Here is the report from Combo scan
ComboFix 08-06-11.7 - bg 2008-06-13 6:41:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.143 [GMT -7:00]
Running from: C:\Documents and Settings\bg\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\bg\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\acrsec.fon
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\aksjadwn.ini
C:\WINDOWS\system32\LmpsAyay.ini
C:\WINDOWS\system32\LmpsAyay.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\xfjpgreh.ini
C:\WINDOWS\system32\yayAspmL.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))
.
2008-06-12 15:53 . 2008-06-12 15:53 <DIR> dr-h----- C:\Documents and Settings\Mikael\Application Data\yahoo!
2008-06-12 15:52 . 2008-06-12 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-12 15:29 . 2008-06-12 15:29 <DIR> d-------- C:\Program Files\Avira
2008-06-12 14:42 . 2008-06-13 06:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-12 14:42 . 2008-06-12 14:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-12 14:38 . 2008-06-12 15:46 <DIR> d-------- C:\fixwareout
2008-06-12 14:23 . 2008-06-12 14:23 <DIR> d-------- C:\Program Files\CCleaner
2008-06-12 14:02 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-12 13:14 . 2008-06-12 13:14 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-06-12 13:14 . 2003-11-14 09:50 155,648 --a------ C:\WINDOWS\system32\ifc21.dll
2008-06-12 13:14 . 2003-11-14 09:50 104,960 --a------ C:\WINDOWS\system32\COMNCTR.DLL
2008-06-12 13:14 . 2003-11-14 09:50 97,792 --a------ C:\WINDOWS\system32\LGUICOM.DLL
2008-06-12 13:14 . 2003-11-14 09:50 94,208 --a------ C:\WINDOWS\system32\FEELIT.DLL
2008-06-12 13:14 . 2003-11-14 09:50 16,896 --a------ C:\WINDOWS\system32\LMOUSE32.DLL
2008-06-12 13:14 . 2003-11-14 09:50 3,568 --a------ C:\WINDOWS\system32\LMOUSE16.DLL
2008-06-12 13:13 . 2008-06-12 13:13 <DIR> d-------- C:\Program Files\Logitech
2008-06-12 13:13 . 2003-11-07 02:50 152,064 --a------ C:\WINDOWS\system32\lmoufrc.dll
2008-06-12 13:13 . 2003-11-07 02:50 70,798 --a------ C:\WINDOWS\system32\drivers\LMouFlt2.Sys
2008-06-12 13:13 . 2003-11-07 02:50 51,486 --a------ C:\WINDOWS\system32\drivers\L8042PR2.SYS
2008-06-12 13:13 . 2003-11-07 02:50 37,884 --a------ C:\WINDOWS\system32\drivers\LHIDUSB.SYS
2008-06-12 13:13 . 2003-11-07 02:50 25,502 --a------ C:\WINDOWS\system32\drivers\LHidFlt2.Sys
2008-06-12 13:13 . 2003-11-07 02:50 23,372 --a------ C:\WINDOWS\system32\LCOINST.DLL
2008-06-12 13:13 . 2003-11-07 02:50 19,968 --------- C:\WINDOWS\LOGI_MWX.EXE
2008-06-12 13:13 . 2003-11-07 02:50 14,092 --a------ C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2008-06-11 23:07 . 2008-06-11 23:07 <DIR> d-------- C:\Documents and Settings\Mikael\Application Data\MySpace
2008-06-11 18:29 . 2008-06-11 18:29 <DIR> d-------- C:\kav
2008-06-11 18:04 . 2008-06-11 18:04 <DIR> d---s---- C:\Documents and Settings\bg\UserData
2008-06-11 17:25 . 2008-06-11 17:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-11 16:30 . 2008-06-12 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-11 16:07 . 2008-06-11 16:07 <DIR> d-------- C:\Program Files\InterMute
2008-06-11 15:46 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-06-11 15:46 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-06-11 15:46 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-06-11 15:46 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-11 13:54 . 2008-06-11 13:54 <DIR> d-------- C:\Documents and Settings\bg\Application Data\Zero Knowledge
2008-06-11 13:52 . 2005-04-20 14:35 <DIR> d-------- C:\Documents and Settings\bg\WINDOWS
2008-06-11 13:52 . 2005-04-20 15:12 <DIR> d-------- C:\Documents and Settings\bg\Application Data\You've Got Pictures Screensaver
2008-06-11 13:52 . 2005-04-20 14:42 <DIR> d-------- C:\Documents and Settings\bg\Application Data\toshiba
2008-06-11 13:52 . 2005-04-20 14:54 <DIR> d-------- C:\Documents and Settings\bg\Application Data\Intuit
2008-06-11 13:52 . 2005-04-20 15:26 <DIR> d-------- C:\Documents and Settings\bg\Application Data\InterVideo
2008-06-11 13:52 . 2005-04-20 15:08 <DIR> d-------- C:\Documents and Settings\bg\Application Data\InterTrust
2008-06-11 13:52 . 2006-02-28 18:24 <DIR> d-------- C:\Documents and Settings\bg\Application Data\AOL
2008-06-11 13:52 . 2008-06-12 15:40 <DIR> d-------- C:\Documents and Settings\bg
2008-06-11 13:47 . 2005-04-20 14:35 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-06-11 13:47 . 2005-04-20 15:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-06-11 13:47 . 2005-04-20 14:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2008-06-11 13:47 . 2005-04-20 14:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-06-11 13:47 . 2005-04-20 15:26 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterVideo
2008-06-11 13:47 . 2005-04-20 15:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-06-11 13:47 . 2006-02-28 18:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-06-11 13:47 . 2008-06-11 13:47 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-23 19:19 . 2008-05-24 13:25 <DIR> d-------- C:\Program Files\AXPFixer
2008-05-23 18:57 . 2008-05-24 13:15 <DIR> d-------- C:\$AVG8.VAULT$
2008-05-23 18:50 . 2008-05-23 18:50 10,520 --a------ C:\WINDOWS\system32\avgrsstx(2).dll
2008-05-23 18:49 . 2008-05-23 18:52 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg(2)
2008-05-23 18:49 . 2008-05-24 13:25 <DIR> d-------- C:\Program Files\AVG(2)
2008-05-23 18:49 . 2008-05-24 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8(2)
2008-05-23 18:36 . 2008-05-28 15:04 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp
2008-05-23 18:36 . 2008-05-28 15:04 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-05-21 11:16 . 2008-05-21 11:16 <DIR> d-------- C:\Program Files\iPod
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 22:38 --------- d-----w C:\Program Files\Yahoo!
2008-06-12 22:20 --------- d-----w C:\Program Files\Google
2008-06-12 22:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-12 21:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-12 21:02 --------- d-----w C:\Program Files\Java
2008-06-12 01:21 --------- d-----w C:\Program Files\America Online 9.0
2008-05-24 20:27 --------- d-----w C:\Program Files\Apple Software Update
2008-05-21 18:17 --------- d-----w C:\Program Files\iTunes
2008-05-21 18:14 --------- d-----w C:\Program Files\QuickTime
2008-04-24 18:30 --------- d-----w C:\Program Files\APAstyle.info
2008-04-21 20:32 --------- d-----w C:\Program Files\AIM
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 00:32 65536]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-04-25 09:15 339968]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-04-12 16:18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-12 16:17 88358 C:\WINDOWS\agrsmmsg.exe]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 16:25 73728]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-15 16:51 122880]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 10:00 339968]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 15:28 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 15:26 688218]
"TPSMain"="TPSMain.exe" [2004-12-28 16:02 270336 C:\WINDOWS\system32\TPSMain.exe]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 16:37 151552]
"HostManager"="C:\Program Files\Common Files\AOL\1141089950\ee\AOLSoftware.exe" [2006-05-09 17:24 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 09:59 124520]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 02:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 00:33 8720384]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-04 15:04:48 176128]
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 14:12:08 16423]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 13:05:56 65588]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-04-20 14:34:50 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnNGwvs]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\1141089950\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1141089950\\ee\\aim6.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\Common Files\\AOL\\1141089950\\ee\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
.
Contents of the 'Scheduled Tasks' folder
"2008-05-21 18:03:54 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-13 06:47:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-06-13 6:50:37 - machine was rebooted [bg]
ComboFix-quarantined-files.txt 2008-06-13 13:50:28
Pre-Run: 66,180,259,840 bytes free
Post-Run: 66,115,293,184 bytes free
196 --- E O F --- 2007-12-12 11:03:23
I'll go ahead and install the recovery console.
The log from HJT.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:42 AM, on 6/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\1141089950\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.toshibadirect.com/dpdstartR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141089950\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1213304684390O20 - Winlogon Notify: opnNGwvs - C:\WINDOWS\
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
--
End of file - 8572 bytes
Thank you in helping me. Kaspersky has been removed. The only active up to date AV is
Avira Free.
PS recovery console installed.
Edited by n2gc, 13 June 2008 - 08:29 AM.