Virus Help

Anyone see a virus here? I posted this in an antivirus forum by they don't have many users so it is taking a long time for a response.

This is my log from HijackThis and I don't want to delete anything because I'm not sure what all this is. Hopefully one of you can find it for me...

thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10621 PM, on 5/18/2009
Platform Windows Vista SP1 (WinNT 6.00.1905)
MSIE Internet Explorer v7.00 (7.00.6001.18226)
Boot mode Normal

Running processes
C\Windows\system32\taskeng.exe
C\Windows\system32\Dwm.exe
C\Windows\Explorer.EXE
C\Windows\System32\igfxtray.exe
C\Windows\System32\hkcmd.exe
C\Windows\System32\igfxpers.exe
C\Windows\RtHDVCpl.exe
C\Program Files\Toshiba\Power Saver\TPwrMain.exe
C\Program Files\Toshiba\SmoothView\SmoothView.exe
C\Program Files\Windows Defender\MSASCui.exe
C\Program Files\Synaptics\SynTP\SynTPEnh.exe
C\Program Files\Toshiba\ConfigFree\NDSTray.exe
C\Windows\system32\igfxsrvc.exe
C\Program Files\Toshiba\FlashCards\TCrdMain.exe
C\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C\Program Files\iTunes\iTunesHelper.exe
C\Windows\ehome\ehtray.exe
C\Program Files\AIM6\aim6.exe
C\Windows\System32\setup2.exe
C\Program Files\Sophos\AutoUpdate\ALMon.exe
C\Program Files\SafeConnect\scClient.exe
C\Windows\ehome\ehmsas.exe
C\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C\Program Files\AIM6\aolsoftware.exe
C\Program Files\Mozilla Firefox\firefox.exe
C\Program Files\Synaptics\SynTP\SynTPHelper.exe
C\Program Files\Sophos\Sophos Anti-Virus\SavMain.exe
C\Program Files\Sophos\Sophos Anti-Virus\SavProgress.exe
C\Windows\System32\mobsync.exe
C\Users\Zachary\Desktop\FIX\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http//www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http//go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http//www.daemon-search.com/startpage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http//www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http//go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http//go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http//go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = li.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C\Program Files\AIM Toolbar\aimtb.dll (file missing)
O1 - Hosts 1 localhost
O2 - BHO Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO PPVADownloader - {A986E409-30CC-4185-89BB-AB212C104524} - C\Program Files\PPLiveVA\DownloaderManager.dll
O4 - HKLM\..\Run [IgfxTray] C\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run [HotKeysCmds] C\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run [Persistence] C\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run [SynTPEnh] C\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run [00TCrdMain] C\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run [Adobe Reader Speed Launcher] "C\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run [GrooveMonitor] "C\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run [Camera Assistant Software] "C\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run [AppleSyncNotifier] C\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run [QuickTime Task] "C\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run [iTunesHelper] "C\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run [ehTray.exe] C\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run [Aim6] "C\Program Files\AIM6\aim6.exe" /d locale=en-US ee//aol/imApp
O4 - HKCU\..\Run [PPLiveVA] C\Program Files\PPLiveVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0
O4 - HKCU\..\Run [setup2.exe] C\Windows\System32\setup2.exe
O4 - HKUS\S-1-5-19\..\Run [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup AutoUpdate Monitor.lnk = C\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup SafeConnect.lnk = ?
O8 - Extra context menu item &AIM Toolbar Search - C\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item E&xport to Microsoft Excel - res//C\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C\Program Files\AIM Toolbar\aimtb.dll (file missing)
O9 - Extra button Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C\Program Files\PPLive\PPLive.exe
O9 - Extra 'Tools' menuitem PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C\Program Files\PPLive\PPLive.exe
O9 - Extra button (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix
O18 - Protocol grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C\Windows\system32\agrsmsvc.exe
O23 - Service Apple Mobile Device - Apple Inc. - C\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service Bonjour Service - Apple Inc. - C\Program Files\Bonjour\mDNSResponder.exe
O23 - Service Capture Device Service - InterVideo Inc. - C\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service ConfigFree Service - TOSHIBA CORPORATION - C\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service FLEXnet Licensing Service - Macrovision Europe Ltd. - C\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service GameConsoleService - WildTangent, Inc. - C\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service iPod Service - Apple Inc. - C\Program Files\iPod\bin\iPodService.exe
O23 - Service LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service Nero BackItUp Scheduler 3 - Nero AG - C\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service NMIndexingService - Nero AG - C\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service pinger - Unknown owner - C\Toshiba\IVP\ISM\pinger.exe
O23 - Service PLFlash DeviceIoControl Service - Prolific Technology Inc. - C\Windows\system32\IoCtlSvc.exe
O23 - Service Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service Sophos Anti-Virus (SAVService) - Sophos Plc - C\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service SafeConnect Manager (SCManager) - Unknown owner - C\Program Files\SafeConnect\scManager.sys servicestart (file missing)
O23 - Service Sophos Agent - Sophos Plc - C\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service Sophos AutoUpdate Service - Sophos Plc - C\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service Sophos Message Router - Sophos Plc - C\Program Files\Sophos\Remote Management System\RouterNT.exe
O23 - Service Swupdtmr - Unknown owner - c\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C\Windows\system32\TODDSrv.exe
O23 - Service TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service TOSHIBA SMART Log Service - TOSHIBA Corporation - C\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service Viewpoint Manager Service - Viewpoint Corporation - C\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11626 bytes

Try running a scan with malwarebytes anti-malware

Did that already and malwarebytesam removed like 7 things but the problem still persists.

BTW, the virus is winbluesoft.

what is the virus doing?

[quotee1b45369a6="manOFice"]what is the virus doing?[/quotee1b45369a6]

Instead of explaining it myself, I took it from another forum

http//www.bleepingcomputer.com/forums/topic227529.html

It makes two pop-ups come from each side of screen saying i have worms and trojans (spelled "troyan" sometimes in popup) and spyware, redirects my URL, my security alert says virus protection is OFF but when I go to it from control panel, it says its ON, says many URLs I try to go to are "Broken Links", and who knows what else its doing. Sorry if I didn't post in right place, hope I did, but I have Windows XP professional, i downloaded Hijackthis (after several attempts due to URL redirecting) and here is the log it gave me, oh and it says my computer is low on memory (another popup) Please help!, and thank you very much!!!!!!!!!!! in advance for helping me.

Also, it makes my computer run slow at times.

http//i123.photobucket.com/albums/o319/zr2152/th_Untitled.jpg[" alt=""/imge1b45369a6][=http//s123.photobucket.com/albums/o319/zr2152/?action=view&current=Untitled.jpg][img="e1b45369a6]http//i123.photobucket.com/albums/o319/zr2152/th_Untitled.jpg[" alt=""/imge1b45369a6][/url]

http//www.hijackthis.de/

use this

just paste it in there and it will tell you what's flag and what isn't.

i use it and it works quite well.

give it a try. it's instant too

[quote8fbc5cc1cf="akalic"]http//www.hijackthis.de/

use this

just paste it in there and it will tell you what's flag and what isn't.

i use it and it works quite well.

give it a try. it's instant too[/quote8fbc5cc1cf]
Wow, dude. That site's amazing! )

[quotefce9cc8623="TFOAF"][quotefce9cc8623="akalic"]http//www.hijackthis.de/

use this

just paste it in there and it will tell you what's flag and what isn't.

i use it and it works quite well.

give it a try. it's instant too[/quotefce9cc8623]
Wow, dude. That site's amazing! )[/quotefce9cc8623]

Not at home so I can't use it right now but from FOAFs reaction, it seems like it is awesome!

Thanks!

[quote1b059a87a1="akalic"]http//www.hijackthis.de/

use this

just paste it in there and it will tell you what's flag and what isn't.

i use it and it works quite well.

give it a try. it's instant too[/quote1b059a87a1]

fucking right akalic...thanks a ton dude.

+k.

YOU DA MAN.


BTW, it was this

O4 - HKCU\..\Run [setup2.exe] C\Windows\System32\setup2.exe

It said when it has the same name, it's most likely a trojan. )