PDA

View Full Version : Struggling with PurityScan, SaveNow and more...



iggalileo
2007-08-11, 01:21
Greetings -

I'm struggling with
PurityScan
Starware Toolbar
WhenU.SaveNow and others...

I've run S&D from safe-mode and still need some assistance. Below is my HijackThis output.

One of my other concerns is the Norton comes up disabled on every reboot and I'm unable to run Live Update to get latest definitions. I'm hoping fixing some of my AdWare issues will allow me to make progress on that front as well.

Thanks for all the assistance -
John





Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:45:01 PM, on 8/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Boingo\Boingo.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\ORiNOCO\Client Manager\CMLUC.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\localuser\Desktop\jbigane\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sun.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcD3RW7BXlKjvfldueAU4958kaDOtRSgTBq4+rVR+ie/SYnU9hNCRkJ+hMBGVKzTeut3oNKv44+j2lI9Gyxrii6xOYHAIaSXeu5jUrBULWEaKoPKlHMk6TOFO5g79rSATQru6gOiN+n0OUn0EnX5I7cmuI01dQU5nkZcTqq1QHXfJSKHhU5Gc4M8165Rc1160mUJy0hiBVeU5EaBOM20AD4Ej8g24ygwk/vheMzvtGbmnvCK2DrDjF60fF1W9URh/jkoQPCfWcBjE8pPBCLWwuzoKr7E6QPb5HInDiAip2BOb4=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = webcache.central.sun.com:8080
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {16384986-D83A-89EF-1A64-828DBF2082EF} - C:\WINDOWS\system32\snawnco.dll (file missing)
O2 - BHO: (no name) - {39DEFAE0-395A-3A89-2907-34B60C4DF3EF} - C:\WINDOWS\system32\tfbtu.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\Toshiba\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [Uuse] "C:\WINDOWS\DOBE~1\winword.exe" -vt ndrv
O4 - HKCU\..\Run: [Wbuxpqc] "C:\Program Files\Common Files\?ymbols\w?nspool.exe"
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Boingo.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: ORiNOCO Client Manager.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: TeleDesk.lnk = ?
O4 - Global Startup: XPNeuter.lnk = C:\WINDOWS\system32\wscript.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 15633 bytes

Blade81
2007-08-11, 21:06
Hi

1. Download this file -
combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log & a fresh hjt log in your
next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause
it to stall

iggalileo
2007-08-13, 16:38
Part 1 of the Combofix output...

ComboFix 07-08-09.3 - "localuser" 2007-08-12 10:30:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.132 [GMT -5:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\FindIt.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\FindItHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\findithotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\finditxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\Highlight.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\HighlightHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\highlighthotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\highlightxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\Reference.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\ReferenceHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\referencehotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\referencexp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\screensaver.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\starware_toolbar_icon.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\Weather.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\weatherhotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\buttons\weatherxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\contexts\error.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\contexts\Related.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\contexts\Travel.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\images\walertXP.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\SimpleUpdate\ProductMessagingConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\FindIt.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\FindItHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\findithotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\finditxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\Highlight.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\HighlightHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\highlighthotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\highlightxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\Reference.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\ReferenceHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\referencehotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\referencexp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\screensaver.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\starware_toolbar_icon.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\Weather.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\weatherhotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\buttons\weatherxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\contexts\error.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\contexts\Related.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\contexts\Travel.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\images\walertXP.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\SimpleUpdate\ProductMessagingConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\Configurator\Configurator.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\Configurator\Configurator.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\Layouts\ToolbarLayout.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\Layouts\ToolbarLayout.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\Manager\ManagerOptions.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\Reference\ReferenceOptions.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\Reference\ReferenceOptions.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\Toolbar\TBProductsOptions.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\TravelSearch\TravelSearchOptions.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\Weather\WeatherOptions.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1.\Starware316\Weather\WeatherOptions.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\Configurator\Configurator.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\Configurator\Configurator.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\ErrorSearch\ErrorSearchOptions.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\Layouts\ToolbarLayout.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\Layouts\ToolbarLayout.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\Manager\ManagerOptions.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\Reference\ReferenceOptions.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\Reference\ReferenceOptions.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\RelatedSearch\RelatedSearchOptions.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\Toolbar\TBProductsOptions.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\ToolbarLogo\ToolbarLogoOptions.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\TravelSearch\TravelSearchOptions.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\Weather\WeatherOptions.xml
C:\DOCUME~1\LOCALU~1\APPLIC~1\Starware316\Weather\WeatherOptions.xml.backup
C:\DOCUME~1\LOCALU~1\MYDOCU~1.\stem~1
C:\DOCUME~1\LOCALU~1\STARTM~1\Programs.\Outerinfo
C:\Program Files\Common Files\icroso~1
C:\Program Files\Common Files\Yazzle1275OinAdmin.exe
C:\Program Files\Common Files\Yazzle1275OinUninstaller.exe
C:\Program Files\Common Files\ymbols~1
C:\Program Files\crosof~1.net
C:\Program Files\outerinfo
C:\Program Files\smbols~1
C:\WINDOWS\crosof~1
C:\WINDOWS\dobe~1
C:\WINDOWS\dobe~1\?dobe\
C:\WINDOWS\system32\tfbtu.dll
C:\WINDOWS\system32\wapiicom.exe
C:\WINDOWS\WebAssist.dll
C:\WINDOWS\xhelper.dll
C:\WINDOWS\xmlhelper2.dll


((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 )))))))))))))))))))))))))))))))


2007-08-12 10:29 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 16:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-10 15:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-10 15:04 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-08-10 15:04 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-08-10 15:04 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-08-10 14:42 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-08-10 14:22 5,872 --a------ C:\WINDOWS\system32\profile.dat
2007-08-10 14:21 <DIR> d-------- C:\Program Files\Symantec Client Security
2007-08-10 11:49 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-10 11:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-11 20:22 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-10 18:08 --------- d-------- C:\Program Files\Boingo
2007-08-10 17:50 --------- d-------- C:\DOCUME~1\LOCALU~1\APPLIC~1\StarOffice8
2007-08-10 14:22 --------- d-------- C:\Program Files\Symantec
2007-08-10 14:12 --------- d-------- C:\Program Files\symantec_client_firewall_v5_1
2007-08-10 14:11 --------- d-------- C:\Program Files\AIM
2007-08-10 13:12 --------- d-------- C:\Program Files\Spyware Doctor
2007-08-10 11:52 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-10 11:52 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-10 11:48 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-08 13:03 74594 --a------ C:\WINDOWS\system32\Uninstal.exe
2007-07-06 12:57 --------- d-------- C:\Program Files\staroffice7
2007-07-05 15:11 51304 --a------ C:\WINDOWS\system32\drivers\atnt40k.sys
2007-07-05 15:11 --------- d-------- C:\DOCUME~1\LOCALU~1\APPLIC~1\webex
2007-07-05 15:10 202314 --a------ C:\WINDOWS\system32\atasnt40.dll
2007-07-05 14:34 --------- d-------- C:\Program Files\iTunes
2007-07-05 14:34 --------- d-------- C:\Program Files\iPod
2007-07-05 14:10 --------- d-------- C:\Program Files\QuickTime
2007-07-05 14:09 --------- d-------- C:\Program Files\Apple Software Update
2007-07-05 14:08 --------- d-------- C:\Program Files\Common Files\Apple
2007-07-05 09:28 --------- d-------- C:\Program Files\ltmoh
2007-07-05 09:28 --------- d-------- C:\Program Files\Apoint2K
2007-07-03 10:23 --------- d-------- C:\Program Files\AIM6
2007-07-02 10:08 --------- d-------- C:\DOCUME~1\LOCALU~1\APPLIC~1\Viewpoint
2007-07-02 09:33 --------- d-------- C:\Program Files\Viewpoint
2007-06-22 16:08 --------- d-------- C:\Program Files\OneStepSearch
2007-06-22 11:55 --------- d-------- C:\Program Files\YourScreen
2007-06-22 11:53 --------- d-------- C:\Program Files\Free Offers from Freeze.com
2007-06-22 11:50 --------- d-------- C:\Program Files\Freeze.com
2007-06-22 08:17 --------- d-------- C:\DOCUME~1\LOCALU~1\APPLIC~1\MSN6
2007-05-16 10:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2006-07-01 20:34 2127 --a------ C:\Program Files\Fwd rd_summer(1).xls This one. Please discard last email!!!.eml.txt
2006-07-01 20:33 10240 --a------ C:\Program Files\StarOffice 7.lnk


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16384986-D83A-89EF-1A64-828DBF2082EF}]
C:\WINDOWS\system32\snawnco.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-12-10 09:50]
"nwiz"="nwiz.exe" [2003-12-10 09:50 C:\WINDOWS\system32\nwiz.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-01-02 19:16]
"AGRSMMSG"="AGRSMMSG.exe" [2003-04-18 14:20 C:\WINDOWS\agrsmmsg.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 19:46]
"00THotkey"="C:\WINDOWS\System32\00THotkey.exe" [2003-11-21 17:49]
"000StTHK"="000StTHK.exe" [2001-06-23 23:28 C:\WINDOWS\system32\000StTHK.exe]
"TPSMain"="TPSMain.exe" [2003-12-15 14:54 C:\WINDOWS\system32\TPSMain.exe]
"TMESRV.EXE"="C:\Program Files\TOSHIBA\TME3\TMESRV31.exe" [2003-12-09 23:50]
"TMERzCtl.EXE"="C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe" [2003-10-06 20:43]
"TMESBS.EXE"="C:\Program Files\TOSHIBA\TME3\TMESBS32.exe" [2003-08-01 17:56]
"DpUtil"="C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe" [2003-11-11 23:19]
"TFNF5"="TFNF5.exe" [2003-11-17 22:42 C:\WINDOWS\system32\TFNF5.exe]
"TFncKy"="TFncKy.exe" []
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 18:07]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2003-12-03 15:26]
"TAudEffect"="C:\Program Files\Toshiba\TAudEffect\TAudEff.exe" [2003-12-25 19:17]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2003-10-20 12:39]
"PRONoMgr.exe"="c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 05:36]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:56 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"YBrowser"="C:\Program Files\Yahoo!\browser\ybrwicon.exe" [2003-07-11 17:51]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 00:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2006-06-15 01:40]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"NVIEW"="nview.dll,nViewLoadHook" []
"Mozilla Quick Launch"="C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" [2004-12-17 13:30]
"Aim6"="" []
"Uuse"="C:\WINDOWS\DOBE~1\winword.exe" []
"Wbuxpqc"="C:\Program Files\Common Files\?ymbols\w?nspool.exe" []
"WhenUSave"="C:\Program Files\Save\Save.exe" []

C:\Documents and Settings\localuser\Start Menu\Programs\Startup\
StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe [2006-01-25 19:42:42]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2003-12-19 01:31:30]
Boingo.lnk - C:\WINDOWS\Installer\{736CAD5F-0944-4498-BF9E-0E75549854C7}\IconDE70A997.exe [2005-03-29 12:42:21]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2005-03-16 16:19:04]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 16:23:32]
ORiNOCO Client Manager.lnk - C:\Program Files\ORiNOCO\Client Manager\CMLUC.EXE [2005-03-29 12:41:39]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-01-14 12:27:06]
TeleDesk.lnk - C:\Program Files\AccessLine Communications\TeleDesk\j2re1.4.1\bin\javaw.exe [2004-11-19 14:46:12]
XPNeuter.lnk - C:\WINDOWS\system32\wscript.exe [2004-01-13 18:10:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll 2003-12-16 19:49 110592 c:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfcom.sys
R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"
R2 CVPNDRVA;Cisco Systems IPsec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
R2 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R2 Tmesbs;Tmesbs32;"C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service
R3 DNE;Deterministic Network Enhancer Miniport;C:\WINDOWS\system32\DRIVERS\dne2000.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 TEchoCan;Toshiba Audio Effect;C:\WINDOWS\system32\DRIVERS\TEchoCan.sys
R3 tosporte;Bluetooth Port Driver from Toshiba;C:\WINDOWS\system32\DRIVERS\tosporte.sys
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys
S1 IKFileFlt;File Filter Driver;C:\WINDOWS\system32\drivers\ikfileflt.sys
S1 IKFileSec;File Security Driver;C:\WINDOWS\system32\drivers\ikfilesec.sys
S1 IkSysFlt;System Filter Driver;C:\WINDOWS\system32\drivers\iksysflt.sys
S1 IKSysSec;System Security Driver;C:\WINDOWS\system32\drivers\iksyssec.sys
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
S3 hmssmbio;hmssmbio;\??\C:\DOCUME~1\LOCALU~1\LOCALS~1\Temp\hmssmbio.sys
S3 portio;TPM Service;C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
S3 qsmcirda;qsmcirda;\??\C:\DOCUME~1\LOCALU~1\LOCALS~1\Temp\qsmcirda.sys
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys
S3 sffdisk;SFF Storage Class Driver;C:\WINDOWS\system32\DRIVERS\sffdisk.sys
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
S3 sipvnmon;sipvnmon;\??\C:\DOCUME~1\LOCALU~1\LOCALS~1\Temp\sipvnmon.sys
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfbd.sys
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfbnp.sys
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA;C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
S3 Tosrfusb;Bluetooth USB Controller;C:\WINDOWS\system32\Drivers\tosrfusb.sys
S3 w70n51;Intel(R) PRO/Wireless 2100 Adapter Driver;C:\WINDOWS\system32\DRIVERS\w70n51.sys
S3 wlluc48;Wireless LAN PC Card Driver;C:\WINDOWS\system32\DRIVERS\wlluc48.sys
S3 wlluc48b;ORINOCO PC Card Driver;C:\WINDOWS\system32\DRIVERS\wlluc48b.sys

iggalileo
2007-08-13, 16:39
Part 2 of Combofix...

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


Contents of the 'Scheduled Tasks' folder
2007-07-12 12:51:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-11 05:00:00 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\system32\c2kV4R4x.exe
2007-08-12 14:00:00 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\c2kV4R4x.exe
2007-08-12 15:00:00 C:\WINDOWS\Tasks\At11.job
2007-08-11 16:00:00 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\system32\c2kV4R4x.exe
2007-08-11 17:00:00 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\c2kV4R4x.exe
2007-08-11 18:00:00 C:\WINDOWS\Tasks\At14.job
2007-07-31 19:00:30 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\system32\c2kV4R4x.exe
2007-08-10 20:00:31 C:\WINDOWS\Tasks\At16.job
2007-08-11 21:00:00 C:\WINDOWS\Tasks\At17.job
2007-08-11 22:00:00 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\c2kV4R4x.exe
2007-08-11 23:00:00 C:\WINDOWS\Tasks\At19.job
2007-08-11 05:59:59 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\system32\c2kV4R4x.exe
2007-08-12 00:00:00 C:\WINDOWS\Tasks\At20.job - C:\WINDOWS\system32\c2kV4R4x.exe
2007-08-12 01:00:00 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\c2kV4R4x.exe
2007-08-12 02:00:00 C:\WINDOWS\Tasks\At22.job
2007-08-11 03:00:00 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\c2kV4R4x.exe
2007-08-11 04:00:00 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\c2kV4R4x.exe
2007-08-11 05:00:00 C:\WINDOWS\Tasks\At25.job - C:\WINDOWS\system32\0rWm0k5w.exe
2007-08-11 06:00:00 C:\WINDOWS\Tasks\At26.job - C:\WINDOWS\system32\0rWm0k5w.exe
2007-08-11 07:00:00 C:\WINDOWS\Tasks\At27.job - C:\WINDOWS\system32\0rWm0k5w.exe
2007-08-11 08:00:00 C:\WINDOWS\Tasks\At28.job - C:\WINDOWS\system32\0rWm0k5w.exe
2007-08-11 09:00:00 C:\WINDOWS\Tasks\At29.job - C:\WINDOWS\system32\0rWm0k5w.exe
2007-08-11 07:00:00 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\system32\c2kV4R4x.exe
2007-08-11 10:00:00 C:\WINDOWS\Tasks\At30.job
2007-08-11 11:00:00 C:\WINDOWS\Tasks\At31.job - C:\WINDOWS\system32\0rWm0k5w.exe
2007-08-11 12:00:00 C:\WINDOWS\Tasks\At32.job - C:\WINDOWS\system32\0rWm0k5w.exe
2007-08-12 13:00:00 C:\WINDOWS\Tasks\At33.job - C:\WINDOWS\system32\0rWm0k5w.exe
2007-08-12 14:00:00 C:\WINDOWS\Tasks\At34.job - C:\WINDOWS\system32\0rWm0k5w.exe
2007-08-12 15:00:00 C:\WINDOWS\Tasks\At35.job
2007-08-11 16:00:00 C:\WINDOWS\Tasks\At36.job - C:\WINDOWS\system32\0rWm0k5w.exe
2007-08-11 17:00:00 C:\WINDOWS\Tasks\At37.job - C:\WINDOWS\system32\0rWm0k5w.exe
2007-08-11 18:00:00 C:\WINDOWS\Tasks\At38.job - C:\WINDOWS\system32\0rWm0k5w.exe
2007-07-31 19:00:30 C:\WINDOWS\Tasks\At39.job - C:\WINDOWS\system32\0rWm0k5w.exe
2007-08-11 08:00:00 C:\WINDOWS\Tasks\At4.job
2007-08-10 20:00:31 C:\WINDOWS\Tasks\At40.job
2007-08-11 21:00:00 C:\WINDOWS\Tasks\At41.job
2007-08-11 22:00:00 C:\WINDOWS\Tasks\At42.job - C:\WINDOWS\system32\0rWm0k5w.exe
2007-08-11 23:00:00 C:\WINDOWS\Tasks\At43.job
2007-08-12 00:00:00 C:\WINDOWS\Tasks\At44.job - C:\WINDOWS\system32\0rWm0k5w.exe
2007-08-12 01:00:00 C:\WINDOWS\Tasks\At45.job - C:\WINDOWS\system32\0rWm0k5w.exe
2007-08-12 02:00:00 C:\WINDOWS\Tasks\At46.job
2007-08-11 03:00:00 C:\WINDOWS\Tasks\At47.job - C:\WINDOWS\system32\0rWm0k5w.exe
2007-08-11 04:00:00 C:\WINDOWS\Tasks\At48.job - C:\WINDOWS\system32\0rWm0k5w.exe
2007-08-11 09:00:00 C:\WINDOWS\Tasks\At5.job
2007-08-11 10:00:00 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\c2kV4R4x.exe
2007-08-11 11:00:00 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\system32\c2kV4R4x.exe
2007-08-11 12:00:00 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\c2kV4R4x.exe
2007-08-12 13:00:00 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\c2kV4R4x.exe
2007-07-06 14:01:03 C:\WINDOWS\Tasks\rpc.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 10:35:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-12 10:37:49 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-12 10:37

--- E O F ---


I'll be posting HiJackThis output next...

iggalileo
2007-08-13, 16:40
Here's HiJackThis output. Thanks for checking it out.

John

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:31:42 AM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\ORiNOCO\Client Manager\CMLUC.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\Documents and Settings\localuser\Desktop\jbigane\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sun.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = webcache.central.sun.com:8080
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {16384986-D83A-89EF-1A64-828DBF2082EF} - C:\WINDOWS\system32\snawnco.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\Toshiba\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [Uuse] "C:\WINDOWS\DOBE~1\winword.exe" -vt ndrv
O4 - HKCU\..\Run: [Wbuxpqc] "C:\Program Files\Common Files\?ymbols\w?nspool.exe"
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Boingo.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: ORiNOCO Client Manager.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: TeleDesk.lnk = ?
O4 - Global Startup: XPNeuter.lnk = C:\WINDOWS\system32\wscript.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 14798 bytes

Blade81
2007-08-13, 23:34
Hi

Remove thru add/remove programs following entries (or something with similar names, if found):
Free Offers from Freeze.com
Freeze.com
WhenUSave


Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.


Upload following files to VirusTotal (http://www.virustotal.com) if you find them and post back the results:
C:\DOCUME~1\LOCALU~1\LOCALS~1\Temp\hmssmbio.sys (~1 means that name begins with characters before ~1)
C:\DOCUME~1\LOCALU~1\LOCALS~1\Temp\qsmcirda.sys
C:\DOCUME~1\LOCALU~1\LOCALS~1\Temp\sipvnmon.sys

Have you added this by yourself
C:\WINDOWS\Tasks\rpc.job?


Start hjt, click do a system scan only, check:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: (no name) - {16384986-D83A-89EF-1A64-828DBF2082EF} - C:\WINDOWS\system32\snawnco.dll (file missing)
O4 - HKCU\..\Run: [Uuse] "C:\WINDOWS\DOBE~1\winword.exe" -vt ndrv
O4 - HKCU\..\Run: [Wbuxpqc] "C:\Program Files\Common Files\?ymbols\w?nspool.exe"
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

Close browsers and other windows. Click fix checked.

Open notepad and copy/paste the text in the quotebox below into it:



File::
C:\WINDOWS\system32\c2kV4R4x.exe
C:\WINDOWS\system32\0rWm0k5w.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\system32\snawnco.dll

Folder::
C:\Program Files\Free Offers from Freeze.com
C:\Program Files\Freeze.com
C:\Program Files\Save



Save this as
CFScript


http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log, a fresh hjt log and VirusTotal results for those 3 files.

iggalileo
2007-08-16, 18:06
Sorry for the delay.

I didn't find any of the three in Add/Remove progs...

I couldn't find any of the three files in TEMP folder so I couldn't verify them in VirusTotal.

I did not create C:\WINDOWS\Tasks\rpc.job as far as I know.

I did the rest as requested. Below is the output:

FILE::
C:\WINDOWS\system32\c2kV4R4x.exe
C:\WINDOWS\system32\0rWm0k5w.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\system32\snawnco.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Free Offers from Freeze.com
C:\Program Files\Free Offers from Freeze.com\101_Free_Songs.ico
C:\Program Files\Free Offers from Freeze.com\3739.url
C:\Program Files\Free Offers from Freeze.com\3763.url
C:\Program Files\Free Offers from Freeze.com\3764.url
C:\Program Files\Free Offers from Freeze.com\3767.url
C:\Program Files\Free Offers from Freeze.com\3770.url
C:\Program Files\Free Offers from Freeze.com\3798.url
C:\Program Files\Free Offers from Freeze.com\3810.url
C:\Program Files\Free Offers from Freeze.com\control.txt
C:\Program Files\Free Offers from Freeze.com\dolphinico.ico
C:\Program Files\Free Offers from Freeze.com\FREE_Games.ico
C:\Program Files\Free Offers from Freeze.com\music_icon.ico
C:\Program Files\Free Offers from Freeze.com\reciperw_icon.ico
C:\Program Files\Free Offers from Freeze.com\Ringtones.ico
C:\Program Files\Free Offers from Freeze.com\wfallsaw.ico
C:\Program Files\Freeze.com
C:\Program Files\Freeze.com\Frosty Games\data\butt.swf
C:\Program Files\Freeze.com\Frosty Games\data\DefaultExit.html
C:\Program Files\Freeze.com\Frosty Games\data\DefaultFree.html
C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_freeintro_08.jpg
C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_01.jpg
C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_02.jpg
C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_03.jpg
C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_04.jpg
C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_05.jpg
C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_06.jpg
C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_07.jpg
C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_09.jpg
C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_10.jpg
C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_11.jpg
C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_12.jpg
C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_13.jpg
C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_14.jpg
C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_15.jpg
C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_16.jpg
C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_17.jpg
C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_18.jpg
C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_19.jpg
C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_20.jpg
C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_21.jpg
C:\Program Files\Freeze.com\Frosty Games\data\deffreeimg_v2\frstygm_intro_22.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_01.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_02.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_03.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_04.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_05.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_06.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_07.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_08.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_09.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_10.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_11.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_12.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_13.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_14.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_15.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_16.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_17.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_18.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_19.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_20.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_21.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_22.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_23.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_24.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_25.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_26.jpg
C:\Program Files\Freeze.com\Frosty Games\data\exitimg_v2\ftycr_27.jpg
C:\Program Files\Freeze.com\Frosty Games\data\frosty500x350.html
C:\Program Files\Freeze.com\Frosty Games\data\frosty728x90.html
C:\Program Files\Freeze.com\Frosty Games\data\left_menu.swf
C:\Program Files\Freeze.com\Frosty Games\data\offlinefrosty_v2\050930_728x90_generic_mole_hole.jpg
C:\Program Files\Freeze.com\Frosty Games\data\offlinefrosty_v2\500x350.gif
C:\Program Files\Freeze.com\Frosty Games\data\offlinefrosty500x350.html
C:\Program Files\Freeze.com\Frosty Games\data\offlinefrosty728x90.html
C:\Program Files\Freeze.com\Frosty Games\data\OnlineDefaultFree.html
C:\Program Files\Freeze.com\Frosty Games\FrostyGames.exe
C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\chicken_gamedata.txt
C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\game_data.txt
C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\game_data_level0_data.txt
C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\game_data_level1_data.txt
C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\game_data_level2_data.txt
C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\game_data_level3_data.txt
C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\game_data_level4_data.txt
C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\game_data_level5_data.txt
C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\game_data_level6_data.txt
C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\game_data_level7_data.txt
C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\game_data_level8_data.txt
C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\game_data_level9_data.txt
C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\Mayan_Mask_Mayhem.swf
C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\Smiley_Chomp.swf
C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\Spot_The_Difference_Education.swf
C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\Spot_The_Difference_Summer.swf
C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\Spot_The_Difference_Thanksgiving.swf
C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\Swap_A_Smiley.swf
C:\Program Files\Freeze.com\Frosty Games\games\Classic_Arcade\Why_Did_The_Chicken_Cross_The_Road.swf
C:\Program Files\Freeze.com\Frosty Games\icon_desk_snowflake_v1.ico
C:\Program Files\Freeze.com\Frosty Games\INSTALL.LOG
C:\Program Files\Freeze.com\Frosty Games\license.txt
C:\Program Files\Freeze.com\Frosty Games\undata.exe
C:\Program Files\Freeze.com\Frosty Games\undata.ini
C:\Program Files\Freeze.com\Frosty Games\UNINSTAL.EXE
C:\Program Files\Freeze.com\Frosty Games\upgrade.url
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job


((((((((((((((((((((((((( Files Created from 2007-07-16 to 2007-08-16 )))))))))))))))))))))))))))))))


2007-08-12 10:29 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-10 16:04 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-10 15:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-10 15:04 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-08-10 15:04 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-08-10 15:04 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-08-10 14:42 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-08-10 14:22 7,816 --a------ C:\WINDOWS\system32\profile.dat
2007-08-10 14:21 <DIR> d-------- C:\Program Files\Symantec Client Security
2007-08-10 11:49 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-10 11:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-16 09:03 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-14 14:02 --------- d-------- C:\Program Files\Boingo
2007-08-13 15:39 --------- d-------- C:\DOCUME~1\LOCALU~1\APPLIC~1\StarOffice8
2007-08-10 14:22 --------- d-------- C:\Program Files\Symantec
2007-08-10 14:12 --------- d-------- C:\Program Files\symantec_client_firewall_v5_1
2007-08-10 14:11 --------- d-------- C:\Program Files\AIM
2007-08-10 13:12 --------- d-------- C:\Program Files\Spyware Doctor
2007-08-10 11:52 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-10 11:52 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-10 11:48 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-08 13:03 74594 --a------ C:\WINDOWS\system32\Uninstal.exe
2007-07-06 12:57 --------- d-------- C:\Program Files\staroffice7
2007-07-05 15:11 51304 --a------ C:\WINDOWS\system32\drivers\atnt40k.sys
2007-07-05 15:11 --------- d-------- C:\DOCUME~1\LOCALU~1\APPLIC~1\webex
2007-07-05 15:10 202314 --a------ C:\WINDOWS\system32\atasnt40.dll
2007-07-05 14:34 --------- d-------- C:\Program Files\iTunes
2007-07-05 14:34 --------- d-------- C:\Program Files\iPod
2007-07-05 14:10 --------- d-------- C:\Program Files\QuickTime
2007-07-05 14:09 --------- d-------- C:\Program Files\Apple Software Update
2007-07-05 14:08 --------- d-------- C:\Program Files\Common Files\Apple
2007-07-05 09:28 --------- d-------- C:\Program Files\ltmoh
2007-07-05 09:28 --------- d-------- C:\Program Files\Apoint2K
2007-07-03 10:23 --------- d-------- C:\Program Files\AIM6
2007-07-02 10:08 --------- d-------- C:\DOCUME~1\LOCALU~1\APPLIC~1\Viewpoint
2007-07-02 09:33 --------- d-------- C:\Program Files\Viewpoint
2007-06-22 16:08 --------- d-------- C:\Program Files\OneStepSearch
2007-06-22 11:55 --------- d-------- C:\Program Files\YourScreen
2007-06-22 08:17 --------- d-------- C:\DOCUME~1\LOCALU~1\APPLIC~1\MSN6
2007-05-16 10:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2006-07-01 20:34 2127 --a------ C:\Program Files\Fwd rd_summer(1).xls This one. Please discard last email!!!.eml.txt
2006-07-01 20:33 10240 --a------ C:\Program Files\StarOffice 7.lnk


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-12-10 09:50]
"nwiz"="nwiz.exe" [2003-12-10 09:50 C:\WINDOWS\system32\nwiz.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-01-02 19:16]
"AGRSMMSG"="AGRSMMSG.exe" [2003-04-18 14:20 C:\WINDOWS\agrsmmsg.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 19:46]
"00THotkey"="C:\WINDOWS\System32\00THotkey.exe" [2003-11-21 17:49]
"000StTHK"="000StTHK.exe" [2001-06-23 23:28 C:\WINDOWS\system32\000StTHK.exe]
"TPSMain"="TPSMain.exe" [2003-12-15 14:54 C:\WINDOWS\system32\TPSMain.exe]
"TMESRV.EXE"="C:\Program Files\TOSHIBA\TME3\TMESRV31.exe" [2003-12-09 23:50]
"TMERzCtl.EXE"="C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe" [2003-10-06 20:43]
"TMESBS.EXE"="C:\Program Files\TOSHIBA\TME3\TMESBS32.exe" [2003-08-01 17:56]
"DpUtil"="C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe" [2003-11-11 23:19]
"TFNF5"="TFNF5.exe" [2003-11-17 22:42 C:\WINDOWS\system32\TFNF5.exe]
"TFncKy"="TFncKy.exe" []
"TosHKCW.exe"="C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 18:07]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2003-12-03 15:26]
"TAudEffect"="C:\Program Files\Toshiba\TAudEffect\TAudEff.exe" [2003-12-25 19:17]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 13:29]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2003-10-20 12:39]
"PRONoMgr.exe"="c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 05:36]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:56 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"YBrowser"="C:\Program Files\Yahoo!\browser\ybrwicon.exe" [2003-07-11 17:51]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 00:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2006-06-15 01:40]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"NVIEW"="nview.dll,nViewLoadHook" []
"Mozilla Quick Launch"="C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" [2004-12-17 13:30]
"Aim6"="" []

C:\Documents and Settings\localuser\Start Menu\Programs\Startup\
StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe [2006-01-25 19:42:42]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2003-12-19 01:31:30]
Boingo.lnk - C:\WINDOWS\Installer\{736CAD5F-0944-4498-BF9E-0E75549854C7}\IconDE70A997.exe [2005-03-29 12:42:21]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2005-03-16 16:19:04]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 16:23:32]
ORiNOCO Client Manager.lnk - C:\Program Files\ORiNOCO\Client Manager\CMLUC.EXE [2005-03-29 12:41:39]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-01-14 12:27:06]
TeleDesk.lnk - C:\Program Files\AccessLine Communications\TeleDesk\j2re1.4.1\bin\javaw.exe [2004-11-19 14:46:12]
XPNeuter.lnk - C:\WINDOWS\system32\wscript.exe [2004-01-13 18:10:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll 2003-12-16 19:49 110592 c:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

iggalileo
2007-08-16, 18:08
R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfcom.sys
R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"
R2 CVPNDRVA;Cisco Systems IPsec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
R2 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R2 Tmesbs;Tmesbs32;"C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service
R3 DNE;Deterministic Network Enhancer Miniport;C:\WINDOWS\system32\DRIVERS\dne2000.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 TEchoCan;Toshiba Audio Effect;C:\WINDOWS\system32\DRIVERS\TEchoCan.sys
R3 tosporte;Bluetooth Port Driver from Toshiba;C:\WINDOWS\system32\DRIVERS\tosporte.sys
R3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys
S1 IKFileFlt;File Filter Driver;C:\WINDOWS\system32\drivers\ikfileflt.sys
S1 IKFileSec;File Security Driver;C:\WINDOWS\system32\drivers\ikfilesec.sys
S1 IkSysFlt;System Filter Driver;C:\WINDOWS\system32\drivers\iksysflt.sys
S1 IKSysSec;System Security Driver;C:\WINDOWS\system32\drivers\iksyssec.sys
S3 CVirtA;Cisco Systems VPN Adapter;C:\WINDOWS\system32\DRIVERS\CVirtA.sys
S3 hmssmbio;hmssmbio;\??\C:\DOCUME~1\LOCALU~1\LOCALS~1\Temp\hmssmbio.sys
S3 portio;TPM Service;C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
S3 qsmcirda;qsmcirda;\??\C:\DOCUME~1\LOCALU~1\LOCALS~1\Temp\qsmcirda.sys
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys
S3 sffdisk;SFF Storage Class Driver;C:\WINDOWS\system32\DRIVERS\sffdisk.sys
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
S3 sipvnmon;sipvnmon;\??\C:\DOCUME~1\LOCALU~1\LOCALS~1\Temp\sipvnmon.sys
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfbd.sys
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfbnp.sys
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA;C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
S3 Tosrfusb;Bluetooth USB Controller;C:\WINDOWS\system32\Drivers\tosrfusb.sys
S3 w70n51;Intel(R) PRO/Wireless 2100 Adapter Driver;C:\WINDOWS\system32\DRIVERS\w70n51.sys
S3 wlluc48;Wireless LAN PC Card Driver;C:\WINDOWS\system32\DRIVERS\wlluc48.sys
S3 wlluc48b;ORINOCO PC Card Driver;C:\WINDOWS\system32\DRIVERS\wlluc48b.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

*Newly Created Service* - ERASERUTILREBOOTDRV

Contents of the 'Scheduled Tasks' folder
2007-07-12 12:51:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-07-06 14:01:03 C:\WINDOWS\Tasks\rpc.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-16 09:38:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-16 9:41:33 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-16 09:40
C:\ComboFix2.txt ... 2007-08-12 10:37

--- E O F ---

iggalileo
2007-08-16, 18:09
ogfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:50:22 AM, on 8/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\mozilla.org\Mozilla\Mozilla.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Boingo\Boingo.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\ORiNOCO\Client Manager\CMLUC.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\localuser\Desktop\jbigane\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sun.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_6_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\Toshiba\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Boingo.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: ORiNOCO Client Manager.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: TeleDesk.lnk = ?
O4 - Global Startup: XPNeuter.lnk = C:\WINDOWS\system32\wscript.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D15C56C-EE92-4604-8C01-A2E20D7D3D63}: NameServer = 68.94.156.1 68.94.157.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe (file missing)
O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\swdsvc.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 13807 bytes

Blade81
2007-08-16, 18:26
Hi

Okay, then delete C:\WINDOWS\Tasks\rpc.job file.


Launch AVG Anti-Spyware
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update. Don't run AVG yet. Will do it a bit later.


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.



Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.



Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Don't select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the
Save Scan Report
button before you did hit the
Apply all Actions
button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot.


Post
-AVG Anti-Spyware log
-a fresh HJT log.

tashi
2007-08-31, 06:14
Due to lack of a response to helper this topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.