Hijack this log

[SHNAPPS]

Here is the log, I got with Hijack this v2, thank you for your help in advance.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:34:02 AM, on 5/1/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\System32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
E:\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Toshiba America, Inc.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Toshiba America, Inc.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Toshiba America, Inc.
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Toshiba America, Inc.
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\System32\srwektey.dll (file missing)
O2 - BHO: (no name) - {302D2E19-CB90-45ED-9639-7FE049B1FF45} - C:\WINDOWS\System32\jkkjk.dll
O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\System32\nnnonop.dll
O2 - BHO: (no name) - {615996D4-98BB-4588-940D-7B1060CB45Bd} - C:\WINDOWS\System32\tgovcwib.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\System32\rcvprjqj.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ttool] C:\WINDOWS\9129837.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ttool] C:\WINDOWS\9129837.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.com/books/_Players/EconPlayer.cab
O20 - Winlogon Notify: jkkjk - C:\WINDOWS\System32\jkkjk.dll
O20 - Winlogon Notify: nnnonop - C:\WINDOWS\SYSTEM32\nnnonop.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbscoms.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe

--
End of file - 9039 bytes

 

[Osiris]

remove these entries

O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\System32\srwektey.dll (file missing)

O2 - BHO: (no name) - {302D2E19-CB90-45ED-9639-7FE049B1FF45} - C:\WINDOWS\System32\jkkjk.dll

O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\System32\nnnonop.dll

O2 - BHO: (no name) - {615996D4-98BB-4588-940D-7B1060CB45Bd} - C:\WINDOWS\System32\tgovcwib.dll (file missing)

O4 - HKUS\S-1-5-18\..\Run: [ttool] C:\WINDOWS\9129837.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ttool] C:\WINDOWS\9129837.exe (User 'Default user')

You may or may not loose your internet connection when fixing the entries below. If you do loose it, uninstall/reinstall your network card. If these entries re-appear, reboot into safemode and remove them

O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll

O20 - Winlogon Notify: jkkjk - C:\WINDOWS\System32\jkkjk.dll

O20 - Winlogon Notify: nnnonop - C:\WINDOWS\SYSTEM32\nnnonop.dll

O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll

 

[SHNAPPS]

Hijack this in safe mode wont let me delete the LSp errors, and it cant seem to get away the BHO errors and the winlogin errors as well. so basically i cant remove these


O2 - BHO: (no name) - {302D2E19-CB90-45ED-9639-7FE049B1FF45} - C:\WINDOWS\System32\jkkjk.dll

O2 - BHO: (no name) - {3F9D0C61-737D-44D1-BD80-91AF857061CC} - C:\WINDOWS\System32\nnnonop.dll


O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\lhb.dll

O20 - Winlogon Notify: jkkjk - C:\WINDOWS\System32\jkkjk.dll

O20 - Winlogon Notify: nnnonop - C:\WINDOWS\SYSTEM32\nnnonop.dll

O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
__________________

 

[ECTech]

this machine is really infected, your best option is to just reinstall windows.

alternatively, you can scan your system with this - Antivirus, anti-spyware, anti-spam, firewall. Protect yourself with Panda

you'll need something to repair the winsock LSP's - use this one, XP TCP/IP Repair 1.0 Freeware download page - tested and reviewed software downloads from SnapFiles

 

[ECTech]

after panda has finished post the log along with a new hijackthis log

 

[Osiris]

how is this coming along?