Malware.Trace from HKEY_Local_Machine\Software\Microsoft\WindowsNT\CurrentVersion\Network\UID

[gwennypoo]

Good Afternoon.

I have spent a good 4-5 hours researching different forums and information contained within to try and remove malicious software that was installed on my computer. After running numerous software programs to remove the files, the Malwarebytes Anti-Malware software has worked the best. Although the .exe has removed 99.99% of the infected files, I cannot get rid of the Malware.Trace file located in the following registry: HKEY_Local_Machine\Software\Microsoft\WindowsNT\CurrentVersion\Network\UID. I have also downloaded and installed the "HyjackThis" software and cannot recognize that it found anything. Anyhelp would be appreciated.

[JeanInMontana]

Hello gwennypoo and welcome to Malwarebytes. Please follow the instructions here http://www.malwarebytes.org/forums/index.php?showtopic=2936

[gwennypoo]

Good Afternoon.

I have spent a good 4-5 hours researching different forums and information contained within to try and remove malicious software that was installed on my computer. After running numerous software programs to remove the files, the Malwarebytes Anti-Malware software has worked the best. Although the .exe has removed 99.99% of the infected files, I cannot get rid of the Malware.Trace file located in the following registry: HKEY_Local_Machine\Software\Microsoft\WindowsNT\CurrentVersion\Network\UID. I have also downloaded and installed the "HyjackThis" software and cannot recognize that it found anything. Anyhelp would be appreciated.

Okay, here is the situation....I downloaded and ran the Spybot software as recommended. It found quite a few items which I removed but had to scan again as some of the "files" it found could not be removed until I rebooted. So I ran it again as requested. Then I followed the instructions of updating and running the MBAM software and all of a sudden after only recongnizing 1 file after running the software numerous times through out the day while waiting for a post to my original inquiry, the software found 21 additional files? How in the world could that be? Where did all those files come from? This is VERY frustrating. Below please find the first log (INFORMATIONAL PUPOSE ONLY: a log created earlier prior to running SPYBOT as you will see it found only 1 infected file that I tried all day to remove).....Anyways, Following the information in the 1st log, I ran the MBAM software again as it too stated some files would not be removed until I reboot. So the secong log contains those results....NO INFECTIONS FOUND....The third log contains information from PANDA SECURITY and the 4th Log contains information from HIJACKTHIS....Please advise what I should do next. Panda Security FOUND INFECTIONS....what the heck?

Malwarebytes' Anti-Malware 1.25

Database version: 1062

Windows 5.1.2600 Service Pack 2

2:25:19 PM 8/25/2008

mbam-log-08-25-2008 (14-25-19).txt

Scan type: Quick Scan

Objects scanned: 47339

Time elapsed: 4 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Malwarebytes' Anti-Malware 1.25

Database version: 1087

Windows 5.1.2600 Service Pack 2

9:02:34 PM 8/25/2008

mbam-log-08-25-2008 (21-02-34).txt

Scan type: Quick Scan

Objects scanned: 48209

Time elapsed: 6 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 3

Folders Infected: 1

Files Infected: 16

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\oembios.exe -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\oembios.exe -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\oembios.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:

C:\WINDOWS\system32\sysproc64 (Trojan.Agent) -> Delete on reboot.

Files Infected:

C:\WINDOWS\system32\sysproc64\000A7118.uf (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sysproc64\000A71A5.uf (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sysproc64\000A71E3.uf (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sysproc64\000A7231.uf (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sysproc64\000A75CB.uf (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sysproc64\000A7619.uf (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sysproc64\000A87DC.uf (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sysproc64\000A884A.uf (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sysproc64\000ABB12.uf (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sysproc64\000ABBBD.uf (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sysproc64\000ABC0C.uf (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sysproc64\000ABCB7.uf (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sysproc64\sysproc32.sys (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\sysproc64\sysproc32.sys.cla (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\sysproc64\sysproc86.sys (Trojan.Agent) -> Delete on reboot.

C:\WINDOWS\system32\oembios.exe (Trojan.Agent) -> Delete on reboot.

Malwarebytes' Anti-Malware 1.25

Database version: 1087

Windows 5.1.2600 Service Pack 2

9:22:16 PM 8/25/2008

mbam-log-08-25-2008 (21-22-16).txt

Scan type: Quick Scan

Objects scanned: 47829

Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-08-25 22:58:36

PROTECTIONS: 0

MALWARE: 45

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@trafficmp[2].txt

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@casalemedia[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@doubleclick[4].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@doubleclick[2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@doubleclick[5].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@doubleclick[3].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@atdmt[4].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@atdmt[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@atdmt[3].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@atdmt[5].txt

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@tradedoubler[1].txt

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@tradedoubler[3].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@247realmedia[1].txt

00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@bfast[1].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@fastclick[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@tribalfusion[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@mediaplex[2].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@mediaplex[1].txt

00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@clickbank[1].txt

00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@revenue[2].txt

00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@findwhat[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@com[3].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@com[4].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@com[2].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@com[1].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@xiti[1].txt

00167730 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@ehg.hitbox[2].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@azjmp[3].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@azjmp[1].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@azjmp[4].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@statcounter[2].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@statcounter[1].txt

00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@counter.hitslink[1].txt

00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@perf.overture[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@ad.yieldmanager[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@ad.yieldmanager[3].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@apmebf[2].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@apmebf[1].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@apmebf[3].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@serving-sys[5].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@serving-sys[3].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@serving-sys[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@serving-sys[4].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@www.burstbeacon[1].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@server.iad.liveperson[2].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@server.iad.liveperson[3].txt

00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@stat.onestat[2].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@advertising[2].txt

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@media.adrevolver[3].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@statse.webtrendslive[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@ads.pointroll[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@ads.pointroll[3].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@ads.pointroll[5].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@ads.pointroll[4].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@ads.pointroll[2].txt

00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@hc2.humanclick[2].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@overture[1].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@overture[4].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@overture[2].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@overture[3].txt

00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@www5.addfreestats[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@questionmarket[2].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@questionmarket[4].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@questionmarket[3].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@questionmarket[1].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@zedo[1].txt

00173992 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@c5.zedo[1].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@adrevolver[2].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@adrevolver[1].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@go[2].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@atwola[1].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@atwola[2].txt

00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@ehg-dig.hitbox[1].txt

00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@ehg-dig.hitbox[3].txt

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@ads.addynamix[2].txt

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@ads.addynamix[1].txt

00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@citi.bridgetrack[4].txt

00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@citi.bridgetrack[2].txt

00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@citi.bridgetrack[1].txt

00519333 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\My Documents\Malware Removal\VirtumundoBeGone.exe

00527204 Application/PRScheduler HackTools No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe

01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Gwwendolyn Thompson\Cookies\gwwendolyn_thompson@adserver.easyad[2].txt

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location q

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description q

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:01:34 PM, on 8/25/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\toshiba\ivp\ism\pinger.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Verizon\VSP\VerizonServicepoint.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe

E:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN

O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [smileboxTray] "C:\Documents and Settings\Gwwendolyn Thompson\Application Data\Smilebox\SmileboxTray.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\WIINDO~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {6604D1ED-8FFC-4909-A247-C2664A867B29} (HttpVoicePlay Class) - http://www.callertunes.com/greeting/CBRT.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198683781843

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 12666 bytes

[JeanInMontana]

Uninstall HJT and install it on C/ update MBAM run a quick scan post that log and a new HJT scan from the correct drive please.

[gwennypoo]

I believe I am free and clear! But I will go ahead and do as you request. Please confirm the removal! Thanks abunch. Your forum has been a wonderful self-help tool!

Malwarebytes' Anti-Malware 1.25

Database version: 1087

Windows 5.1.2600 Service Pack 2

9:02:54 PM 8/27/2008

mbam-log-08-27-2008 (21-02-53).txt

Scan type: Quick Scan

Objects scanned: 48677

Time elapsed: 21 minute(s), 5 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:04:28 PM, on 8/27/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\DVDRAMSV.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\WINDOWS\system32\svchost.exe

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

C:\WINDOWS\system32\ZoomingHook.exe

C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

C:\Program Files\Toshiba\Tvs\TvsTray.exe

C:\WINDOWS\system32\TCtrlIOHook.exe

C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Verizon\VSP\VerizonServicepoint.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\system32\RAMASST.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\toshiba\ivp\ism\ivpsvmgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN

O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"

O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"

O4 - HKLM\..\RunOnce: [indexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\RunOnce: [indexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"

O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\WIINDO~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_settings...vzTCPConfig.CAB

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {6604D1ED-8FFC-4909-A247-C2664A867B29} (HttpVoicePlay Class) - http://www.callertunes.com/greeting/CBRT.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198683781843

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe

O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe

O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe

O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 14108 bytes

Edited August 28, 2008 by JeanInMontana
remove old logs in quoted text.

[JeanInMontana]

Go to Add/Remove programs and uninstall Viewpoint.

Then run HJT again in scan only and remove the following lines if they still exist.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Your running an outdated and unsafe version of Adobe Acrobat Reader latest version. Or get the alternative faster lighter on resources Foxit PDF Reader and Editor Look at the Downloads tab here or Downloads if you don't want to see the features etc.

You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here http://java.sun.com/javase/downloads/index.jsp and install the correct version for your system. Choose the offline installation.

Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK.

Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it.

Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.

A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient.

Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.

Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.

SpywareBlaster from Javacool Software

WinPatrol by BillPStudios

SiteHound by FireTrust

RogueRemover

hpHosts

The windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free

Also the full protection of MBAM is offered at a very low price.

[JeanInMontana]

Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you.