Internet real slow and unable to update some anti virus programmes

Been asked to post a HJ log as the other forum couldnt help.. http://www.bleepingcomputer.com/forums/topic238096-15.html


DDS (Ver_09-06-26.01) - NTFSx86
Run by Emma Jones at 18:17:58.40 on 15/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.511.277 [GMT 1:00]

AV: AVG Anti-Virus Network Edition *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Windows Defender\MsMpEng.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\T-Mobile\web'n'walk stick manager\web'n'walk stick manager.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Emma Jones\Local Settings\Temporary Internet Files\Content.IE5\IDM9YGV2\dds[1].scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [TOSCDSPD] "c:\program files\toshiba\toscdspd\toscdspd.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Mobile Partner] "c:\program files\t-mobile\web'n'walk stick manager\web'n'walk stick manager.exe"
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [NVRotateSysTray] "rundll32.exe" c:\windows\system32\nvsysrot.dll,Enable
mRun: [SoundMAXPnP] "c:\program files\analog devices\soundmax\SMax4PNP.exe"
mRun: [DpUtil] "c:\program files\toshiba\dualpointutility\TEDTray.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"
mRun: [TFNF5] TFNF5.exe
mRun: [SmoothView] "c:\program files\toshiba\toshiba zooming utility\SmoothView.exe"
mRun: [TPSMain] TPSMain.exe
mRun: [TMESRV.EXE] "c:\program files\toshiba\tme3\TMESRV31.EXE" /Logon
mRun: [TMERzCtl.EXE] "c:\program files\toshiba\tme3\TMERzCtl.EXE" /Service
mRun: [TMESBS.EXE] "c:\program files\toshiba\tme3\TMESBS32.EXE" /Client
mRun: [TAudEffect] "c:\program files\toshiba\taudeffect\TAudEff.exe" /run
mRun: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {B1215A39-EAB5-459B-BE9E-1B9F9DDB30B7} = 149.254.192.126 149.254.201.126
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: c:\windows\system32\cssdll32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\emmajo~1\applic~1\mozilla\firefox\profiles\ystm7wfg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-7-11 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-11 325896]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-11 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-11 108552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-6-20 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-6-20 24336]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.SYS [2004-10-4 5888]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-11 298776]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-6-20 700152]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-3 55152]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-7-8 195856]
R2 Tmesbs;Tmesbs32;c:\program files\toshiba\tme3\TMESBS32.EXE [2004-10-4 77824]
R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.EXE [2004-10-4 126976]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2009-5-21 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-7-8 19096]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2004-10-4 28416]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 CAM1690;USB PC Camera ;c:\windows\system32\drivers\cam1690.sys [2007-9-20 177280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\sasenum.sys --> c:\program files\superantispyware\SASENUM.SYS [?]
S4 BOCore;BOCore; [x]

=============== Created Last 30 ================

2009-07-13 18:16 <DIR> --d----- C:\RootRepeal
2009-07-11 17:16 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-11 15:36 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-07-11 15:36 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-11 15:36 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-11 15:36 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-11 15:35 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-11 15:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-07-11 08:45 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-07-11 08:43 <DIR> --d----- c:\windows\ERUNT
2009-07-09 19:55 <DIR> --d----- C:\SDFix
2009-07-08 17:40 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-08 17:39 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-08 17:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-06 17:34 101,120 a----r-- c:\windows\system32\drivers\ewusbmdm.sys
2009-07-06 17:34 24,448 a----r-- c:\windows\system32\drivers\ewdcsc.sys
2009-06-29 18:07 <DIR> --d----- c:\documents and settings\emma jones\DoctorWeb
2009-06-28 16:46 18,944 ac------ c:\windows\system32\dllcache\simptcp.dll
2009-06-28 16:46 18,944 a------- c:\windows\system32\simptcp.dll
2009-06-26 17:44 <DIR> -cd-h--- c:\windows\ie8
2009-06-25 20:49 <DIR> --d----- c:\program files\CCleaner
2009-06-25 20:36 46,456 a----r-- c:\windows\system32\exitwx.exe
2009-06-24 21:38 23,552 ac------ c:\windows\system32\dllcache\atixbar.sys
2009-06-24 21:37 96,128 ac------ c:\windows\system32\dllcache\ati.dll
2009-06-24 21:36 24,576 ac------ c:\windows\system32\dllcache\agcgauge.ax
2009-06-24 21:35 689,216 ac------ c:\windows\system32\dllcache\3dfxvs.dll
2009-06-24 21:35 762,780 ac------ c:\windows\system32\dllcache\3cwmcru.sys
2009-06-24 21:35 11,264 ac------ c:\windows\system32\dllcache\1394vdbg.sys
2009-06-24 21:34 7,168 ac------ c:\windows\system32\dllcache\wamregps.dll
2009-06-24 21:33 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-06-24 21:32 19,968 ac------ c:\windows\system32\dllcache\inetsloc.dll
2009-06-24 21:32 7,680 ac------ c:\windows\system32\dllcache\inetmgr.exe
2009-06-24 21:32 169,984 ac------ c:\windows\system32\dllcache\iisui.dll
2009-06-24 21:32 5,632 ac------ c:\windows\system32\dllcache\iisrstap.dll
2009-06-24 21:32 14,336 ac------ c:\windows\system32\dllcache\iisreset.exe
2009-06-24 21:32 6,144 ac------ c:\windows\system32\dllcache\ftpsapi2.dll
2009-06-24 21:32 94,720 ac------ c:\windows\system32\dllcache\certmap.ocx
2009-06-24 19:58 16 a------- C:\chdir.bat
2009-06-24 19:02 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-06-22 19:34 134 a------- c:\windows\rootkitno.ini
2009-06-22 18:25 2 a--shrot c:\windows\winstart.bat
2009-06-20 19:30 <DIR> --d----- c:\program files\AVG
2009-06-20 18:55 0 a------- C:\WindowsLiveMessenger-uccapi-0.uccapilog
2009-06-20 18:34 <DIR> --d----- c:\windows\ie8updates
2009-06-20 18:28 <DIR> --d----- c:\documents and settings\emma jones\Interactive
2009-06-20 18:28 <DIR> --d----- c:\documents and settings\emma jones\log
2009-06-20 16:08 253,688 a------- c:\windows\system32\cssdll32.dll
2009-06-20 16:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-06-20 16:07 110,992 a------- c:\windows\system32\drivers\cmdguard.sys
2009-06-20 16:07 24,336 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-06-20 16:07 <DIR> --d----- c:\program files\COMODO
2009-06-20 15:53 <DIR> --d----- C:\Installer
2009-06-20 00:22 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-20 00:22 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll

==================== Find3M ====================

2009-06-20 22:08 69,664 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-06-20 22:08 7,604 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-06-20 22:08 2,338,848 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-06-20 22:08 28,484 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-06-08 08:10 155,136 a------- c:\windows\PEV.exe
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 13:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-03-07 15:05 47,360 a------- c:\docume~1\emmajo~1\applic~1\pcouffin.sys
2008-09-15 06:42 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080916\index.dat

============= FINISH: 18:19:04.15 ===============

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explaination about the tool. No input is needed, the scan is running.
• Notepad will open with the results.
• Follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please send me a Private message to reopen this topic within the next 5 days. Beyond that point, please start a new topic.

Orange Blossom