[jburnit3]

i think i have that aurora virus everyone is talking about... heres my log. someone please help...

Logfile of HijackThis v1.99.1
Scan saved at 4:38:10 PM, on 6/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\DVDRAMSV.exe
c:\windows\system32\sttfsky.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\umonit.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\apcquota.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\adhautou.exe
C:\PROGRA~1\COMMON~1\qwmk\qwmkm.exe
C:\PROGRA~1\COMMON~1\qwmk\qwmka.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Secretmaker\secretmaker.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Aprps\CxtPls.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Documents and Settings\Burnit\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://aimhome.netsc...com/aimhome.adp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://toshibadirect.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program

Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program

Files\Aprps\cxtpls.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: MyQuickSearch Search Assistant BHO - {04011C11-2F3B-44ed-977C-270CA669C6B2} -

C:\Program Files\MyQuickSearch\SrchAstt\1.bin\MQSSRCAS.DLL (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program

Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mqsBar BHO - {0E677221-E309-4341-81BD-3CC3018BF5B3} - C:\Program

Files\MyQuickSearch\bar\1.bin\MQSBAR.DLL (file missing)
O2 - BHO: C:\WINDOWS\lbbho.dll - {221537BB-3B56-4EDA-B50A-D471AE6B01A8} -

C:\WINDOWS\lbbho.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program

Files\E2G\IeBHOs.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program

Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot -

Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program

Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} -

C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} -

C:\WINDOWS\system32\smiehlp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar2.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -

C:\WINDOWS\system32\nvms.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton

AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O2 - BHO: SDWin32 Class - {E2E5E7AB-C8D8-4A9E-A7D1-D9D6063A5127} -

C:\WINDOWS\System32\fekfp.dll
O2 - BHO: WinStat - {EE02B99B-1D55-48bc-B8DB-649A42CE45F6} -

C:\WINDOWS\system32\WinStat12.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} -

C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Quick Search - {0E677229-E309-4341-81BD-3CC3018BF5B3} - C:\Program

Files\MyQuickSearch\bar\1.bin\MQSBAR.DLL (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program

Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program

Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio

Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming

Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program

Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [ncnoj] C:\WINDOWS\ncnoj.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32

C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [Rxagik] C:\WINDOWS\Meruoq.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"

-osboot
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\sixtypopsix.exe
O4 - HKLM\..\Run: [ssdiag] C:\WINDOWS\ssdiag.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [q32X3FR] apcquota.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [gzbrev] C:\WINDOWS\system32\gzbrev.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [jwnxhmx] c:\windows\system32\sttfsky.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [b0t7RPd3e] adhautou.exe
O4 - HKCU\..\Run: [qwmk] C:\PROGRA~1\COMMON~1\qwmk\qwmkm.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe

-autorun
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\Secretmaker\secretmaker.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM

Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar

2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program

files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} -

http://uk.trendmicro...usecall_pre.php (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program

Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program

Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -

http://ak.imgfarm.co...ialSetup1.0.0.8

-2.cab
O16 - DPF: {275B1804-0805-4E93-B220-35D6164A0EF7} (Intava Mobile Phone Simulator Games

Helper) - file://C:\DOCUME~1\Burnit\LOCALS~1\Temp\_CingularLidRock_\IntavaJ2ME.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -

http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) -

http://de.trendmicro...eCallButton.CAB
O16 - DPF: {9FA4E8C8-096C-42EA-AE9F-1738481EEFE8} (Intava Mobile Phone Simulator XML Helper)

- file://C:\DOCUME~1\Burnit\LOCALS~1\Temp\_CingularLidRock_\IntavaTidy.cab
O16 - DPF: {B4B5C9B4-C268-4782-A9DF-E8D3AF320D68} (Intava Mobile Phone Simulator) -

file://C:\DOCUME~1\Burnit\LOCALS~1\Temp\_CingularLidRock_\IntavaDL.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -

http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {C7F626D2-0645-4FD8-8212-446707501F82} (Intava Mobile Phone Simulator Helper) -

file://C:\DOCUME~1\Burnit\LOCALS~1\Temp\_CingularLidRock_\IntavaMEF.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) -

http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F97498B3-D7B1-4927-8DC0-EA7ABCA1663F} (Intava Mobile Phone Simulator AMR Audio

Helper) - file://C:\DOCUME~1\Burnit\LOCALS~1\Temp\_CingularLidRock_\IntavaAMR.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -

http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program

Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. -

C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation -

C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation -

C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\Security Center\SymWSC.exe

[Advertisements]

Hello

We are sorry for the delay in replying to your post, if your still need help please post a current HijackThis.log.

Thank you

Kc

[jburnit3]

yes still need help very much so...
current log...

Logfile of HijackThis v1.99.1
Scan saved at 5:21:55 PM, on 6/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
c:\windows\system32\pjlwrgm.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\umonit.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\apcquota.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\adhautou.exe
C:\PROGRA~1\COMMON~1\qwmk\qwmkm.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Secretmaker\secretmaker.exe
c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\PROGRA~1\COMMON~1\qwmk\qwmka.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Aprps\CxtPls.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Burnit\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netsc...com/aimhome.adp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\cxtpls.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: MyQuickSearch Search Assistant BHO - {04011C11-2F3B-44ed-977C-270CA669C6B2} - C:\Program Files\MyQuickSearch\SrchAstt\1.bin\MQSSRCAS.DLL (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mqsBar BHO - {0E677221-E309-4341-81BD-3CC3018BF5B3} - C:\Program Files\MyQuickSearch\bar\1.bin\MQSBAR.DLL (file missing)
O2 - BHO: C:\WINDOWS\lbbho.dll - {221537BB-3B56-4EDA-B50A-D471AE6B01A8} - C:\WINDOWS\lbbho.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O2 - BHO: SDWin32 Class - {E2E5E7AB-C8D8-4A9E-A7D1-D9D6063A5127} - C:\WINDOWS\System32\fekfp.dll
O2 - BHO: WinStat - {EE02B99B-1D55-48bc-B8DB-649A42CE45F6} - C:\WINDOWS\system32\WinStat12.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Quick Search - {0E677229-E309-4341-81BD-3CC3018BF5B3} - C:\Program Files\MyQuickSearch\bar\1.bin\MQSBAR.DLL (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [OSS] C:\WINDOWS\system32\ossproxy.exe -boot
O4 - HKLM\..\Run: [ncnoj] C:\WINDOWS\ncnoj.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [Rxagik] C:\WINDOWS\Meruoq.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\sixtypopsix.exe
O4 - HKLM\..\Run: [ssdiag] C:\WINDOWS\ssdiag.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [q32X3FR] apcquota.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [gzbrev] C:\WINDOWS\system32\gzbrev.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [vyrghoz] c:\windows\system32\pjlwrgm.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [b0t7RPd3e] adhautou.exe
O4 - HKCU\..\Run: [qwmk] C:\PROGRA~1\COMMON~1\qwmk\qwmkm.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\Secretmaker\secretmaker.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro...usecall_pre.php (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw3.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...up1.0.0.8-2.cab
O16 - DPF: {275B1804-0805-4E93-B220-35D6164A0EF7} (Intava Mobile Phone Simulator Games Helper) - file://C:\DOCUME~1\Burnit\LOCALS~1\Temp\_CingularLidRock_\IntavaJ2ME.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro...eCallButton.CAB
O16 - DPF: {9FA4E8C8-096C-42EA-AE9F-1738481EEFE8} (Intava Mobile Phone Simulator XML Helper) - file://C:\DOCUME~1\Burnit\LOCALS~1\Temp\_CingularLidRock_\IntavaTidy.cab
O16 - DPF: {B4B5C9B4-C268-4782-A9DF-E8D3AF320D68} (Intava Mobile Phone Simulator) - file://C:\DOCUME~1\Burnit\LOCALS~1\Temp\_CingularLidRock_\IntavaDL.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {C7F626D2-0645-4FD8-8212-446707501F82} (Intava Mobile Phone Simulator Helper) - file://C:\DOCUME~1\Burnit\LOCALS~1\Temp\_CingularLidRock_\IntavaMEF.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F97498B3-D7B1-4927-8DC0-EA7ABCA1663F} (Intava Mobile Phone Simulator AMR Audio Helper) - file://C:\DOCUME~1\Burnit\LOCALS~1\Temp\_CingularLidRock_\IntavaAMR.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[jburnit3]

what is Ewido?

[jburnit3]

here is my new HJT log. let me know what else to do...

Logfile of HijackThis v1.99.1
Scan saved at 10:29:33 PM, on 6/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\khewkqe.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\umonit.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Secretmaker\secretmaker.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\Burnit\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netsc...com/aimhome.adp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SDWin32 Class - {E2E5E7AB-C8D8-4A9E-A7D1-D9D6063A5127} - C:\WINDOWS\System32\fekfp.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Quick Search - {0E677229-E309-4341-81BD-3CC3018BF5B3} - C:\Program Files\MyQuickSearch\bar\1.bin\MQSBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe
O4 - HKLM\..\Run: [ssdiag] C:\WINDOWS\ssdiag.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [gzbrev] C:\WINDOWS\system32\gzbrev.exe
O4 - HKLM\..\Run: [igxstoi] c:\windows\system32\khewkqe.exe r
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\Secretmaker\secretmaker.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro...usecall_pre.php (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro...eCallButton.CAB
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[jburnit3]

i did it all and the aurora thing is still there. heres all my scans....
please help.

Logfile of HijackThis v1.99.1
Scan saved at 4:04:46 PM, on 6/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\umonit.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Secretmaker\secretmaker.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system32\avkhyo.exe
C:\DOCUME~1\Burnit\LOCALS~1\Temp\MMV\aurareco.exe
C:\Documents and Settings\Burnit\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netsc...com/aimhome.adp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SDWin32 Class - {E2E5E7AB-C8D8-4A9E-A7D1-D9D6063A5127} - C:\WINDOWS\System32\fekfp.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Quick Search - {0E677229-E309-4341-81BD-3CC3018BF5B3} - C:\Program Files\MyQuickSearch\bar\1.bin\MQSBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe
O4 - HKLM\..\Run: [ssdiag] C:\WINDOWS\ssdiag.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ximdokv] c:\windows\system32\avkhyo.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\Secretmaker\secretmaker.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro...usecall_pre.php (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro...eCallButton.CAB
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe





panda....

Incident Status Location

Adware:Adware/Transponder No disinfected c:\windows\system32\pkbpnv.exe
Adware:Adware/eZula No disinfected C:\WINDOWS\system32\ezPopStub.exe
Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/MyWay No disinfected C:\Program Files\MyWay
Spyware:Spyware/AdClicker No disinfected C:\WINDOWS\usta33.ini
Spyware:Spyware/Dyfuca No disinfected Windows Registry
Spyware:Spyware/ClearSearch No disinfected C:\Program Files\ClearSearch
Adware:Adware/KeenValue No disinfected C:\Program Files\Common Files\Updater
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\bsx32
Adware:Adware/Apropos No disinfected Windows Registry
Adware:Adware/WinTools No disinfected C:\Program Files\Common Files\WinTools
Adware:Adware/AdDestroyer No disinfected Windows Registry
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\Bundles
Adware:Adware/DelFinMedia No disinfected Windows Registry
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\conscorr.inf
Adware:Adware/SideFind No disinfected Windows Registry
Adware:Adware/DealHelper No disinfected C:\WINDOWS\bundles\dealhelper.exe
Adware:Adware/AdLogix No disinfected Windows Registry
Adware:Adware/TopRebates No disinfected C:\Program Files\Web_Rebates
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\inf\multimpp.inf
Adware:Adware/WUpd No disinfected C:\Program Files\AdTools Service
Spyware:Spyware/MarketScore No disinfected C:\WINDOWS\system32\osconfig.dll
Spyware:Spyware/SurfSideKick No disinfected Windows Registry
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Burnit\Application Data\Sskcwrd.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Burnit\Application Data\Sskknwrd.dll
Spyware:Spyware/SurfSideKick No disinfected C:\Documents and Settings\Burnit\Application Data\Sskuknwrd.dll
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Burnit\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv728.jar-35304bd5-6406bd3c.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Burnit\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv728.jar-35304bd5-6406bd3c.zip[Dummy.class]
Adware:Adware/FunWeb No disinfected C:\Documents and Settings\Burnit\Desktop\backups\backup-20050625-212543-376.inf
Adware:Adware/VirtualBouncer No disinfected C:\myPcsearch.exe
Adware:Adware/Apropos No disinfected C:\Program Files\Aprps\ProxyStub.dll
Adware:Adware/Sqwire No disinfected C:\Program Files\Common Files\qwmk\qwmkd\qwmkc.dll
Spyware:Spyware/BetterInet No disinfected C:\Program Files\Common Files\updater\data1.dat
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\backup\T\50625000.DAT
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\adv0ltc0m.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\bs5-vwqouc.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\CSV7P070.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\dealhelper.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\optimizejames.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\runsearch.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\s4Sept.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles\setup_silent_26221.exe
Adware:Adware/TopRebates No disinfected C:\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\eocphad.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\conscorr.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\inf\farmmext.inf
Adware:Adware/MultiMPP No disinfected C:\WINDOWS\inf\multimpp.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\inf\polall1r.inf
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\inf\zserv.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\Nail.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\satmat.ini
Adware:Adware/Transponder No disinfected C:\WINDOWS\svcproc.exe
Virus:Trj/Imiserv.D Disinfected C:\WINDOWS\systb.dll
Adware:Adware/KeenValue No disinfected C:\WINDOWS\system32\drivers\etc\hosts.bho
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\DrPMon.dll
Adware:Adware/eZula No disinfected C:\WINDOWS\system32\ezPopStub.exe
Adware:Adware/Neededware No disinfected C:\WINDOWS\system32\kltsbvjndw30101lib.dll
Spyware:Spyware/MarketScore No disinfected C:\WINDOWS\system32\osconfig.dll
Spyware:Spyware/MarketScore No disinfected C:\WINDOWS\system32\osmim.dll
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\pkbpnv.exe
Adware:Adware/Sqwire No disinfected C:\WINDOWS\system32\tsuninst.exe
Adware:Adware/PortalScan No disinfected C:\WINDOWS\system32\winupdt.bin
Spyware:Spyware/AdClicker No disinfected C:\WINDOWS\usta33.ini
Virus:Trj/Imiserv.D Disinfected C:\WINDOWS\wupdt.exe


ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:00:11 PM, 6/26/2005
+ Report-Checksum: C37BF595

+ Date of database: 6/26/2005
+ Version of scan engine: v3.0

+ Duration: 40 min
+ Scanned Files: 78333
+ Speed: 32.30 Files/Second
+ Infected files: 112
+ Removed files: 112
+ Files put in quarantine: 112
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\

+ Scan result:
C:\Documents and Settings\All Users\Application Data\wsxs\patchme.exe -> Spyware.DelphinMedia.Viewer.f -> Cleaned with backup
C:\Documents and Settings\Burnit\Desktop\backups\backup-20050625-212541-162.dll -> Spyware.Neon.a -> Cleaned with backup
C:\Documents and Settings\Burnit\Desktop\backups\backup-20050625-212541-276.dll -> Spyware.Winsta -> Cleaned with backup
C:\Documents and Settings\Burnit\Desktop\backups\backup-20050625-212541-923.dll -> Spyware.NewDotNet -> Cleaned with backup
C:\Documents and Settings\Burnit\Local Settings\Temp\temp.fr8404 -> Trojan.Agent.db -> Cleaned with backup
C:\Documents and Settings\Burnit\Local Settings\Temp\UWX\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Burnit\SSK3_B5 Verticlick 8.exe -> TrojanDropper.Small.qn -> Cleaned with backup
C:\Program Files\AdTools Service\AdToolsKeep.exe -> Spyware.WinAD.k -> Cleaned with backup
C:\Program Files\Common Files\qwmk\qwmka.exe -> TrojanDownloader.TSUpdate.l -> Cleaned with backup
C:\Program Files\Common Files\qwmk\qwmkl.exe -> TrojanDownloader.TSUpdate.j -> Cleaned with backup
C:\Program Files\Common Files\qwmk\qwmkm.exe -> TrojanDownloader.TSUpdate.k -> Cleaned with backup
C:\Program Files\Common Files\qwmk\qwmkp.exe -> Spyware.Xupiter.m -> Cleaned with backup
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.DelphinMedia.Viewer.f -> Cleaned with backup
C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE -> Spyware.MyWay.b -> Cleaned with backup
C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS -> Spyware.MyWay -> Cleaned with backup
C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL -> Spyware.MyWay.e -> Cleaned with backup
C:\Program Files\SearchRelevant\SearchRelevant.dll -> Spyware.Relevance -> Cleaned with backup
C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> TrojanDownloader.Small.wj -> Cleaned with backup
C:\WINDOWS\a65d.exe -> Spyware.MediaMotor.e -> Cleaned with backup
C:\WINDOWS\bsx32\ADTMI1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ADVC5.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ADVCTX2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIB9894.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIC29667.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASID12180.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIE17070.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIF29819.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIF4502.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIFWH29233.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIG21943.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIGT10102.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIH7853.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASII21469.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIL18549.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIOG19375.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIOT25456.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIPF1965.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIR21184.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIRE20082.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIS24110.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIS31590.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIT17011.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIT26116.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIW11211.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIWS3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\BID1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\BingoRoom1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\CARD2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\CARS3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\DATE4.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\EECH1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\EML1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\FAST1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\FINC3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\FINC5.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\FLWR1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\HERBS1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\INK1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\JOBS4.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\MOVS2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\NEWS2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\SHOP2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\SPZ3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\TECH2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\UTONE2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\WWW3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\XTFL2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bundles\ez_advolt.exe -> Spyware.iLookup -> Cleaned with backup
C:\WINDOWS\bundles\saie1101.exe -> Spyware.180solutions -> Cleaned with backup
C:\WINDOWS\bundles\shopinst.exe -> TrojanDownloader.Small.wj -> Cleaned with backup
C:\WINDOWS\bundles\TVM_B5_Bundle_8.EXE -> TrojanDropper.Small.ht -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\epx30101.exe -> TrojanDropper.Agent.jl -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\epx30102.exe -> TrojanDownloader.Lastad.n -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\EPXActiveX.ocx -> Spyware.Winsta -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\EPXActiveX.ocx -> Spyware.Winsta -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\EPXActiveX.ocx -> TrojanDownloader.Lastad.d -> Cleaned with backup
C:\WINDOWS\iwnggnjkl.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\lbbho.dll -> Spyware.Neon.a -> Cleaned with backup
C:\WINDOWS\mserv32.exe -> Spyware.WinAD.b -> Cleaned with backup
C:\WINDOWS\Nail.exe -> Trojan.Nail -> Cleaned with backup
C:\WINDOWS\NDNuninstall4_85.exe -> Spyware.NewDotNet -> Cleaned with backup
C:\WINDOWS\NDNuninstall6_30.exe -> Spyware.NewDotNet -> Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet -> Cleaned with backup
C:\WINDOWS\optimize.exe -> TrojanDownloader.Dyfuca.du -> Cleaned with backup
C:\WINDOWS\sskb5.exe -> TrojanDropper.SurfSide.a -> Cleaned with backup
C:\WINDOWS\systb.dll -> Spyware.ImiBar.d -> Cleaned with backup
C:\WINDOWS\system32\apcquota.exe -> TrojanDownloader.Apropo.ac -> Cleaned with backup
C:\WINDOWS\system32\augu.exe -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\WINDOWS\system32\Cache\cxtpls_loader.exe -> Spyware.Apropos.b -> Cleaned with backup
C:\WINDOWS\system32\DrPMon.dll -> Trojan.Agent.db -> Cleaned with backup
C:\WINDOWS\system32\epx30103.exe -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\WINDOWS\system32\epx30104.exe -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\WINDOWS\system32\fekfp.dll -> Spyware.Adstart.c -> Cleaned with backup
C:\WINDOWS\system32\fekfpf.exe -> Spyware.Adstart.b2 -> Cleaned with backup
C:\WINDOWS\system32\gyfgztv.exe -> TrojanDownloader.Lastad.i -> Cleaned with backup
C:\WINDOWS\system32\gyfgztvndw301lib.dll -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\WINDOWS\system32\gzbrev.exe -> TrojanDownloader.Lastad.p -> Cleaned with backup
C:\WINDOWS\system32\gzbrevaeg05.dll -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\WINDOWS\system32\hznsb.exe -> TrojanDownloader.Lastad.n -> Cleaned with backup
C:\WINDOWS\system32\hznsbndw30102lib.dll -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\WINDOWS\system32\iccelae5.exe -> Trojan.AproposAd -> Cleaned with backup
C:\WINDOWS\system32\kdcvtmsg.exe -> TrojanDownloader.Agent.ji -> Cleaned with backup
C:\WINDOWS\system32\kltsbvj.exe -> TrojanDropper.Agent.jl -> Cleaned with backup
C:\WINDOWS\system32\nsvsvc\nsv.ocx -> Spyware.DelphinMediaViewer.c -> Cleaned with backup
C:\WINDOWS\system32\nsvsvc\nsvs.dll -> Spyware.DelphinMedia.f -> Cleaned with backup
C:\WINDOWS\system32\nsvsvc\nsvsvc.exe -> Spyware.DelphinMedia.Viewer.f -> Cleaned with backup
C:\WINDOWS\system32\nxuqm.exe -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\WINDOWS\system32\SSK3_B5 Verticlick 8.exe -> TrojanDropper.Small.qn -> Cleaned with backup
C:\WINDOWS\system32\WinStat11.dll -> Spyware.Winsta -> Cleaned with backup
C:\WINDOWS\system32\yjtlevv.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c -> Cleaned with backup
C:\WINDOWS\wupdt.exe -> TrojanDownloader.Intexp.c -> Cleaned with backup


::Report End

[jburnit3]

oh and ewido keeps finding malware on my computer every time i restart...

[jburnit3]

i did all that... here are my logs...


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:49:50 PM, 6/27/2005
+ Report-Checksum: 46F42D70

+ Date of database: 6/26/2005
+ Version of scan engine: v3.0

+ Duration: 40 min
+ Scanned Files: 77604
+ Speed: 31.57 Files/Second
+ Infected files: 6
+ Removed files: 6
+ Files put in quarantine: 6
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\

+ Scan result:
C:\Documents and Settings\Burnit\Cookies\burnit@advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Burnit\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Burnit\Local Settings\Temp\FCZ\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\iwnggnjkl.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\system32\omtena.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c -> Cleaned with backup


::Report End




Incident Status Location

Adware:Adware/Transponder No disinfected c:\windows\system32\lsbqbi.exe
Adware:Adware/eZula No disinfected Windows Registry
Adware:Adware/KeenValue No disinfected C:\Program Files\IncrediFind
Adware:Adware/PortalScan No disinfected C:\WINDOWS\bundles
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\bsx32
Adware:Adware/Apropos No disinfected Windows Registry
Spyware:Spyware/TVMedia No disinfected C:\WINDOWS\Bundles
Adware:Adware/DelFinMedia No disinfected Windows Registry
Adware:Adware/Transponder No disinfected C:\DOCUME~1\Burnit\LOCALS~1\Temp\dummy.htm
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\emkjbd.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\lsbqbi.exe
Adware:Adware/Transponder No disinfected C:\WINDOWS\system32\__delete_on_reboot__uwndps.exe




(6/27/05 10:06:59 PM) SPSeHjFix started v1.1.2
(6/27/05 10:06:59 PM) OS: WinXP Service Pack 2 (5.1.2600)
(6/27/05 10:06:59 PM) Language: english
(6/27/05 10:06:59 PM) Win-Path: C:\WINDOWS
(6/27/05 10:06:59 PM) System-Path: C:\WINDOWS\system32
(6/27/05 10:06:59 PM) Temp-Path: C:\DOCUME~1\Burnit\LOCALS~1\Temp\
(6/27/05 10:07:02 PM) Disinfection started
(6/27/05 10:07:02 PM) Bad-Dll(IEP): (not found)
(6/27/05 10:07:02 PM) Bad-Dll(IEP) in BHO: (not found)
(6/27/05 10:07:02 PM) UBF: 8 - UBB: 7 - UBR: 26
(6/27/05 10:07:02 PM) UBF: 8 - UBB: 7 - UBR: 26
(6/27/05 10:07:02 PM) Bad IE-pages:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar:
(6/27/05 10:07:02 PM) Stealth-String not found
(6/27/05 10:07:02 PM) Not infected->END


(6/27/05 10:07:38 PM) SPSeHjFix started v1.1.2
(6/27/05 10:07:38 PM) OS: WinXP Service Pack 2 (5.1.2600)
(6/27/05 10:07:38 PM) Language: english
(6/27/05 10:07:38 PM) Win-Path: C:\WINDOWS
(6/27/05 10:07:38 PM) System-Path: C:\WINDOWS\system32
(6/27/05 10:07:38 PM) Temp-Path: C:\DOCUME~1\Burnit\LOCALS~1\Temp\



Logfile of HijackThis v1.99.1
Scan saved at 10:51:16 PM, on 6/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\explorer.exe
c:\windows\system32\kpapryx.exe
C:\Documents and Settings\Burnit\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netsc...com/aimhome.adp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My &Quick Search - {0E677229-E309-4341-81BD-3CC3018BF5B3} - C:\Program Files\MyQuickSearch\bar\1.bin\MQSBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe
O4 - HKLM\..\Run: [ssdiag] C:\WINDOWS\ssdiag.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [zcqibjh] c:\windows\system32\kpapryx.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\Secretmaker\secretmaker.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro...usecall_pre.php (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro...eCallButton.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



also, every time i restart, two windows pop up... Diagnostic Traces and DrvmCDB. Dont know if this is relevant. and every time i restart, Ewido says i have viruses.

[jburnit3]

i copied and pasted the code but when i opened it, it never asked me anything about the registry. and i searched for nail.exe but was unable to find anything.


Logfile of HijackThis v1.99.1
Scan saved at 12:53:53 PM, on 6/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\umonit.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ProcessGuard\pgaccount.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ProcessGuard\procguard.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Secretmaker\secretmaker.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Burnit\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netsc...com/aimhome.adp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe
O4 - HKLM\..\Run: [ssdiag] C:\WINDOWS\ssdiag.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [yeoydq] c:\windows\system32\wctwobv.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\ProcessGuard\procguard.exe" -minimize
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\Secretmaker\secretmaker.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro...eCallButton.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\Ivp\Swupdate\swupdtmr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe