wareout infection on Vista

I have a wareout infection on Vista. Fixwareout.exe will not run on Vista.  HijackThis and Malwarebytes' Anti-Malware will not run.

Help!
LVL 39
thenelsonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tapan PattanaikSenior EngineerCommented:
hi thenelson,

         Down load Kaspersky Internet Security 2009 trial version and install it and scan your system. It will solve your problem. You can download from the below link.

http://www.kaspersky.com/trials

Thanks
0
thenelsonAuthor Commented:
Thanks for the suggestion. I downloaded Kaspersky Internet Security 2009 trial version, uninstalled AVG Antivirus security and tried to install Kaspersky but it thinks AVG is still installed and will not install.

I found the overly complicated workaround on their FAQ (pasted below) but ran into these problems with it:

download from the link http://www.kaspersky.com/productupdates - Could not download it timed out.



In order to start Kaspersky Anti-Virus 2009\Kaspersky Internet Security 2009 and skip scan for incompatible software, do the following:

    * download the distributive of the latest version of Kaspersky Anti-Virus 2009\ Kaspersky Internet Security 2009 from the link http://www.kaspersky.com/productupdates and save it on your PC.
    * run the product installation
    *  in the Setup Wizard window click Cancel

 make sure the following folder appeared on the local disc: \ProgramData\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English with the embedded files setup.exe and kis.en.msi - not there

enter [full path to setup.exe file] /pSKIPPRODUCTCHECK=1 - failed

any ideas?

    * make sure the following folder appeared on the local disc:
          o for Windows XP on the local disk C:\:
                + if you are installing Kaspersky Anti-Virus 2009 the folder \Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\English with the embedded files setup.exe and kav.en.msi
                + if you are installing Kaspersky Internet Security 2009 the folder \Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English with the embedded files setup.exe and kis.en.msi
          o for Windows Vista on the local disk C:\:
                + if you are installing Kaspersky Anti-Virus 2009 the folder \ProgramData\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\English with the embedded files setup.exe and kav.en.msi
                + if you are installing Kaspersky Internet Security 2009 the folder \ProgramData\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English with the embedded files setup.exe and kis.en.msi

Information By default these folders are hidden and cannot be viewed. In order to view these folders, go to My Computer > in the Tools menu select Folder options. Go to the View and in the list enable the option Show hidden files and folders.

             

    * Copy the files setup.exe and kav.en.msi/kis.en.msi (depending on the installed product) into the C:\ root directory
    * Click Start > Run

         

    * enter CMD and click OK

         

    * enter [full path to setup.exe file] /pSKIPPRODUCTCHECK=1.
0
nobusCommented:
download this live cd :  http://www.f-secure.com/linux-weblog/2008/11/25/rescuecd-301-released/
when you boot from it, it will first update the virus databse, then scan.
another option, is to connect your drive to a working PC, and scan it from there
0
Do You Have a Trusted Wireless Environment?

A Trusted Wireless Environment is a framework for building a complete Wi-Fi network that is fast, easy to manage, and secure.

thenelsonAuthor Commented:
Got things screwed up on the last post .Corrected:



Thanks for the suggestion. I downloaded Kaspersky Internet Security 2009 trial version, uninstalled AVG Antivirus security and tried to install Kaspersky but it thinks AVG is still installed and will not install.

I found the overly complicated workaround on their FAQ (pasted below) but ran into these problems with it:

download from the link http://www.kaspersky.com/productupdates - Could not download - it timed out.

enter [full path to setup.exe file] /pSKIPPRODUCTCHECK=1 - failed





In order to start Kaspersky Anti-Virus 2009\Kaspersky Internet Security 2009 and skip scan for incompatible software, do the following:

    * download the distributive of the latest version of Kaspersky Anti-Virus 2009\ Kaspersky Internet Security 2009 from the link http://www.kaspersky.com/productupdates and save it on your PC.
    * run the product installation
    *  in the Setup Wizard window click Cancel

 

    * make sure the following folder appeared on the local disc:
          o for Windows XP on the local disk C:\:
                + if you are installing Kaspersky Anti-Virus 2009 the folder \Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\English with the embedded files setup.exe and kav.en.msi
                + if you are installing Kaspersky Internet Security 2009 the folder \Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English with the embedded files setup.exe and kis.en.msi
          o for Windows Vista on the local disk C:\:
                + if you are installing Kaspersky Anti-Virus 2009 the folder \ProgramData\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\English with the embedded files setup.exe and kav.en.msi
                + if you are installing Kaspersky Internet Security 2009 the folder \ProgramData\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\English with the embedded files setup.exe and kis.en.msi

Information By default these folders are hidden and cannot be viewed. In order to view these folders, go to My Computer > in the Tools menu select Folder options. Go to the View and in the list enable the option Show hidden files and folders.

             

    * Copy the files setup.exe and kav.en.msi/kis.en.msi (depending on the installed product) into the C:\ root directory
    * Click Start > Run

         

    * enter CMD and click OK

         

    * enter [full path to setup.exe file] /pSKIPPRODUCTCHECK=1.
0
thenelsonAuthor Commented:
>download this live cd :  http://www.f-secure.com/linux-weblog/2008/11/25/rescuecd-301-released/
when you boot from it, it will first update the virus databse, then scan.
another option, is to connect your drive to a working PC, and scan it from there<

Are you sure? That link goes to Linux This computer is running Vista.
0
Tapan PattanaikSenior EngineerCommented:
thenelson,

                Uninstall your AVG completely from your system and install Kaspersky Internet Security. Then scan your system
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nobusCommented:
>>   That link goes to Linux This computer is running Vista.    <<    THAT   DOES    NOT   MATTTER    AT ALL.
it does not ttouch or change your system, it only scans it
0
warturtleCommented:
Running ComboFix might help with this. Download it from: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Disable your existing antivirus protection and run it. After ComboFix is done, re-enable your existing antivirus protection and send us the log. Then scan with MalwareBytes or SuperAntiSpyware again, this time they should work.

0
rpggamergirlCommented:
Wareout in vista is easily removed by merely fixing the bad 017 entries showing in the Hijackthis log.

Download Hijackthis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
Open Hijackthis, click "Do a system scan and save a logfile"
Post the log just in case this one has a 023 line (service) "Windows Tribute Service"


Combofix also removes it.
0
thenelsonAuthor Commented:
Got Kaspersky Internet Security installed (had to manually remove AVG references in Registry). Kaspersky Internet Security will not run. I am downloading  f-secure that nobus suggested now.
0
Tapan PattanaikSenior EngineerCommented:
Kaspersky Internet Security will not run !!!!!!!! .  can you tell me what the exact error message show to you ?
0
rpggamergirlCommented:
<<<"HijackThis and Malwarebytes' Anti-Malware will not run. ">>
When the tools won't run it's usually becuse some nastes are blocking them from running.
You then need to redownload the tools and rename them before savng to your desktop.
0
thenelsonAuthor Commented:
>Wareout in vista is easily removed by merely fixing the bad 017 entries showing in the Hijackthis log.<

Hijackthis will not run. I get this popup:

Clipboard01.gif
0
nobusCommented:
that is why i suggested the live CD; try it. it's free
0
thenelsonAuthor Commented:
OK, I renamed HijackThis, ran it and deleted all the 017 entries. Here is the log file (before deleting to 017 entries):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:50 AM, on 5/21/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HEXelon MAX 6\hexelon.exe
C:\Program Files\Lexmark X5400 Series\lxdvmon.exe
C:\Program Files\Lexmark X5400 Series\lxdvamon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ClipMate7\ClipMate.exe
C:\Program Files\Evernote\ritePen\RitePen.exe
C:\Program Files\TweakVI\TweakVI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\FireTrust\Benign\B9.exe
D:\Utilities\BatteryAlarm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Fujitsu\Utils\FjMenu.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Fujitsu\Utils\FjIrKbAp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\temp\467774286.tmp
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\VCOM\PowerDesk\PDExplo.exe
D:\My Documents\Downloads\Temp download\ht.exe
D:\My Documents\Downloads\Temp download\ht.exe
C:\Users\Nelson\Desktop\ht.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.computers.us.fujitsu.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.computers.us.fujitsu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.computers.us.fujitsu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.98.9.2 mail.thenelson.name.b9
O1 - Hosts: 127.98.9.1 mail.nosuffering.com.b9
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [FjStrtAp] C:\Program Files\Fujitsu\Utils\FjStrtAp.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [HEXelon MAX] "C:\PROGRA~1\HEXELO~1\hexelon.exe" /auto
O4 - HKLM\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Run: [lxdvmon.exe] "C:\Program Files\Lexmark X5400 Series\lxdvmon.exe"
O4 - HKLM\..\Run: [lxdvamon] "C:\Program Files\Lexmark X5400 Series\lxdvamon.exe"
O4 - HKLM\..\Run: [Lexmark X5400 Series Fax Server] "C:\Program Files\Lexmark X5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [FileAnt] C:\Program Files\FileAnt\FileAnt.exe
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ClipMate7] C:\Program Files\ClipMate7\ClipMate.exe
O4 - HKCU\..\Run: [ritePen] C:\Program Files\Evernote\ritePen\RitePen.exe
O4 - HKCU\..\Run: [TweakVI] "C:\Program Files\TweakVI\tweakvi.exe" -autostart
O4 - HKCU\..\Run: [b9] "C:\Program Files\FireTrust\Benign\B9.exe" /minimize
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Startup: BatteryAlarm.lnk = D:\Utilities\BatteryAlarm.exe
O4 - Startup: Bluetooth Manager.lnk = ?
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BatteryAlarm.lnk = D:\Utilities\BatteryAlarm.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Microsoft Office Outlook 2003.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91DC544B-7BC9-40E2-9AC6-30BF7393DAB0}: NameServer = 85.255.112.216,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{A916C23D-A1C6-4E35-8D36-0A667ADC8028}: NameServer = 85.255.112.216,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3FD05FE-0BB3-4EEF-A30C-C100C2501B82}: NameServer = 85.255.112.216,85.255.112.135
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.216,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.216,85.255.112.135
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: lxdvCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdvserv.exe
O23 - Service: lxdv_device -   - C:\Windows\system32\lxdvcoms.exe
O23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International - C:\Windows\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe

--
End of file - 12519 bytes
0
thenelsonAuthor Commented:
Still downloading  f-secure.

>Kaspersky Internet Security will not run !!!!!!!! .  can you tell me what the exact error message show to you ?<

No error message - clicking on it does nothing. Will try again now that I deleted the 017 entries after rebooting.
0
thenelsonAuthor Commented:
>Kaspersky Internet Security will not run !!!!!!!! .  can you tell me what the exact error message show to you ?<

Now that I rebooted after deleting the 017 entries, I get a popup stating "Kaspersky Anti Virus has stopped working".
0
warturtleCommented:
Strange entry in HijackThis log:

C:\Windows\temp\467774286.tmp

You might have a rootkit operating in the background. You can try ComboFix as suggested earlier, it might help.
0
thenelsonAuthor Commented:
Ran Malwarebytes' Anti-Malware.  C:\Windows\temp\467774286.tmp is gone. Kaspersky Internet Security is now scanning. I am still downloading  f-secure. Look like I am heading in the right direction now.

Here is the latest HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:50 AM, on 5/21/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HEXelon MAX 6\hexelon.exe
C:\Program Files\Lexmark X5400 Series\lxdvmon.exe
C:\Program Files\Lexmark X5400 Series\lxdvamon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ClipMate7\ClipMate.exe
C:\Program Files\Evernote\ritePen\RitePen.exe
C:\Program Files\TweakVI\TweakVI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\FireTrust\Benign\B9.exe
D:\Utilities\BatteryAlarm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Fujitsu\Utils\FjMenu.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Fujitsu\Utils\FjIrKbAp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\temp\467774286.tmp
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\VCOM\PowerDesk\PDExplo.exe
D:\My Documents\Downloads\Temp download\ht.exe
D:\My Documents\Downloads\Temp download\ht.exe
C:\Users\Nelson\Desktop\ht.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.computers.us.fujitsu.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.computers.us.fujitsu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.computers.us.fujitsu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.98.9.2 mail.thenelson.name.b9
O1 - Hosts: 127.98.9.1 mail.nosuffering.com.b9
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [FjStrtAp] C:\Program Files\Fujitsu\Utils\FjStrtAp.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [HEXelon MAX] "C:\PROGRA~1\HEXELO~1\hexelon.exe" /auto
O4 - HKLM\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Run: [lxdvmon.exe] "C:\Program Files\Lexmark X5400 Series\lxdvmon.exe"
O4 - HKLM\..\Run: [lxdvamon] "C:\Program Files\Lexmark X5400 Series\lxdvamon.exe"
O4 - HKLM\..\Run: [Lexmark X5400 Series Fax Server] "C:\Program Files\Lexmark X5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [FileAnt] C:\Program Files\FileAnt\FileAnt.exe
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ClipMate7] C:\Program Files\ClipMate7\ClipMate.exe
O4 - HKCU\..\Run: [ritePen] C:\Program Files\Evernote\ritePen\RitePen.exe
O4 - HKCU\..\Run: [TweakVI] "C:\Program Files\TweakVI\tweakvi.exe" -autostart
O4 - HKCU\..\Run: [b9] "C:\Program Files\FireTrust\Benign\B9.exe" /minimize
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Startup: BatteryAlarm.lnk = D:\Utilities\BatteryAlarm.exe
O4 - Startup: Bluetooth Manager.lnk = ?
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BatteryAlarm.lnk = D:\Utilities\BatteryAlarm.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Microsoft Office Outlook 2003.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{91DC544B-7BC9-40E2-9AC6-30BF7393DAB0}: NameServer = 85.255.112.216,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{A916C23D-A1C6-4E35-8D36-0A667ADC8028}: NameServer = 85.255.112.216,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3FD05FE-0BB3-4EEF-A30C-C100C2501B82}: NameServer = 85.255.112.216,85.255.112.135
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.216,85.255.112.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.216,85.255.112.135
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: lxdvCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdvserv.exe
O23 - Service: lxdv_device -   - C:\Windows\system32\lxdvcoms.exe
O23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International - C:\Windows\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe

--
End of file - 12519 bytes
0
rpggamergirlCommented:
Those 017 entries are still there.
You have Tea timer, can you disable it before fixing entries in Hijackthis... registry monitoring programs tend to interfere with hijackthis.
Because of that running process in the temp folder, very likely that some nasties are lurking there.... a lot of nasties can hide from the Hijackthis scan.... so scanning with other tools like combofix etc is a good idea.
0
thenelsonAuthor Commented:
They're not there now. Here is the HijackThis by after HijackThis, Malwarebytes and Kaspersky Internet Security:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:40:16 PM, on 5/21/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\TabUserW.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HEXelon MAX 6\hexelon.exe
C:\Program Files\Lexmark X5400 Series\lxdvmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lexmark X5400 Series\lxdvamon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ClipMate7\ClipMate.exe
C:\Program Files\Evernote\ritePen\RitePen.exe
C:\Program Files\TweakVI\TweakVI.exe
C:\Program Files\FireTrust\Benign\B9.exe
D:\Utilities\BatteryAlarm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Fujitsu\Utils\FjMenu.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Fujitsu\Utils\FjIrKbAp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\VCOM\PowerDesk\PDExplo.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Users\Nelson\Desktop\ht.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.computers.us.fujitsu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.98.9.2 mail.thenelson.name.b9
O1 - Hosts: 127.98.9.1 mail.nosuffering.com.b9
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [FjStrtAp] C:\Program Files\Fujitsu\Utils\FjStrtAp.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HEXelon MAX] "C:\PROGRA~1\HEXELO~1\hexelon.exe" /auto
O4 - HKLM\..\Run: [lxdvmon.exe] "C:\Program Files\Lexmark X5400 Series\lxdvmon.exe"
O4 - HKLM\..\Run: [lxdvamon] "C:\Program Files\Lexmark X5400 Series\lxdvamon.exe"
O4 - HKLM\..\Run: [Lexmark X5400 Series Fax Server] "C:\Program Files\Lexmark X5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ClipMate7] C:\Program Files\ClipMate7\ClipMate.exe
O4 - HKCU\..\Run: [ritePen] C:\Program Files\Evernote\ritePen\RitePen.exe
O4 - HKCU\..\Run: [TweakVI] "C:\Program Files\TweakVI\tweakvi.exe" -autostart
O4 - HKCU\..\Run: [b9] "C:\Program Files\FireTrust\Benign\B9.exe" /minimize
O4 - Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Startup: BatteryAlarm.lnk = D:\Utilities\BatteryAlarm.exe
O4 - Startup: Bluetooth Manager.lnk = ?
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Startup: Microsoft Office Outlook 2003.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BatteryAlarm.lnk = D:\Utilities\BatteryAlarm.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Global Startup: Microsoft Office Outlook 2003.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_07\bin\npjpi141_07.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks Enterprise Solutions 9.0\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: lxdvCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdvserv.exe
O23 - Service: lxdv_device -   - C:\Windows\system32\lxdvcoms.exe
O23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International - C:\Windows\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe

--
End of file - 11012 bytes
0
rpggamergirlCommented:
The Hijackthis log looks good, how's the Kaspersky scan, did it find any threats?
0
thenelsonAuthor Commented:
Yes it did. According to its report, it found & blocked 15 adware and malware.  A full scan took only 49 minutes.  Avg took > 6 hours for a scan and found nothing.  I'm impressed.   I'm going to try the trial for a few weeks then probably buy it.

Thanks to everyone for your help.


Nelson
0
rpggamergirlCommented:
Kaspersky is great.... in detection and removal it's better than the others.

Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.