Piriform Community Forums > IE Google Redirect HJT Log.

Full Version: IE Google Redirect HJT Log.

Piriform Community Forums > Computer Help and Discussion > Spyware Hell

chuzie

Feb 25 2007, 02:51 PM

Ran Ad-aware and spybot and norton AV all with updated defs and reset computer to run HJT. results posted below. input appreciated.

thx.

Logfile of HijackThis v1.99.1
Scan saved at 8:50:29 AM, on 2/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\ActivCard\acachsrv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\acautoup.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\msdtc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\EzButton\CplBTQ00.EXE
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Toshiba Controls\CpRmtKey.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\kernelex5.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CplBTQ00] C:\Program Files\EzButton\CplBTQ00.EXE
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CpRmtKey] "C:\Program Files\Toshiba Controls\CpRmtKey.EXE"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [acEventServ] "C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SvcManager] kernelex5.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: ActivCard Gold Smart Card Agent.lnk = C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c3/v14.204/qboax8.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A692311-79D6-4D2B-9FEB-344478925564}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AB14B93-6315-4358-B36B-1974FBC72259}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C718C10-8F32-435A-A319-28EDD00DF7D7}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0693A97-6682-43B2-B4AD-FC030D91FBF3}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCABC3A2-447A-4E71-BCC3-551625AF61B9}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{E049DF91-1C0C-4E12-9DD4-35B1B548FF5A}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A692311-79D6-4D2B-9FEB-344478925564}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191
O17 - HKLM\System\CS3\Services\Tcpip\..\{0A692311-79D6-4D2B-9FEB-344478925564}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191
O20 - Winlogon Notify: acAuth - C:\WINDOWS\SYSTEM32\acauth.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ActivCard Authentication Service (ACachSrv) - ActivCard - C:\Program Files\Common Files\ActivCard\acachsrv.exe
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Auto-Update Service (acautoupdate) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoup.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

rridgely

Feb 25 2007, 03:16 PM

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt) back into this thread.
-----------

Open hijackthis and do a scan. Check off the following entries:

O17 - HKLM\System\CCS\Services\Tcpip\..\{0A692311-79D6-4D2B-9FEB-344478925564}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AB14B93-6315-4358-B36B-1974FBC72259}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C718C10-8F32-435A-A319-28EDD00DF7D7}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0693A97-6682-43B2-B4AD-FC030D91FBF3}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCABC3A2-447A-4E71-BCC3-551625AF61B9}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\..\{E049DF91-1C0C-4E12-9DD4-35B1B548FF5A}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A692311-79D6-4D2B-9FEB-344478925564}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191
O17 - HKLM\System\CS3\Services\Tcpip\..\{0A692311-79D6-4D2B-9FEB-344478925564}: NameServer = 85.255.115.82,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.82 85.255.112.191

Now press "fix checked" and then exit hijackthis.

--------

Come back and post a new hijackthis log and the wareout fix log.

chuzie

Feb 25 2007, 04:06 PM

Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdkoa.exe"

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.

Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"CeEPOWER"="C:\\Program Files\\TOSHIBA\\Power Management\\CePMTray.exe"
"CeEKEY"="C:\\Program Files\\TOSHIBA\\E-KEY\\CeEKey.exe"
"CplBTQ00"="C:\\Program Files\\EzButton\\CplBTQ00.EXE"
"TPNF"="C:\\Program Files\\TOSHIBA\\TouchPad\\TPTray.exe"
"CpRmtKey"="\"C:\\Program Files\\Toshiba Controls\\CpRmtKey.EXE\""
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"Pinger"="c:\\toshiba\\ivp\\ism\\pinger.exe /run"
"IVPServiceMgr"="C:\\toshiba\\ivp\\ism\\ivpsvmgr.exe"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"masqform.exe"="C:\\Program Files\\PureEdge\\Viewer 6.0\\masqform.exe -UpdateCurrentUser"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"MsmqIntCert"="regsvr32 /s mqrt.dll"
"acEventServ"="\"C:\\Program Files\\ActivCard\\ActivCard Gold\\acevtsrv.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
"HPHmon04"="C:\\WINDOWS\\system32\\hphmon04.exe"
"HPHUPD04"="\"C:\\Program Files\\HP Photosmart 11\\hphinstall\\UniPatch\\hphupd04.exe\""
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
"SvcManager"="kernelex5.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

-----------------------------*************************----------------------------------***************************_____________

Logfile of HijackThis v1.99.1
Scan saved at 10:05:55 AM, on 2/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acachsrv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\acautoup.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\EzButton\CplBTQ00.EXE
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Toshiba Controls\CpRmtKey.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\kernelex5.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CplBTQ00] C:\Program Files\EzButton\CplBTQ00.EXE
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CpRmtKey] "C:\Program Files\Toshiba Controls\CpRmtKey.EXE"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [acEventServ] "C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SvcManager] kernelex5.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: ActivCard Gold Smart Card Agent.lnk = C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c3/v14.204/qboax8.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O20 - Winlogon Notify: acAuth - C:\WINDOWS\SYSTEM32\acauth.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ActivCard Authentication Service (ACachSrv) - ActivCard - C:\Program Files\Common Files\ActivCard\acachsrv.exe
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Auto-Update Service (acautoupdate) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoup.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

chuzie

Feb 25 2007, 08:35 PM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:19:27 AM 2/25/2007

+ Scan result:

:mozilla.239:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.105:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.142:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.206:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.31:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.33:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.34:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.35:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.36:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.387:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.401:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.40:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.44:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.45:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.539:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.592:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mikey\Cookies\mikey@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.245:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.246:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.879:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.880:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.100:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.101:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.102:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.103:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.104:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.908:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.290:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.291:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.292:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.909:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.92:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.93:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.82:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.854:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Dbbsrv : Cleaned.
:mozilla.84:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.338:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.339:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.340:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.341:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.342:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.343:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.344:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.345:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.346:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.247:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.248:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.249:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.169:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.170:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.927:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.928:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.929:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.930:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.931:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.932:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.933:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.198:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.199:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.200:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.567:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.559:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.560:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.561:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.883:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.884:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.885:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.886:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.887:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.888:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.88:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.89:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.90:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.91:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\mikey\Cookies\mikey@sec1.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.27:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.507:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.523:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.524:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.525:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.526:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.527:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.540:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.541:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\mikey\Cookies\mikey@network.realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.220:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.221:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.222:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.223:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.891:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.892:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.250:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.251:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.252:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.262:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.633:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.634:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.635:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.845:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.846:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.651:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.26:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.853:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.682:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.836:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.840:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.841:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.842:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.225:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.226:C:\Documents and Settings\mikey\Application Data\Mozilla\Firefox\Profiles7v2mp5p.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

::Report end

rridgely

Feb 25 2007, 09:33 PM

Please only follow instructions from me. (sorry not trying to be rude, you didn't know)
I'll review your log shortly, I have to take care of something first.

rridgely

Feb 25 2007, 09:41 PM

Alright, we still have some work to do.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

----------

Run Kaspersky WebScanner[list]
Please go HERE and click Kaspersky Online Scanner
Read and Accept the Agreement
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
If you see a Windows dialog asking if you want to install this software, click the Install button.
The program will launch and then begin downloading the latest definition files,
When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
Under "Please select a target to scan:", click My Computer to start the scan.
When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
Paste kaspersky log onto forum.

----------

Post the drweb log, a kaspersky log, and a new hijackthis log.

chuzie

Mar 3 2007, 05:41 PM

Thanks again for the assist.

Did you see anything that I did that I shouldn't have done that could be adverse? Just want to make sure that my acting in haste did not set me back.

Here is the log from dr web.

How do you know what to look for in the HJT this logs? Is it a skill you pick up or is there a list of know violators to looks for?

-----------------------------------------------------------------------------

[Scan path] C:\
C:\hiberfil.sys - read error
C:\Documents and Settings\LocalService\NTUSER.DAT - read error
C:\Documents and Settings\LocalService\NTUSER~1.LOG - read error
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\mikey\NTUSER.DAT - read error
C:\Documents and Settings\mikey\NTUSER~1.LOG - read error
C:\Documents and Settings\mikey\Desktop\SmitfraudFix\SmitfraudFix\Process.exe is hacktool program Tool.Prockill
C:\Documents and Settings\mikey\Desktop\SmitfraudFix\SmitfraudFix\restart.exe is hacktool program Tool.ShutDown.11
C:\Documents and Settings\mikey\Local Settings\Application Data\Ahead\Nero Home\BLAF65~1.DB- - read error
C:\Documents and Settings\mikey\Local Settings\Application Data\Ahead\Nero Home\IS2~1.DB- - read error
C:\Documents and Settings\mikey\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\mikey\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\mikey\Local Settings\Temp\~DFFB8F.tmp - read error
C:\Documents and Settings\mikey\My Documents\My Videos\C17.MSWMM - read error
C:\Documents and Settings\mikey\My Documents\My Videos\ivThumbs.db - read error
C:\Documents and Settings\mikey\My Documents\My Videos\DVD_RTAV\VrCopy.ifo - read error
C:\Documents and Settings\mikey\My Documents\My Videos\DVD_RTAV\VR_MANGR.BUP - read error
C:\Documents and Settings\mikey\My Documents\My Videos\DVD_RTAV\VR_MANGR.IFO - read error
C:\Documents and Settings\mikey\My Documents\My Videos\DVD_RTAV\VR_MOVIE.VRO - read error
C:\Documents and Settings\mikey\My Documents\My Videos\IVI_DVD\VIDEO_TS\VIDEO_TS.BUP - read error
C:\Documents and Settings\mikey\My Documents\My Videos\IVI_DVD\VIDEO_TS\VIDEO_TS.IFO - read error
C:\Documents and Settings\mikey\My Documents\My Videos\IVI_DVD\VIDEO_TS\VTS_01_0.BUP - read error
C:\Documents and Settings\mikey\My Documents\My Videos\IVI_DVD\VIDEO_TS\VTS_01_0.IFO - read error
C:\Documents and Settings\mikey\My Documents\My Videos\IVI_DVD\VIDEO_TS\VTS_01_1.VOB - read error
C:\Documents and Settings\mikey\My Documents\My Videos\other\Windows Movie Maker 2 Sample File.WMV - read error
C:\Documents and Settings\mikey\My Documents\My Videos\PalmOne Videos\palm\Internal\Video_060705_001.3g2 - read error
C:\Documents and Settings\mikey\My Documents\My Videos\PalmOne Videos\palm\Internal\Video_060805_001.3g2 - read error
C:\Documents and Settings\mikey\My Documents\My Videos\PalmOne Videos\palm\Internal\Video_060805_003.3g2 - read error
C:\Documents and Settings\mikey\My Documents\My Videos\PalmOne Videos\palm\Internal\Video_060805_004.3g2 - read error
C:\Documents and Settings\mikey\My Documents\My Videos\PalmOne Videos\palm\Internal\Video_060805_006.3g2 - read error
C:\Documents and Settings\mikey\My Documents\My Videos\PalmOne Videos\palm\Internal\Video_060805_007.3g2 - read error
C:\Documents and Settings\mikey\My Documents\My Videos\PalmOne Videos\palm\Internal\Video_060805_008.3g2 - read error
C:\Documents and Settings\mikey\My Documents\My Videos\PalmOne Videos\palm\Internal\Video_060805_009.3g2 - read error
C:\Documents and Settings\mikey\My Documents\My Videos\PalmOne Videos\palm\Internal\Video_060805_010.3g2 - read error
C:\Documents and Settings\mikey\My Documents\My Videos\PalmOne Videos\palm\Internal\Video_061505_001.3g2 - read error
C:\Documents and Settings\mikey\My Documents\My Videos\PalmOne Videos\palm\Internal\Video_061505_001[1].3g2 - read error
C:\Documents and Settings\mikey\My Documents\My Videos\PalmOne Videos\palm\Internal\Video_062005_001.3g2 - read error
C:\Documents and Settings\mikey\My Documents\My Videos\PalmOne Videos\palm\Internal\Video_071605_001.3g2 - read error
C:\Documents and Settings\mikey\My Documents\My Videos\PalmOne Videos\palm\Internal\Video_071605_002.3g2 - read error
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
>C:\Documents and Settings\nicole\Local Settings\Temporary Internet Files\Content.IE5\ST8VKFKF\index2[1].htm\JavaScript.2 infected with Exploit.IFrame
C:\Documents and Settings\nicole\Local Settings\Temporary Internet Files\Content.IE5\ST8VKFKF\index2[1].htm - archive contains infected objects - moved
C:\Inetpub\catalog.wci\CiCL0001.000 - read error
C:\Inetpub\catalog.wci\CiP10000.000 - read error
C:\Inetpub\catalog.wci\CiP20000.000 - read error
C:\Inetpub\catalog.wci\CiPT0000.000 - read error
C:\Inetpub\catalog.wci\CiSL0001.000 - read error
C:\Inetpub\catalog.wci\CiSP0000.000 - read error
C:\Inetpub\catalog.wci\CiST0000.000 - read error
C:\Inetpub\catalog.wci\CiVP0000.000 - read error
C:\Inetpub\catalog.wci\INDEX.000 - read error
>C:\Program Files\Microsoft Games\Flight Simulator 9\flt1prsh.dll>C:\Project Sierra Hotel\flt1prsh.dllC:\System Volume Information\catalog.wci\CiCL0001.000 - read error
C:\System Volume Information\catalog.wci\CiP10000.000 - read error
C:\System Volume Information\catalog.wci\CiP20000.000 - read error
C:\System Volume Information\catalog.wci\CiPT0000.000 - read error
C:\System Volume Information\catalog.wci\CiSL0001.000 - read error
C:\System Volume Information\catalog.wci\CiSP0000.000 - read error
C:\System Volume Information\catalog.wci\CiST0000.000 - read error
C:\System Volume Information\catalog.wci\CiVP0000.000 - read error
C:\System Volume Information\catalog.wci\INDEX.000 - read error
C:\WINDOWS\system32\CatRoot2\edb.log - read error
C:\WINDOWS\system32\CatRoot2\tmp.edb - read error
C:\WINDOWS\system32\config\default - read error
C:\WINDOWS\system32\config\default.LOG - read error
C:\WINDOWS\system32\config\SAM - read error
C:\WINDOWS\system32\config\SAM.LOG - read error
C:\WINDOWS\system32\config\SECURITY - read error
C:\WINDOWS\system32\config\SECURITY.LOG - read error
C:\WINDOWS\system32\config\software - read error
C:\WINDOWS\system32\config\software.LOG - read error
C:\WINDOWS\system32\config\system - read error
C:\WINDOWS\system32\config\system.LOG - read error
C:\WINDOWS\system32\drivers\sptd.sys - read error
C:\WINDOWS\temp\PERFLI~3.DAT - read error

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 253915
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 2
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 1
Objects ignored: 0
Scan speed: 70 Kb/s
Scan time: 10:27:00
-----------------------------------------------------------------------------

C:\Documents and Settings\mikey\Desktop\SmitfraudFix\SmitfraudFix\Process.exe - incurable - deleted
C:\Documents and Settings\mikey\Desktop\SmitfraudFix\SmitfraudFix\restart.exe - incurable - deleted

CUREIT LOG...
=============================================================================
Total session statistics
=============================================================================
Objects scanned: 254329
Infected objects found: 2
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 2
Objects cured: 0
Objects deleted: 3
Objects renamed: 0
Objects moved: 1
Objects ignored: 0
Scan speed: 73 Kb/s
Scan time: 10:27:32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

KASPERSKY LOG...

See attached text file. it was kind of lengthy and i didnt want to overcrowd the board.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

HJT FILE

Logfile of HijackThis v1.99.1
Scan saved at 11:41:09 AM, on 3/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acachsrv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\acautoup.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\EzButton\CplBTQ00.EXE
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Toshiba Controls\CpRmtKey.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\svchost.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CplBTQ00] C:\Program Files\EzButton\CplBTQ00.EXE
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CpRmtKey] "C:\Program Files\Toshiba Controls\CpRmtKey.EXE"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [acEventServ] "C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: ActivCard Gold Smart Card Agent.lnk = C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c3/v14.204/qboax8.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: acAuth - C:\WINDOWS\SYSTEM32\acauth.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ActivCard Authentication Service (ACachSrv) - ActivCard - C:\Program Files\Common Files\ActivCard\acachsrv.exe
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Auto-Update Service (acautoupdate) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoup.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

THANKS A MILLION!!!

rridgely

Mar 5 2007, 03:00 AM

Run BitDefender Online Scanner

Using internet Explorer please go HERE to run BitDefender's Online scan.
Read the terms and then click I Agree
You may receive a Security Warning about the BitDefender ActiveX control, If you do, please allow it to install.
On the scanning Options screen, Press Click Here To Scan and then follow the on screen prompts.
Once bit defender is finished scanning your computer it will automatically remove the infections. Once the removal process is finished press the close button and a dialog box will appear asking if you want to send your scan log back to the makers of bitdefender. You do not have to do this but what you do want to do is press the button that says "view log" and then copy and paste that log into notepad and save it to your desktop as bitdefender.txt.
Reboot your computer

-----

Please download WebRoot SpySweeper from HERE (It's a 14 day trial):

Click the Download now link on the right to download the program.
Double-click the file to install it as follows:

Click "Next", read the agreement, Click "Next"
Choose "Custom" click "Next".
Leave the default installation directory as it is, then click "Next".
UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
Finally, click "Install"

Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, disconnect from the internet.
Click Options on the left side.
Click the Sweep Options tab.
Under What to Sweep please put a check next to the following:
Sweep Memory
Sweep Registry
Sweep Cookies
Sweep All User Accounts
Enable Direct Disk Sweeping
Sweep Contents of Compressed Files
Sweep for Rootkits
Please UNCHECK Do not Sweep System Restore Folder.

Click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply.

--------

Post the bitdefender log, webroot log, and a new hijackthis log.

chuzie

Mar 17 2007, 06:04 AM

Logfile of HijackThis v1.99.1
Scan saved at 1:01:48 AM, on 3/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\ActivCard\acachsrv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\acautoup.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\EzButton\CplBTQ00.EXE
C:\Program Files\Toshiba Controls\CpRmtKey.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\toshiba\ivp\ism\pinger.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [CeEPOWER] "C:\Program Files\TOSHIBA\Power Management\CePMTray.exe"
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [CplBTQ00] "C:\Program Files\EzButton\CplBTQ00.EXE"
O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
O4 - HKLM\..\Run: [CpRmtKey] "C:\Program Files\Toshiba Controls\CpRmtKey.EXE"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] "c:\toshiba\ivp\ism\pinger.exe" /run
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [masqform.exe] "C:\Program Files\PureEdge\Viewer 6.0\masqform.exe" -UpdateCurrentUser
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [acEventServ] "C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: ActivCard Gold Smart Card Agent.lnk = C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c3/v14.204/qboax8.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O20 - Winlogon Notify: acAuth - C:\WINDOWS\SYSTEM32\acauth.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ActivCard Authentication Service (ACachSrv) - ActivCard - C:\Program Files\Common Files\ActivCard\acachsrv.exe
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Auto-Update Service (acautoupdate) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoup.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

----------------------

*BitDefender Online Scanner*

*Scan report generated at: Fri, Mar 16, 2007 - 23:04:50*

* *

*Scan path: *C:\;D:\;E:\;F:\;

* *

*Statistics*

Time

02:27:24

Files

573539

Folders

8370

Boot Sectors

4

Archives

9413

Packed Files

59192

*Results*

Identified Viruses

5

Infected Files

7

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

7

*Engines Info*

Virus Definitions

405543

Engine build

AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins

14

Archive plugins

38

Unpack plugins

6

E-mail plugins

6

System plugins

1

*Scan Settings*

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

*Scanned File*

* Status*

C:\Documents and Settings\All Users\Application Data\Symantec\Norton
AntiVirus Corporate Edition\7.5\QuarantineAE40002.VBN=>(Quarantine-PE)

Infected with: Win32.Netsky.P@mm

C:\Documents and Settings\All Users\Application Data\Symantec\Norton
AntiVirus Corporate Edition\7.5\QuarantineAE40002.VBN=>(Quarantine-PE)

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton
AntiVirus Corporate Edition\7.5\QuarantineAE40002.VBN=>(Quarantine-PE)

Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton
AntiVirus Corporate Edition\7.5\QuarantineAE40002.VBN=>REMOVED_NULLS

Infected with: Win32.Netsky.8.Gen@mm

C:\Documents and Settings\All Users\Application Data\Symantec\Norton
AntiVirus Corporate Edition\7.5\QuarantineAE40002.VBN=>REMOVED_NULLS

Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton
AntiVirus Corporate Edition\7.5\QuarantineAE40002.VBN=>REMOVED_NULLS

Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton
AntiVirus Corporate Edition\7.5\QuarantineAE40002.VBN

Deleted

C:\Documents and Settings\mikey\Local Settings\Application
Data\Microsoft\Outlook\archive.pst=>[Subject: Emailing:
SafeLog.v3.5.FAA.Cracked-HERETiC.ZIP][From: Michael
Chuzie]=>SafeLog.v3.5.FAA.Cracked-HERETiC.ZIP=>crack-inf.exe

Infected with: Trojan.Clicker.Vb.LA

C:\Documents and Settings\mikey\Local Settings\Application
Data\Microsoft\Outlook\archive.pst=>[Subject: Emailing:
SafeLog.v3.5.FAA.Cracked-HERETiC.ZIP][From: Michael
Chuzie]=>SafeLog.v3.5.FAA.Cracked-HERETiC.ZIP=>crack-inf.exe

Disinfection failed

C:\Documents and Settings\mikey\Local Settings\Application
Data\Microsoft\Outlook\archive.pst=>[Subject: Emailing:
SafeLog.v3.5.FAA.Cracked-HERETiC.ZIP][From: Michael
Chuzie]=>SafeLog.v3.5.FAA.Cracked-HERETiC.ZIP=>crack-inf.exe

Deleted

C:\Documents and Settings\mikey\Local Settings\Application
Data\Microsoft\Outlook\archive.pst=>[Subject: Emailing:
SafeLog.v3.5.FAA.Cracked-HERETiC.ZIP][From: Michael
Chuzie]=>SafeLog.v3.5.FAA.Cracked-HERETiC.ZIP

Updated

C:\Documents and Settings\mikey\Local Settings\Application
Data\Microsoft\Outlook\archive.pst

Update failed

C:\Documents and Settings\mikey\Local Settings\Application
Data\Microsoft\Outlook\archive.pst=>[Subject: Error][From:
corriekapinos@aol.com]=>file.zip=>file.scr

Infected with: Win32.Mydoom.L@mm

C:\Documents and Settings\mikey\Local Settings\Application
Data\Microsoft\Outlook\archive.pst=>[Subject: Error][From:
corriekapinos@aol.com]=>file.zip=>file.scr

Disinfection failed

C:\Documents and Settings\mikey\Local Settings\Application
Data\Microsoft\Outlook\archive.pst=>[Subject: Error][From:
corriekapinos@aol.com]=>file.zip=>file.scr

Deleted

C:\Documents and Settings\mikey\Local Settings\Application
Data\Microsoft\Outlook\archive.pst=>[Subject: Error][From:
corriekapinos@aol.com]=>file.zip

Updated

C:\Documents and Settings\mikey\Local Settings\Application
Data\Microsoft\Outlook\archive.pst

Update failed

C:\Documents and Settings\mikey\Local Settings\Application
Data\Microsoft\Outlook\archive.pst=>[Subject: Mail Delivery (failure
mchuzie@airportnac.com)][From: 3dkhudson1979@hotmail.com]=>(body)

Infected with: Exploit.Iframe.Vulnerability.B

C:\Documents and Settings\mikey\Local Settings\Application
Data\Microsoft\Outlook\archive.pst=>[Subject: Mail Delivery (failure
mchuzie@airportnac.com)][From: 3dkhudson1979@hotmail.com]=>(body)

Disinfection failed

C:\Documents and Settings\mikey\Local Settings\Application
Data\Microsoft\Outlook\archive.pst=>[Subject: Mail Delivery (failure
mchuzie@airportnac.com)][From: 3dkhudson1979@hotmail.com]=>(body)

Deleted

C:\Documents and Settings\mikey\Local Settings\Application
Data\Microsoft\Outlook\archive.pst

Update failed

C:\Documents and Settings\mikey\Local Settings\Application
Data\Microsoft\Outlook\archive.pst=>[Subject: Mail Delivery (failure
mchuzie@airportnac.com)][From: 3dkhudson1979@hotmail.com]=>message.scr

Infected with: Win32.Netsky.P@mm

C:\Documents and Settings\mikey\Local Settings\Application
Data\Microsoft\Outlook\archive.pst=>[Subject: Mail Delivery (failure
mchuzie@airportnac.com)][From: 3dkhudson1979@hotmail.com]=>message.scr

Disinfection failed

C:\Documents and Settings\mikey\Local Settings\Application
Data\Microsoft\Outlook\archive.pst=>[Subject: Mail Delivery (failure
mchuzie@airportnac.com)][From: 3dkhudson1979@hotmail.com]=>message.scr

Deleted

C:\Documents and Settings\mikey\Local Settings\Application
Data\Microsoft\Outlook\archive.pst

Update failed

C:\Documents and Settings\mikey\Local Settings\Application
Data\Microsoft\Outlook\archive.pst=>[Subject: Test][From: Returned
mail]=>.zip=>mchuzie@airportnac.com

Infected with: Win32.Mydoom.L@mm

C:\Documents and Settings\mikey\Local Settings\Application
Data\Microsoft\Outlook\archive.pst=>[Subject: Test][From: Returned
mail]=>.zip=>mchuzie@airportnac.com

Disinfection failed

C:\Documents and Settings\mikey\Local Settings\Application
Data\Microsoft\Outlook\archive.pst=>[Subject: Test][From: Returned
mail]=>.zip=>mchuzie@airportnac.com

Deleted

C:\Documents and Settings\mikey\Local Settings\Application
Data\Microsoft\Outlook\archive.pst=>[Subject: Test][From: Returned
mail]=>.zip

Updated

C:\Documents and Settings\mikey\Local Settings\Application
Data\Microsoft\Outlook\archive.pst

Update failed

* *

* *

-------------------

12:53 AM: Removal process completed. Elapsed time 00:00:09
12:53 AM: Quarantining All Traces: burstnet cookie
12:53 AM: Quarantining All Traces: trafficmp cookie
12:53 AM: Quarantining All Traces: ru4 cookie
12:53 AM: Quarantining All Traces: adserver cookie
12:53 AM: Quarantining All Traces: pointroll cookie
12:53 AM: Quarantining All Traces: addynamix cookie
12:53 AM: Quarantining All Traces: 2o7.net cookie
12:53 AM: Quarantining All Traces: webpower cookie
12:53 AM: Quarantining All Traces: ccbill cookie
12:53 AM: Quarantining All Traces: about cookie
12:53 AM: Quarantining All Traces: spyware quake
12:53 AM: Quarantining All Traces: trojan-phisher-snifula
12:53 AM: Quarantining All Traces: nsis media extension
12:53 AM: Quarantining All Traces: cydoor
12:53 AM: Quarantining All Traces: ufp matewatcher
12:53 AM: Quarantining All Traces: trojan-backdoor-us15info
12:53 AM: Removal process initiated
12:02 AM: ApplicationMinimized - EXIT
12:02 AM: ApplicationMinimized - EXIT
12:02 AM: ApplicationMinimized - ENTER
12:02 AM: ApplicationMinimized - ENTER
Operation: File Access
Target:
Source: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
10:22 PM: Tamper Detection
9:43 PM: Traces Found: 39
9:43 PM: Custom Sweep has completed. Elapsed time 01:03:33
9:43 PM: File Sweep Complete, Elapsed Time: 00:55:26
9:40 PM: Warning: TCompressedFile.GetStreams(1): Stream read error
9:40 PM: Warning: TCompressedFile.GetStreams(1): Stream read error
9:39 PM: Warning: TCompressedFile.GetStreams(2): Stream read error
9:39 PM: Warning: TCompressedFile.GetStreams(1): Stream read error
9:37 PM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.

8:48 PM: C:\WORKSSETUP\DATA (2 subtraces) (ID = 2147508654)
8:48 PM: Found System Monitor: ufp matewatcher
8:48 PM: Starting File Sweep
8:48 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
8:48 PM: c:\documents and settings\mikey\cookies\mikey@www.burstnet[1].txt (ID = 2337)
8:48 PM: Found Spy Cookie: burstnet cookie
8:48 PM: c:\documents and settings\mikey\cookies\mikey@trafficmp[2].txt (ID = 3581)
8:48 PM: Found Spy Cookie: trafficmp cookie
8:48 PM: c:\documents and settings\mikey\cookies\mikey@edge.ru4[1].txt (ID = 3269)
8:48 PM: Found Spy Cookie: ru4 cookie
8:48 PM: c:\documents and settings\mikey\cookies\mikey@adserver[1].txt (ID = 2141)
8:48 PM: Found Spy Cookie: adserver cookie
8:48 PM: c:\documents and settings\mikey\cookies\mikey@ads.pointroll[1].txt (ID = 3148)
8:48 PM: Found Spy Cookie: pointroll cookie
8:48 PM: c:\documents and settings\mikey\cookies\mikey@ads.addynamix[2].txt (ID = 2062)
8:48 PM: Found Spy Cookie: addynamix cookie
8:48 PM: c:\documents and settings\mikey\cookies\mikey@2o7[2].txt (ID = 1957)
8:48 PM: Found Spy Cookie: 2o7.net cookie
8:48 PM: c:\documents and settings\nicole\cookies\nicole@webpower[1].txt (ID = 3660)
8:48 PM: Found Spy Cookie: webpower cookie
8:48 PM: c:\documents and settings\nicole\cookies\nicole@ccbill[1].txt (ID = 2369)
8:48 PM: Found Spy Cookie: ccbill cookie
8:48 PM: c:\documents and settings\guest\cookies\guest@experts.about[1].txt (ID = 2038)
8:48 PM: Found Spy Cookie: about cookie
8:48 PM: Starting Cookie Sweep
8:48 PM: Registry Sweep Complete, Elapsed Time:00:00:36
8:48 PM: HKU\S-1-5-18\software\microsoft\inetdata\ (ID = 1584037)
8:47 PM: HKU\S-1-5-19\software\microsoft\inetdata\ (ID = 1584037)
8:47 PM: HKU\S-1-5-20\software\microsoft\inetdata\ (ID = 1584037)
8:47 PM: HKU\S-1-5-21-2286967889-2219951804-2609634482-1004\software\microsoft\inetdata\ (ID = 1584037)
8:47 PM: HKLM\system\currentcontrolset\services\new_drv\ (ID = 2068111)
8:47 PM: HKLM\system\controlset001\services\new_drv\ (ID = 2068099)
8:47 PM: HKLM\system\controlset001\enum\root\legacy_new_drv\ (ID = 2035737)
8:47 PM: Found Trojan Horse: trojan-phisher-snifula
8:47 PM: HKLM\system\currentcontrolset\services\msasvc\ (ID = 1847079)
8:47 PM: HKLM\system\controlset001\services\msasvc\ (ID = 1847046)
8:47 PM: HKLM\system\controlset001\enum\root\legacy_msasvc\ (ID = 1847035)
8:47 PM: Found Trojan Horse: trojan-backdoor-us15info
8:47 PM: HKLM\software\microsoft\windows\currentversion\shell extensions\approved\ || {d44e22bd-2d2c-4f13-bf1b-2db458fd0c2c} (ID = 1711840)
8:47 PM: Found Adware: nsis media extension
8:47 PM: HKLM\software\classes\typelib\{46f1759e-b448-49f0-a626-bbc1077930dc}\ (ID = 1709278)
8:47 PM: HKLM\software\classes\typelib\{3327f2a4-2db8-4dde-9683-4f017b8844b2}\ (ID = 1709268)
8:47 PM: HKLM\software\classes\txtfile\shellex\contextmenuhandlers\kernelext\ (ID = 1709266)
8:47 PM: HKLM\software\classes\wmdmb.clsdll\ (ID = 1709236)
8:47 PM: HKLM\software\classes\kernel.kernelext.1\ (ID = 1709232)
8:47 PM: HKLM\software\classes\kernel.kernelext\ (ID = 1709226)
8:47 PM: HKCR\typelib\{46f1759e-b448-49f0-a626-bbc1077930dc}\ (ID = 1709216)
8:47 PM: HKCR\typelib\{3327f2a4-2db8-4dde-9683-4f017b8844b2}\ (ID = 1709206)
8:47 PM: HKCR\txtfile\shellex\contextmenuhandlers\kernelext\ (ID = 1709204)
8:47 PM: HKCR\wmdmb.clsdll\ (ID = 1709174)
8:47 PM: HKCR\kernel.kernelext.1\ (ID = 1709170)
8:47 PM: HKCR\kernel.kernelext\ (ID = 1709164)
8:47 PM: Found Adware: cydoor
8:47 PM: HKLM\software\classes\typelib\{9163b40f-fed6-4b74-a4b2-b73b24e8b0e6}\ (ID = 1516866)
8:47 PM: HKCR\typelib\{9163b40f-fed6-4b74-a4b2-b73b24e8b0e6}\ (ID = 1516833)
8:47 PM: Found Adware: spyware quake
8:47 PM: Starting Registry Sweep
8:47 PM: Memory Sweep Complete, Elapsed Time: 00:07:08
8:40 PM: Starting Memory Sweep
8:40 PM: Start Custom Sweep
8:40 PM: Sweep initiated using definitions version 881
8:33 PM: Messenger service has been disabled.
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
8:33 PM: Shield States
8:32 PM: Spyware Definitions: 881
8:32 PM: Spy Sweeper 5.3.2.2361 started
8:32 PM: Spy Sweeper 5.3.2.2361 started
8:32 PM: | Start of Session, Friday, March 16, 2007 |
***************

THANKS AGAIN.

rridgely

Mar 18 2007, 04:10 AM

Please scan with kaspersky online scanner again and post the log. Also post a new hijackthis log.

chuzie

Mar 25 2007, 05:45 PM

Here is the HJT. said the post was too long with kasper so i attached it as a text file. thanks.

Logfile of HijackThis v1.99.1
Scan saved at 12:42:05 PM, on 3/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\ActivCard\acachsrv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\acautoup.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\EzButton\CplBTQ00.EXE
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Toshiba Controls\CpRmtKey.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [CeEPOWER] "C:\Program Files\TOSHIBA\Power Management\CePMTray.exe"
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [CplBTQ00] "C:\Program Files\EzButton\CplBTQ00.EXE"
O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
O4 - HKLM\..\Run: [CpRmtKey] "C:\Program Files\Toshiba Controls\CpRmtKey.EXE"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] "c:\toshiba\ivp\ism\pinger.exe" /run
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [masqform.exe] "C:\Program Files\PureEdge\Viewer 6.0\masqform.exe" -UpdateCurrentUser
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [acEventServ] "C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: ActivCard Gold Smart Card Agent.lnk = C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} (QuickBooks Online Edition Utilities Class v8) - https://accounting.quickbooks.com/c3/v14.204/qboax8.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O20 - Winlogon Notify: acAuth - C:\WINDOWS\SYSTEM32\acauth.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ActivCard Authentication Service (ACachSrv) - ActivCard - C:\Program Files\Common Files\ActivCard\acachsrv.exe
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Auto-Update Service (acautoupdate) - ActivCard S.A. - C:\Program Files\Common Files\ActivCard\acautoup.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

rridgely

Mar 26 2007, 10:55 PM

You have a ton of infected emails your going to have to get rid of.
I believe if you delete this:
C:\Documents and Settings\mikey\Local Settings\Application Data\IM\Identities\{E5617025-1F1F-4066-96D6-A119C83A75F9}\Message Store\NAC.imm

They should be gone. But to be sure, I want you to back up any important emails you have and then do it.

Then run kaspersky again and post the log.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.