[xldiva]

Help this is the log because I read some other thread I am having an issue with ngnix I need help my computer is not performing right please help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:32:42 PM, on 4/28/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Common Files\Motive

\McciContextHookShim.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier

\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\linda\AppData\Roaming\Smilebox\SmileboxTray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera

Application\TWebCamera.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility

\TSleepSrv.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Research In Motion\USB

Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Common Files\Java\Java Update

\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\linda\AppData\Local\Temp\IswTmp\DwlRun

\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search

Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page

= http://search.conduit.com?SearchSour...ctid=CT2260173
R1 - HKLM\Software\Microsoft\Internet Explorer

\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search

Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer

\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer

\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page

= C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer

\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {91da5e8a-3318-4f8c-

b67e-5964de3ab546} - (no file)
R3 - URLSearchHook: Swag Bucks Toolbar - {8bdea9d6-6f62-

45eb-8ee9-8a81af0d2f94} - C:\Program Files

(x86)\Swag_Bucks\prxtbSwa0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596

-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe

\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-

2D53-2644-206D7942484F} - C:

\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: ShopAtHome.com Toolbar - {66516A07-F617-

488A-90CF-4E690CFB3C5F} - C:\Program Files

(x86)\ShopAtHome\tbcore3U.dll
O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-

4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb

\adawareDx.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-

0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files

\CheckPoint\ZAForceField\WOW64\TrustChecker\bin

\TrustCheckerIEPlugin.dll
O2 - BHO: Swag Bucks - {8bdea9d6-6f62-45eb-8ee9-

8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks

\prxtbSwa0.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-

4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-

8333-CF10577473F7} - C:\Program Files (x86)\Google\Google

Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445

-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java

\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-

EFFA-4d78-B409-54B7B2535B14} - C:\Program Files

(x86)\TOSHIBA\TOSHIBA Media Controller Plug-in

\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-

8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks

\prxtbSwa0.dll
O3 - Toolbar: ShopAtHome.com Toolbar - {311B58DC-A4DC-

4B04-B1B5-60299AD3D803} - C:\Program Files

(x86)\ShopAtHome\tbcore3U.dll
O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-

4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb

\adawareDx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18

-009027A5CD4F} - C:\Program Files (x86)\Google\Google

Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-

4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint

\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA

\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA

\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files

(x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files

(x86)\TOSHIBA\TOSHIBA Service Station

\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files

(x86)\TOSHIBA\TOSHIBA Web Camera Application

\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA

\TOSHIBA Sleep Utility\TSleepSrv.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program

Files (x86)\Toshiba\Toshiba Online Backup\Activation

\TOBuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files

(x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG

\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files

(x86)\Common Files\Research In Motion\USB Drivers

\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files

(x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files

(x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:

\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program

Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files

(x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google

\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files

(x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SmileboxTray] "C:\Users\linda\AppData

\Roaming\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files

(x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files

(x86)\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7

-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live

\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program

Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200

-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy

Configuration - {DFB852A3-47F8-48C4-A200-

58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated

graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444552440000}

-

http://fpdownload2.macromedia.com/ge.../cabs/flash/sw

flash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-

FBDDE494F8D1} - C:\Program Files (x86)\AVG

\AVG2012\avgpp.dll
O23 - Service: Adobe Flash Player Update Service

(AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:

\windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5

(AdvancedSystemCareService5) - IObit - C:\Program Files

(x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) -

Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:

\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ,

s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) -

Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) -

Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) -

Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:

\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console

\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google

Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) -

Google Inc. - C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:

\Program Files (x86)\Google\Common\Google Updater

\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit

Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service

\IntuitUpdateService.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check

Point Software Technologies - C:\Program Files\CheckPoint

\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:

\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local

Management Service (LMS) - Intel Corporation - C:\Program Files

(x86)\Intel\Intel(R) Management Engine Components\LMS

\LMS.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files

(x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program

Files\Common Files\Motive\McciCMService.exe
O23 - Service: McciServiceHost - Alcatel-Lucent - C:\Program

Files (x86)\Common Files\Motive\McciServiceHost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner -

C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) -

Unknown owner - C:\Program Files\Intel\WiFi\bin

\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102

(Netlogon) - Unknown owner - C:\windows\system32\lsass.exe

(file missing)
O23 - Service: Toshiba Laptop Checkup Application Launcher

(Norton PC Checkup Application Launcher) - Symantec

Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine

\2.0.3.198\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr)

- Symantec Corporation - C:\Program Files (x86)\Norton PC

Checkup\Engine\2.0.3.198\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300

(ProtectedStorage) - Unknown owner - C:\windows

\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc)

- Intel(R) Corporation - C:\Program Files\Common Files\Intel

\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2

(RpcLocator) - Unknown owner - C:\windows

\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) -

Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3

(SNMPTRAP) - Unknown owner - C:\windows

\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler)

- Unknown owner - C:\windows\System32\spoolsv.exe (file

missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101

(sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file

missing)
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown

owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program

Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) -

Unknown owner - C:\Windows\system32\TODDSrv.exe (file

missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA

Corporation - C:\Program Files\TOSHIBA\Power Saver

\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA

Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA

Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD

Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation -

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101

(UI0Detect) - Unknown owner - C:\windows

\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User

Notification Service (UNS) - Intel Corporation - C:\Program Files

(x86)\Intel\Intel(R) Management Engine Components\UNS

\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003

(VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe

(file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) -

Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point

Software Technologies LTD - C:\Program Files (x86)\CheckPoint

\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) -

Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601

[Scolabar]

Hi xldiva,

Firstly, welcome to the TSG - Virus & Other Malware Removal Forum.
My name is Scolabar, and I'll be helping you with your malware problems.
Secondly, apologies for the delay in responding to your request for help.
Logs can take a while to research, so please be patient.
If you no longer require help I would be grateful if you would let me know.

Please note the following important guidelines before proceeding:

1. The instructions that will be provided are for YOUR computer and system only!
   Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
2. If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
3. Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
4. Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
   Absence of symptoms does not necessarily mean that everything is clear.
5. DO NOT run any other fix or removal tools unless instructed to do so!
6. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
7. Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Please Note: If you haven't done so already, please read this topic Everyone MUST read this BEFORE posting for help in this forum where the conditions for receiving help here are explained.

Windows 7 Advice:
Please Note: The programs I ask you to use will need to be run in Administrator Mode.
In order to do this Right-click on the program file and select the Run as Administrator option.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
If prompted, please click on the Allow button.
Reference: User Account Control (UAC) and Running as Administrator

Quote:

Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.

• Backup Your Data - Windows 7

If you follow these guidelines, things should proceed smoothly.
I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.

Scolabar

[Scolabar]

Hi xldiva,

Thank you again for your patience.

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before proceeding please make sure any open programs are closed.

Step 1:
Notepad - Disable Word Wrap

In order to make the reports I request more readable, please make sure the Word Wrap option is turned off in Notepad as follows:

1. Select Start > All Programs > Accessories > Notepad.
2. Under the Format menu, make sure the Word Wrap option is Unchecked.
3. Then close Notepad.

Step 2:
DDS

1. Please download DDS by sUBs. Save it to your Desktop.
   Alternate download link: Here
2. Right-click on the DDS tool and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
3. A black screen will open. Read the contents but do nothing.
4. When DDS finishes Notepad will open two reports ... DDS.txt and Attach.txt.
   Ignore the comments about zipping/attaching any of the report files.
   The two report files are not saved anywhere. If you close Notepad before copying and pasting the contents, you will need to run DDS again.
5. Copy and Paste the contents of the DDS.txt file into your next reply.
6. Also Attach the Attach.txt file to your post.

Step 3:
Security Check

1. Please download Security Check by screen317 and Save it to your Desktop.
   Alternate download site: Link 2
2. Right-click on SecurityCheck.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
3. Press the Space Bar when you see the Press any key to continue... message.
   Please Note: This scan will take a short while to complete, so please be patient.
4. When the scan has completed, a Notepad file will automatically open called checkup.txt.
5. Save the file checkup.txt to your Desktop.
   Please Note: This output file is NOT automatically saved!
6. Then Copy and Paste the entire contents of the checkup.txt file into your next reply.

Step 4:
TDSSKiller - Scan

1. Please download TDSSKiller.exe by Kaspersky and save it to your Desktop. <-- Important!!!
2. Right-click on TDSSKiller.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
   If TDSSKiller does not run, try renaming the program file. Right-click on TDSSKiller.exe, select the Rename option and give the program a random name with the .com file extension (i.e. ektfhtw.com).
   If you cannot see file extensions, please refer to: How to change the file extension.
3. Click the Start Scan button. Do not use the computer during the scan!
4. When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
5. Now click on Report to open the log file created by TDSSKiller.
6. The log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt is created and saved to the root directory. (Usually C: drive).
7. Copy and Paste the entire contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt file into your next reply.

PLEASE DO NOT TRY TO FIX ANYTHING AT THIS STAGE.

Step 5:
Include in Next Post

1. Did you have any problems carrying out the instructions?
2. DDS.txt.
3. Attachment Required:
   • Attach.txt.
4. checkup.txt.
5. TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt.
6. Do you have the original Windows installation media for your PC?

Scolabar