Hi. No worries on the reply time. I have been traveling between family members over the holidays and the speed of this help has been ideal for me
My computer is running ok I suppose. firefox is not running anymore when I click on it. Not sure if that got removed during some of our steps. Anyway, I followed your steps and think I did them correcty. Below are the logs that you requested: Combofix.txt, Eset NOD32 Scanner report, and then the Hijack This log. I will be traveling from Wednesday to Sunday so we might need to take a break on this for a few days. I will be home all day Tuesday (12/30) though if you have time then.
ComboFix 08-12-21.04 - Jeff 2008-12-29 19:27:46.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.201 [GMT -5:00]
Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jeff\Desktop\CFScript.txt
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
FILE ::
c:\windows\bolivar30.exe
c:\windows\fm123.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Jeff\Application Data\LimeWire
c:\documents and settings\Jeff\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Jeff\Application Data\LimeWire\downloads.dat
c:\documents and settings\Jeff\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Jeff\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Jeff\Application Data\LimeWire\filters.props
c:\documents and settings\Jeff\Application Data\LimeWire\installation.props
c:\documents and settings\Jeff\Application Data\LimeWire\library.dat
c:\documents and settings\Jeff\Application Data\LimeWire\limewire.props
c:\documents and settings\Jeff\Application Data\LimeWire\mojito.props
c:\documents and settings\Jeff\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Jeff\Application Data\LimeWire\promotion\promodb.lck
c:\documents and settings\Jeff\Application Data\LimeWire\promotion\promodb.log
c:\documents and settings\Jeff\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Jeff\Application Data\LimeWire\questions.props
c:\documents and settings\Jeff\Application Data\LimeWire\simpp.xml
c:\documents and settings\Jeff\Application Data\LimeWire\tables.props
c:\documents and settings\Jeff\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Jeff\Application Data\LimeWire\themes\windows_theme\
01_star.gif
c:\documents and settings\Jeff\Application Data\LimeWire\themes\windows_theme\
02_star.gif
c:\documents and settings\Jeff\Application Data\LimeWire\themes\windows_theme\
03_star.gif
c:\documents and settings\Jeff\Application Data\LimeWire\themes\windows_theme\
04_star.gif
c:\documents and settings\Jeff\Application Data\LimeWire\themes\windows_theme\
05_star.gif
c:\documents and settings\Jeff\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Jeff\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Jeff\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Jeff\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Jeff\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Jeff\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Jeff\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Jeff\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Jeff\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Jeff\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Jeff\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Jeff\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Jeff\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Jeff\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Jeff\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Jeff\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\Jeff\Application Data\LimeWire\version.xml
c:\documents and settings\Jeff\Application Data\LimeWire\versions.props
c:\documents and settings\Jeff\Application Data\LimeWire\xml\data\audio.sxml2
c:\program files\LimeWire
c:\program files\LimeWire\hs_err_pid4084.log
c:\windows\bolivar30.exe
c:\windows\fm123.dat
.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.
2008-12-16 18:39 . 2008-12-16 18:39 <DIR> d-------- c:\program files\Trend Micro
2008-12-15 19:41 . 2008-12-15 19:41 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-15 19:41 . 2008-12-15 20:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-14 22:49 . 2008-12-14 22:49 <DIR> d---s---- c:\documents and settings\Jeff\UserData
2008-12-09 19:34 . 2008-10-03 05:15 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll
2008-12-04 20:17 . 2008-12-04 20:17 2 --a------ c:\windows\msoffice.ini
2008-11-24 21:34 . 2008-11-24 21:34 <DIR> d-------- c:\documents and settings\Jeff\Application Data\Viewpoint
2008-11-12 18:49 . 2008-10-24 06:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 18:48 . 2008-09-04 11:42 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-10 18:10 . 2008-11-10 18:10 0 --a------ c:\windows\TPTray.INI
2008-11-01 22:02 . 2008-11-01 22:02 <DIR> d-------- c:\documents and settings\Jeff\Application Data\AVS4YOU
2008-11-01 22:02 . 2008-11-01 22:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU
2008-11-01 22:01 . 2008-11-01 22:21 <DIR> d-------- c:\program files\Common Files\AVSMedia
2008-11-01 22:01 . 2008-11-01 22:21 <DIR> d-------- c:\program files\AVS4YOU
2008-11-01 22:01 . 2007-02-27 18:36 487,424 --a------ c:\windows\system32\msvcp70.dll
2008-11-01 22:01 . 2007-02-27 18:36 344,064 --a------ c:\windows\system32\msvcr70.dll
2008-11-01 22:01 . 2007-02-27 18:36 24,576 --a------ c:\windows\system32\msxml3a.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 02:01 --------- d-----w c:\documents and settings\Jeff\Application Data\HPAppData
2008-12-11 22:25 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-12-11 19:45 1,386,496 ----a-w c:\windows\system32\msvbvm60.dll
2008-12-05 14:44 --------- d-----w c:\program files\Pure Networks
2008-12-05 14:44 --------- d-----w c:\program files\Common Files\AOL
2008-12-05 01:17 --------- d-----w c:\documents and settings\Jeff\Application Data\AOL
2008-12-05 01:17 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 10:20 667,648 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-23 00:17 61,224 ----a-w c:\documents and settings\Jeff\GoToAssistDownloadHelper.exe
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2005-07-08 212992]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-07-01 303104]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-12-01 671744]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 1077322]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2005-12-13 53248]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-31 271672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-05-31 c:\windows\system32\TPSMain.exe]
"ZoomingHook"="ZoomingHook.exe" [2005-06-06 c:\windows\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-12-05 c:\windows\system32\TCtrlIOHook.exe]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-12-27 c:\windows\system32\TDispVol.exe]
"CFSServ.exe"="CFSServ.exe" [BU]
c:\documents and settings\Jeff\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-12 59080]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-12-29 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-09-27 24652]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
2008-10-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 12:15]
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.toshibadirect.com/dpdstartIE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\
0ge62img.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.aol.com/aolcom/search?inv ... ie7&query=FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage -
hxxp://www.yahoo.comFF - prefs.js: keyword.URL -
hxxp://search.aol.com/aolcom/search?inv ... sab&query=FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 9090
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-29 19:29:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-12-29 19:29:54
ComboFix-quarantined-files.txt 2008-12-30 00:29:38
ComboFix2.txt 2008-12-23 02:28:09
ComboFix3.txt 2008-12-23 02:21:27
Pre-Run: 52,061,315,072 bytes free
Post-Run: 52,120,924,160 bytes free
224 --- E O F --- 2008-12-20 17:33:12
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3722 (20081229)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=6bcfd59758bc8c43a1469d6172f46e64
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-12-30 01:03:05
# local_time=2008-12-29 08:03:05 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=256177
# found=32
# scan_time=1215
C:\Documents and Settings\Jeff\My Documents\Desktop before restore\EXECUTABLES\installdrivecleanerstart(2).exe a variant of Win32/Adware.WinFixer application 5138F016E4E806950B815A0C59707E74
C:\Documents and Settings\Jeff\My Documents\Desktop before restore\EXECUTABLES\installdrivecleanerstart.exe a variant of Win32/Adware.WinFixer application 5138F016E4E806950B815A0C59707E74
C:\Documents and Settings\Jeff\My Documents\Desktop before restore\EXECUTABLES\setup.122.exe Win32/TrojanDownloader.Zlob.BGU trojan F049E6A410FDCA9591BD4BB17423C635
C:\Documents and Settings\Jeff\My Documents\Desktop before restore\EXECUTABLES\setup.122.exe »NSIS »gala.dll Win32/TrojanDownloader.Zlob.BGU trojan 00000000000000000000000000000000
C:\Documents and Settings\Jeff\My Documents\Desktop before restore\EXECUTABLES\Setup.exe Win32/Adware.180Solutions application 3861D20BBD6A011FC7F1140B85DD958F
C:\Documents and Settings\Jeff\My Documents\Desktop before restore\LimeWire Shared\god bless america ronan tynan.mp3 WMA/TrojanDownloader.GetCodec.C trojan 1A31AF52C42A4B385BFD1DC08CCDF7F2
C:\Documents and Settings\Jeff\My Documents\Desktop before restore\LimeWire Shared\Rare Recording.wma WMA/TrojanDownloader.Wimad.D trojan 805F448E115D5DBD71A99B98F8BA7F4A
C:\Documents and Settings\Jeff\My Documents\LimeWire\Shared\god bless america ronan tynan.mp3 WMA/TrojanDownloader.GetCodec.C trojan 1A31AF52C42A4B385BFD1DC08CCDF7F2
C:\Documents and Settings\Jeff\My Documents\LimeWire\Shared\Rare Recording.wma WMA/TrojanDownloader.Wimad.D trojan 805F448E115D5DBD71A99B98F8BA7F4A
C:\Documents and Settings\Jeff\My Documents\Setup\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\animan.class-7c13b540-76261e24.class Java/TrojanDownloader.OpenStream.NAC trojan DBEE24E93B7EFBC279DAA14F64E9575E
C:\Documents and Settings\Jeff\My Documents\Setup\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-5b07f5ae-6bd881b6.zip multiple infiltrations 054E44A774B41DCAC152F1FA7A0459B5
C:\Documents and Settings\Jeff\My Documents\Setup\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-5b07f5ae-6bd881b6.zip »ZIP »MagicApplet.class Java/TrojanDownloader.OpenConnection trojan 00000000000000000000000000000000
C:\Documents and Settings\Jeff\My Documents\Setup\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-5b07f5ae-6bd881b6.zip »ZIP »OwnClassLoader.class Java/Exploit.Bytverify trojan 00000000000000000000000000000000
C:\Documents and Settings\Jeff\My Documents\Setup\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-5b07f5ae-6bd881b6.zip »ZIP »ProxyClassLoader.class Java/Exploit.Bytverify trojan 00000000000000000000000000000000
C:\Documents and Settings\Jeff\My Documents\Setup\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-5b07f5ae-6bd881b6.zip »ZIP »Installer.class Java/TrojanDownloader.Agent.A trojan 00000000000000000000000000000000
C:\Documents and Settings\Jeff\My Documents\Setup\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-505beb86-6ba76f3e.zip Java/TrojanDownloader.OpenStream.NAB trojan 09BCE5E1BB34F7535E41DFD8CDA38FD0
C:\Documents and Settings\Jeff\My Documents\Setup\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-505beb86-6ba76f3e.zip »ZIP »OP.class Java/TrojanDownloader.OpenStream.NAB trojan 00000000000000000000000000000000
C:\Documents and Settings\Jeff\My Documents\Setup\Local Settings\Temp\.tt18A.tmp.vbs Win32/Adware.XPAntivirus application 9DF700C8F6FD43FAC0A89AEF04214BBD
C:\Documents and Settings\Jeff\My Documents\Setup\Local Settings\Temp\.tt195.tmp.exe Win32/Adware.XPAntivirus application 66429C1021AA1C1AB6F12E96185097A0
C:\Documents and Settings\Jeff\My Documents\Setup\Local Settings\Temp\.tt195.tmp.exe »NSIS »euladlg.dll Win32/Adware.XPAntivirus application 00000000000000000000000000000000
C:\Documents and Settings\Jeff\My Documents\Setup\Local Settings\Temp\.tt195.tmp.exe »NSIS »ý§€.exe Win32/Adware.XPAntivirus application 00000000000000000000000000000000
C:\Documents and Settings\Jeff\My Documents\Setup\Local Settings\Temp\.tt195.tmp.exe »NSIS »Uninstall.exe Win32/Adware.XPAntivirus application 00000000000000000000000000000000
C:\Documents and Settings\Jeff\My Documents\Setup\Local Settings\Temp\.tt1BE.tmp.exe Win32/Adware.XPAntivirus application 66429C1021AA1C1AB6F12E96185097A0
C:\Documents and Settings\Jeff\My Documents\Setup\Local Settings\Temp\.tt1BE.tmp.exe »NSIS »euladlg.dll Win32/Adware.XPAntivirus application 00000000000000000000000000000000
C:\Documents and Settings\Jeff\My Documents\Setup\Local Settings\Temp\.tt1BE.tmp.exe »NSIS »ý§€.exe Win32/Adware.XPAntivirus application 00000000000000000000000000000000
C:\Documents and Settings\Jeff\My Documents\Setup\Local Settings\Temp\.tt1BE.tmp.exe »NSIS »Uninstall.exe Win32/Adware.XPAntivirus application 00000000000000000000000000000000
C:\Documents and Settings\Jeff\My Documents\Setup\Local Settings\Temp\.ttA.tmp.vbs Win32/Adware.XPAntivirus application 9DF700C8F6FD43FAC0A89AEF04214BBD
C:\Documents and Settings\Jeff\My Documents\Setup\Local Settings\Temp\nsm1C2.tmp\euladlg.dll Win32/Adware.XPAntivirus application B5B62F6DE8CFD05CA237B8046B5D0510
C:\Documents and Settings\Jeff\My Documents\Setup\Local Settings\Temp\nsr199.tmp\euladlg.dll Win32/Adware.XPAntivirus application B5B62F6DE8CFD05CA237B8046B5D0510
C:\Documents and Settings\Jeff\My Documents\Setup\Local Settings\Temp\nswD.tmp\euladlg.dll Win32/Adware.XPAntivirus application B5B62F6DE8CFD05CA237B8046B5D0510
C:\Qoobox\Quarantine\C\Program Files\tinyproxy\tinyproxy.exe.vir Win32/TrojanProxy.Small.NCN trojan E5514ECBC438DD12F05EC99CB338C864
C:\Qoobox\Quarantine\C\WINDOWS\bolivar30.exe.vir a variant of Win32/Koobface.NAO worm FBEDA0AEDF983C6F49908B405B76F3D5
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:41 PM, on 12/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.toshibadirect.com/dpdstartR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US
ee://aol/imAppO4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
http://www.eset.eu/OnlineScanner.cabO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 11862 bytes