Posts by woltyUSMC

After looking through this site at some of the help that was given to others with my same problem I downloaded MS Antispyware Beta, SPybot S & D, Ewido, and Spy Sweeper. I rebooted in safe mode and ran the all of the program above except the MS Antispyware. Ewido found that it was in system32 remon.sys. I had ewido remove it and the other scans couldn't find anymore problems. After restating normally I ran a few more scans and have not found the problem anymore. I am not sure if it is fixed, but I ran hijackThis again and here is the log. Is it gone? Any help would be greatly appreciated, I know there are a lot of threads and problems that get posted here and I know that the volunteers that help on this site are constantly fixing things for others. You guys are great from what I have read, thanks for all that you do.

Logfile of HijackThis v1.99.1
Scan saved at 12:03:29 PM, on 1/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

this is my first time ever posting and to get to this point has taken me a long time. to make the lond story short after perfoming a system recovery and finding that the hacktool.rootkit still dwelled in my machine i got pretty mad. looking at some google search results i stumbled onto this site. here is the hjt log. any help would be much appreciated, thanks.

wolty

Logfile of HijackThis v1.99.1
Scan saved at 10:45:46 PM, on 1/7/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\CplBTQ00.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\nvidGUIv.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
C:\WINDOWS\REGEDIT.EXE
C:\Program Files\Spyware Cleaner\SpywareCleaner.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Sean Wolterman\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - …