hosts: 84.252.148.113 affinityfcu.org
O1 - Hosts: 84.252.148.113 www.azfcu.org
O1 - Hosts: 84.252.148.113 azfcu.org
O1 - Hosts: 84.252.148.113 www.zionbank.com
O1 - Hosts: 84.252.148.113 zionbank.com
O1 - Hosts: 84.252.148.113 www.royalbank.com
O1 - Hosts: 84.252.148.113 royalbank.com
O1 - Hosts: 84.252.148.113 www.desjardins.com
O1 - Hosts: 84.252.148.113 desjardins.com
O1 - Hosts: 84.252.148.113 www.suncoastfcu.org
O1 - Hosts: 84.252.148.113 suncoastfcu.org
O1 - Hosts: 84.252.148.113 capitalone.com
O1 - Hosts: 84.252.148.113 www.capitalone.com
O1 - Hosts: 84.252.148.113 www.bankofamerica.com
O1 - Hosts: 84.252.148.113 bankofamerica.com
O1 - Hosts: 84.252.148.113 www.chase.com
O1 - Hosts: 84.252.148.113 chase.com
O1 - Hosts: 84.252.148.113 www.southtrust.com
O1 - Hosts: 84.252.148.113 southtrust.com
O1 - Hosts: 84.252.148.113 www.wachovia.com
O1 - Hosts: 84.252.148.113 wachovia.com
O1 - Hosts: 84.252.148.113 www.wellsfargo.com
O1 - Hosts: 84.252.148.113 wellsfargo.com
O1 - Hosts: 84.252.148.113 www.citi.com
O1 - Hosts: 84.252.148.113 citi.com
O1 - Hosts: 84.252.148.113 www.citibank.com
O1 - Hosts: 84.252.148.113 citibank.com
O1 - Hosts: 84.252.148.113 www.etrade.com
O1 - Hosts: 84.252.148.113 etrade.com
O1 - Hosts: 84.252.148.113 www.neteller.com
O1 - Hosts: 84.252.148.113 neteller.com
O1 - Hosts: 84.252.148.113 tcfbank.com
O1 - Hosts: 84.252.148.113 www.tcfbank.com
O1 - Hosts: 84.252.148.113 comerica.com
O1 - Hosts: 84.252.148.113 www.comerica.com
O1 - Hosts: 84.252.148.113 www.3riversfcu.org
O1 - Hosts: 84.252.148.113 3riversfcu.org
O1 - Hosts: 84.252.148.113 www.53.com
O1 - Hosts: 84.252.148.113 53.com
O1 - Hosts: 84.252.148.113 www.bbt.com
O1 - Hosts: 84.252.148.113 bbt.com
O1 - Hosts: 84.252.148.113 www.cnbwax.com
O1 - Hosts: 84.252.148.113 cnbwax.com
O1 - Hosts: 84.252.148.113 www.cwbk.com
O1 - Hosts: 84.252.148.113 cwbk.com
O1 - Hosts: 84.252.148.113 www.edsefcu.org
O1 - Hosts: 84.252.148.113 edsefcu.org
O1 - Hosts: 84.252.148.113 www.firstusa.com
O1 - Hosts: 84.252.148.113 firstusa.com
O1 - Hosts: 84.252.148.113 www.frontierbank.com
O1 - Hosts: 84.252.148.113 frontierbank.com
O1 - Hosts: 84.252.148.113 www.gncu.org
O1 - Hosts: 84.252.148.113 gncu.org
O1 - Hosts: 84.252.148.113 www.householdbank.com
O1 - Hosts: 84.252.148.113 householdbank.com
O1 - Hosts: 84.252.148.113 www.icicibank.com
O1 - Hosts: 84.252.148.113 icicibank.com
O1 - Hosts: 84.252.148.113 www.mbna.com
O1 - Hosts: 84.252.148.113 mbna.com
O1 - Hosts: 84.252.148.113 www.mibank.com
O1 - Hosts: 84.252.148.113 mibank.com
O1 - Hosts: 84.252.148.113 www.midamericabank.com
O1 - Hosts: 84.252.148.113 midamericabank.com
O1 - Hosts: 84.252.148.113 www.myindymacbank.com
O1 - Hosts: 84.252.148.113 myindymacbank.com
O1 - Hosts: 84.252.148.113 www.nafcunet.org
O1 - Hosts: 84.252.148.113 nafcunet.org
O1 - Hosts: 84.252.148.113 www.nationalcity.com
O1 - Hosts: 84.252.148.113 nationalcity.com
O1 - Hosts: 84.252.148.113 www.cnb.com
O1 - Hosts: 84.252.148.113 cnb.com
O1 - Hosts: 84.252.148.113 www.nationwide.com
O1 - Hosts: 84.252.148.113 nationwide.com
O1 - Hosts: 84.252.148.113 www.netbank.com
O1 - Hosts: 84.252.148.113 netbank.com
O1 - Hosts: 84.252.148.113 www.netbank.com
O1 - Hosts: 84.252.148.113 netbank.com.au
O1 - Hosts: 84.252.148.113 www.netbank.com.au
O1 - Hosts: 84.252.148.113 www.commbank.com.au
O1 - Hosts: 84.252.148.113 www.postfinance.com
O1 - Hosts: 84.252.148.113 postfinance.com
O1 - Hosts: 84.252.148.113 www.providian.com
O1 - Hosts: 84.252.148.113 providian.com
O1 - Hosts: 84.252.148.113 www.sbbt.com
O1 - Hosts: 84.252.148.113 sbbt.com
O1 - Hosts: 84.252.148.113 www.sears.com
O1 - Hosts: 84.252.148.113 sears.com
O1 - Hosts: 84.252.148.113 telcomcu.com
O1 - Hosts: 84.252.148.113 www.telcomcu.com
O1 - Hosts: 84.252.148.113 www.tcuonline.org
O1 - Hosts: 84.252.148.113 tcuonline.org
O1 - Hosts: 84.252.148.113 www.uofcfcu.com
O1 - Hosts: 84.252.148.113 uofcfcu.com
O1 - Hosts: 84.252.148.113 www.usaa.com
O1 - Hosts: 84.252.148.113 usaa.com
O1 - Hosts: 84.252.148.113 www.warrenfcu.com
O1 - Hosts: 84.252.148.113 warrenfcu.com
O1 - Hosts: 84.252.148.113 visionsfcu.org
O1 - Hosts: 84.252.148.113 www.visionsfcu.org
O1 - Hosts: 84.252.148.113 www.tcfexpress.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Zango Toolbar - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - C:\Program Files\ZangoToolbar\Bin\4.8.3.0\ZbHostIE.dll (file missing)
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printra y.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\System32\rpcc.exe
O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\System32\jjvrlpgr.dll",realset
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKLM\..\Run: [clcl11] C:\WINDOWS\System32\clcl11.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://privacyprotector.com/.freewar...yprotector.cab
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/act...cheManager.CAB
O16 - DPF: {E596DF5F-4239-4D40-8367-EBADF0165917} - http://privacyprotector.com/.freewar...yprotector.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSIEUpdater_2 (Microsoft IE Updater_2) - Unknown owner - C:\Documents and Settings\Esther\ie_updater.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: vwservice - Unknown owner - C:\WINDOWS\System32\vwsrv.exe (file missing)
Reply With Quote

[Jintan]

Howdy again jvargus,


Looks like when Anthony10 was unavailable in your last thread myself or others missed you had responded. Truth is jvargus this system is not a working model for internet use. It remains heavily infected, and is only getting worse and worse as time goes by. XP cannot be run without both SP2 and seriously necessary security patches, and your system is an example of why. Although I personally prefer the challenge of assisting with such heavily infected computers, in truth this system has never quite achieved normal status through our forum's assistance, and is not likely to ever get there. You need to offload data you wish to save and reinstall XP (adding SP2 and all updates), in order to get a fresh and more secure start of things.

[Jintan]

I really do need to add that those Hosts changes there indicate any secure transactions you have done with this system can be assumed compromised, so any banking information or passwords have likely been passed along to other computers for illegal use. You will want to act on that by making any secure site access changes and contacting any credit card/bank companies with whom you have done online business to alert them to the possible compromises.

[jvargus]

hey tom,

i will have to do that. thanks a lot for the help

[Jintan]

Truly the right choice - I wouldn't suggest it unless I would make the same choice for my own system.