umm, well i am actually american, so english is my native tongue.
what i was saying is i thought i had posted the correct logs, as below:
vundofix.txt LOG:
Logfile of HijackThis v1.99.1
Scan saved at 11:18:42 AM, on 11/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:..WINDOWS..system32..services.exe
C:..WINDOWS..system32..lsass.exe
C:..WINDOWS..system32..svchost.exe
C:..WINDOWS..system32..svchost.exe
C:..WINDOWS..system32..cmd.exe
C:..Program Files..hijackthis.exe
R1 - HKCU..Software..Microsoft..Internet Explorer..Main,Search Bar =
http://www.toshiba.com/search R0 - HKCU..Software..Microsoft..Internet Explorer..Main,Start Page =
http://www.toshiba.com R0 - HKLM..Software..Microsoft..Internet Explorer..Main,Start Page =
http://www.myspace.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:..Program Files..Adobe..Acrobat 5.0..Reader..ActiveX..AcroIEHelper.ocx
O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:..WINDOWS..system32..awtqp.dll (file missing)
O4 - HKLM......Run: [00THotkey] C:..WINDOWS..System32..00THotkey.exe
O4 - HKLM......Run: [000StTHK] 000StTHK.exe
O4 - HKLM......Run: [IgfxTray] C:..WINDOWS..System32..igfxtray.exe
O4 - HKLM......Run: [HotKeysCmds] C:..WINDOWS..System32..hkcmd.exe
O4 - HKLM......Run: [LtMoh] C:..Program Files..ltmoh..Ltmoh.exe
O4 - HKLM......Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM......Run: [Apoint] C:..Program Files..Apoint2K..Apoint.exe
O4 - HKLM......Run: [TouchED] C:..Program Files..TOSHIBA..TouchED..TouchED.Exe
O4 - HKLM......Run: [TFNF5] TFNF5.exe
O4 - HKLM......Run: [PadTouch] "C:..Program Files..TOSHIBA..PadTouch..PadExe.exe
O4 - HKLM......Run: [TPSMain] TPSMain.exe
O4 - HKLM......Run: [TFncKy] TFncKy.exe
O4 - HKLM......Run: [Pinger] c:..toshiba..ivp..ism..pinger.exe /run
O4 - HKLM......Run: [IVPServiceMgr] C:..toshiba..ivp..ism..ivpsvmgr.exe
O4 - HKLM......Run: [TkBellExe] "C:..Program Files..Common Files..Real..Update_OB..realsched.exe" -osboot
O4 - HKLM......Run: [EPSON Stylus Photo R320 Series] C:..WINDOWS..System32..spool..DRIVERS..W32X86..3..E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB003" /M "Stylus Photo R320"
O4 - HKLM......Run: [kdx] C:..WINDOWS..kdx..KHost.exe
O4 - HKLM......Run: [Microsoft Works Portfolio] C:..Program Files..Microsoft Works..WksSb.exe /AllUsers
O4 - HKLM......Run: [gcasServ] "C:..Program Files..Microsoft AntiSpyware..gcasServ.exe"
O4 - HKLM......Run: [HostManager] C:..Program Files..Common Files..AOL..1128375576..ee..AOLSoftware.exe
O4 - HKLM......Run: [iTunesHelper] "C:..Program Files..iTunes..iTunesHelper.exe"
O4 - HKLM......Run: [QuickTime Task] "C:..Program Files..QuickTime..qttask.exe" -atboottime
O4 - HKLM......Run: [AVG7_CC] C:..PROGRA~1..Grisoft..AVGFRE~1..avgcc.exe /STARTUP
O4 - HKCU......Run: [ctfmon.exe] C:..WINDOWS..System32..ctfmon.exe
O4 - HKCU......Run: [TOSCDSPD] C:..Program Files..TOSHIBA..TOSCDSPD..toscdspd.exe
O4 - HKCU......Run: [MSMSGS] "C:..Program Files..Messenger..msmsgs.exe" /background
O4 - HKCU......Run: [AVG7_Run] C:..PROGRA~1..Grisoft..AVGFRE~1..avgw.exe /RUNONCE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:..Program Files..Common Files..Adobe..Calibration..Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:..Program Files..Common Files..Adobe..Calibration..Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:..Program Files..America Online 9.0..aoltray.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:..Program Files..Microsoft Office..OFFICE11..ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:..Program Files..Microsoft Office..Office..OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:..WINDOWS..system32..RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:..Program Files..Java..j2re1.4.2..bin..npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:..Program Files..Java..j2re1.4.2..bin..npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:..PROGRA~1..MICROS~2..OFFICE11..REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:..Program Files..AIM..aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:..WINDOWS..System32..Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:..Program Files..Messenger..msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:..Program Files..Messenger..msmsgs.exe
O12 - Plugin for .spop: C:..Program Files..Internet Explorer..Plugins..NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204 O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} -
http://www.mtv.com/o...e/bin/setup.exe O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
http://www.xblock.co...clean_micro.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) -
http://cdn.digitalci....1.11_en_dl.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -
http://moviefone.kon...ry/main/kdx.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
http://pdl.stream.ao.../ampx_en_dl.cab O20 - Winlogon Notify: awtqp - C:..WINDOWS..system32..awtqp.dll (file missing)
O20 - Winlogon Notify: iexplore - C:..WINDOWS..SYSTEM32..3m3fs.dll
O20 - Winlogon Notify: igfxcui - C:..WINDOWS..SYSTEM32..igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:..PROGRA~1..COMMON~1..AOL..ACS..acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:..PROGRA~1..Grisoft..AVGFRE~1..avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:..PROGRA~1..Grisoft..AVGFRE~1..avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:..PROGRA~1..Grisoft..AVGFRE~1..avgemc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:..Program Files..TOSHIBA..ConfigFree..CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:..WINDOWS..System32..DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:..Program Files..Common Files..InstallShield..Driver..11..Intel 32..IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:..Program Files..iPod..bin..iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:..Program Files..Analog Devices..SoundMAX..SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:..toshiba..ivp..swupdate..swupdtmr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:..WINDOWS..wanmpsvc.exe
MOST RECENT LOG (normal mode):
Logfile of HijackThis v1.99.1
Scan saved at 11:49:12 AM, on 11/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:..WINDOWS..System32..smss.exe
C:..WINDOWS..system32..winlogon.exe
C:..WINDOWS..system32..services.exe
C:..WINDOWS..system32..lsass.exe
C:..WINDOWS..system32..svchost.exe
C:..WINDOWS..System32..svchost.exe
C:..WINDOWS..system32..spoolsv.exe
C:..WINDOWS..Explorer.EXE
C:..WINDOWS..System32..00THotkey.exe
C:..PROGRA~1..COMMON~1..AOL..ACS..acsd.exe
C:..WINDOWS..System32..igfxtray.exe
C:..WINDOWS..System32..hkcmd.exe
C:..Program Files..ltmoh..Ltmoh.exe
C:..PROGRA~1..Grisoft..AVGFRE~1..avgamsvr.exe
C:..WINDOWS..AGRSMMSG.exe
C:..Program Files..Apoint2K..Apoint.exe
C:..Program Files..TOSHIBA..TouchED..TouchED.Exe
C:..WINDOWS..system32..TFNF5.exe
C:..Program Files..TOSHIBA..PadTouch..PadExe.exe
C:..Program Files..TOSHIBA..TOSHIBA Controls..TFncKy.exe
C:..toshiba..ivp..ism..ivpsvmgr.exe
C:..Program Files..Common Files..Real..Update_OB..realsched.exe
C:..PROGRA~1..Grisoft..AVGFRE~1..avgupsvc.exe
C:..WINDOWS..System32..spool..DRIVERS..W32X86..3..E_FATI9FA.EXE
C:..WINDOWS..system32..TPSBattM.exe
C:..WINDOWS..kdx..KHost.exe
C:..PROGRA~1..Grisoft..AVGFRE~1..avgemc.exe
C:..Program Files..Common Files..AOL..1128375576..ee..AOLSoftware.exe
C:..Program Files..Apoint2K..Apntex.exe
C:..Program Files..iTunes..iTunesHelper.exe
C:..Program Files..Microsoft AntiSpyware..gcasDtServ.exe
C:..Program Files..QuickTime..qttask.exe
C:..Program Files..TOSHIBA..ConfigFree..CFSvcs.exe
C:..WINDOWS..System32..DVDRAMSV.exe
C:..Program Files..Analog Devices..SoundMAX..SMAgent.exe
C:..WINDOWS..System32..svchost.exe
c:..toshiba..ivp..swupdate..swupdtmr.exe
C:..WINDOWS..wanmpsvc.exe
C:..PROGRA~1..Grisoft..AVGFRE~1..avgcc.exe
C:..WINDOWS..system32..ctfmon.exe
C:..Program Files..TOSHIBA..TOSCDSPD..toscdspd.exe
C:..Program Files..Plaxo..2.5.6.21..PlaxoHelper.exe
C:..WINDOWS..system32..RAMASST.exe
C:..Program Files..iPod..bin..iPodService.exe
C:..WINDOWS..System32..svchost.exe
C:..Program Files..Internet Explorer..iexplore.exe
C:..Program Files..Internet Explorer..iexplore.exe
C:..Program Files..Common Files..Microsoft Shared..Source Engine..OSE.EXE
C:..WINDOWS..system32..NOTEPAD.EXE
C:..Program Files..HijackThis.exe
R0 - HKCU..Software..Microsoft..Internet Explorer..Main,Start Page =
http://www.myspace.com/ R0 - HKLM..Software..Microsoft..Internet Explorer..Main,Start Page =
http://www.myspace.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:..Program Files..Adobe..Acrobat 5.0..Reader..ActiveX..AcroIEHelper.ocx
O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:..WINDOWS..system32..awtqp.dll (file missing)
O4 - HKLM......Run: [00THotkey] C:..WINDOWS..System32..00THotkey.exe
O4 - HKLM......Run: [000StTHK] 000StTHK.exe
O4 - HKLM......Run: [IgfxTray] C:..WINDOWS..System32..igfxtray.exe
O4 - HKLM......Run: [HotKeysCmds] C:..WINDOWS..System32..hkcmd.exe
O4 - HKLM......Run: [LtMoh] C:..Program Files..ltmoh..Ltmoh.exe
O4 - HKLM......Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM......Run: [Apoint] C:..Program Files..Apoint2K..Apoint.exe
O4 - HKLM......Run: [TouchED] C:..Program Files..TOSHIBA..TouchED..TouchED.Exe
O4 - HKLM......Run: [TFNF5] TFNF5.exe
O4 - HKLM......Run: [PadTouch] "C:..Program Files..TOSHIBA..PadTouch..PadExe.exe
O4 - HKLM......Run: [TPSMain] TPSMain.exe
O4 - HKLM......Run: [TFncKy] TFncKy.exe
O4 - HKLM......Run: [Pinger] c:..toshiba..ivp..ism..pinger.exe /run
O4 - HKLM......Run: [IVPServiceMgr] C:..toshiba..ivp..ism..ivpsvmgr.exe
O4 - HKLM......Run: [TkBellExe] "C:..Program Files..Common Files..Real..Update_OB..realsched.exe" -osboot
O4 - HKLM......Run: [EPSON Stylus Photo R320 Series] C:..WINDOWS..System32..spool..DRIVERS..W32X86..3..E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB003" /M "Stylus Photo R320"
O4 - HKLM......Run: [kdx] C:..WINDOWS..kdx..KHost.exe
O4 - HKLM......Run: [Microsoft Works Portfolio] C:..Program Files..Microsoft Works..WksSb.exe /AllUsers
O4 - HKLM......Run: [gcasServ] "C:..Program Files..Microsoft AntiSpyware..gcasServ.exe"
O4 - HKLM......Run: [HostManager] C:..Program Files..Common Files..AOL..1128375576..ee..AOLSoftware.exe
O4 - HKLM......Run: [iTunesHelper] "C:..Program Files..iTunes..iTunesHelper.exe"
O4 - HKLM......Run: [QuickTime Task] "C:..Program Files..QuickTime..qttask.exe" -atboottime
O4 - HKLM......Run: [AVG7_CC] C:..PROGRA~1..Grisoft..AVGFRE~1..avgcc.exe /STARTUP
O4 - HKCU......Run: [ctfmon.exe] C:..WINDOWS..system32..ctfmon.exe
O4 - HKCU......Run: [TOSCDSPD] C:..Program Files..TOSHIBA..TOSCDSPD..toscdspd.exe
O4 - HKCU......Run: [PlaxoUpdate] C:..Program Files..Plaxo..2.5.6.21..PlaxoHelper.exe -a
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:..Program Files..Common Files..Adobe..Calibration..Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:..Program Files..Common Files..Adobe..Calibration..Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:..Program Files..America Online 9.0..aoltray.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:..Program Files..Microsoft Office..OFFICE11..ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:..Program Files..Microsoft Office..Office..OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:..WINDOWS..system32..RAMASST.exe
O8 - Extra context menu item: &AIM Search - res://C:..Program Files..AIM Toolbar..AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:..Program Files..Java..j2re1.4.2..bin..npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:..Program Files..Java..j2re1.4.2..bin..npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:..PROGRA~1..MICROS~2..OFFICE11..REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:..Program Files..AIM..aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:..WINDOWS..System32..Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:..Program Files..Messenger..msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:..Program Files..Messenger..msmsgs.exe
O12 - Plugin for .spop: C:..Program Files..Internet Explorer..Plugins..NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204 O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} -
http://www.mtv.com/o...e/bin/setup.exe O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
http://www.xblock.co...clean_micro.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) -
http://cdn.digitalci....1.11_en_dl.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) -
http://moviefone.kon...ry/main/kdx.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
http://pdl.stream.ao.../ampx_en_dl.cab O20 - Winlogon Notify: awtqp - C:..WINDOWS..system32..awtqp.dll (file missing)
O20 - Winlogon Notify: iexplore - C:..WINDOWS..SYSTEM32..3m3fs.dll
O20 - Winlogon Notify: igfxcui - C:..WINDOWS..SYSTEM32..igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:..PROGRA~1..COMMON~1..AOL..ACS..acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:..PROGRA~1..Grisoft..AVGFRE~1..avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:..PROGRA~1..Grisoft..AVGFRE~1..avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:..PROGRA~1..Grisoft..AVGFRE~1..avgemc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:..Program Files..TOSHIBA..ConfigFree..CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:..WINDOWS..System32..DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:..Program Files..Common Files..InstallShield..Driver..11..Intel 32..IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:..Program Files..iPod..bin..iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:..Program Files..Analog Devices..SoundMAX..SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:..toshiba..ivp..swupdate..swupdtmr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:..WINDOWS..wanmpsvc.exe
are these not what you requested?
as far as the activescan results, i don't know how to retrieve them. it did show that i have 6 cases of malware in my local disks. and i am definitely still getting the popups