Outerinfo and major computer problems..Hijackthis log.....please help

Question

Hi I can only do this in safe mode.....my computer will not work otherwise...this problem started when I added trenmicro to my computer. Here is the log   Logfile of HijackThis v1.99.1Scan saved at 7:55:14 PM, on 3/4/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32undll32.exeC:\WINDOWS\system32undll32.exeC:\WINDOWS\system32undll32.exeC:\Documents and Settings\Administrator\My Documents\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywayR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dllO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeO4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [DVDLauncher] 'C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe'O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeO4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottimeO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla	fswctrl.exeO4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [ISUSScheduler] 'C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe' -startO4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exeO4 - HKLM\..\Run: [pccguide.exe] 'C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe'O4 - HKLM\..\Run: [64ffd956] rundll32.exe 'C:\WINDOWS\system32\pioqxqig.dll',bO4 - HKLM\..\Run: [BM67cceaca] Rundll32.exe 'C:\WINDOWS\system32\fkjjbqwk.dll',sO4 - HKCU\..\Run: [DellSupport] 'C:\Program Files\DellSupport\DSAgnt.exe' /startupO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\RunOnce: [SpybotDeletingB688] command /c del 'C:\Documents and Settings\Bleau\Start Menu\Programs\Outerinfo\Terms.lnk'O4 - HKCU\..\RunOnce: [SpybotDeletingD5315] cmd /c del 'C:\Documents and Settings\Bleau\Start Menu\Programs\Outerinfo\Terms.lnk'O4 - HKCU\..\RunOnce: [SpybotDeletingB9376] command /c del 'C:\Documents and Settings\Bleau\Start Menu\Programs\Outerinfo\Uninstall.lnk'O4 - HKCU\..\RunOnce: [SpybotDeletingD5178] cmd /c del 'C:\Documents and Settings\Bleau\Start Menu\Programs\Outerinfo\Uninstall.lnk'O4 - HKCU\..\RunOnce: [SpybotDeletingB8961] command /c del 'C:\WINDOWS\system32\siuugtqk.dll_old'O4 - HKCU\..\RunOnce: [SpybotDeletingD9988] cmd /c del 'C:\WINDOWS\system32\siuugtqk.dll_old'O4 - HKCU\..\RunOnce: [SpybotDeletingB6495] command /c del 'C:\WINDOWS\system32\siuugtqk.dll'O4 - HKCU\..\RunOnce: [SpybotDeletingD8235] cmd /c del 'C:\WINDOWS\system32\siuugtqk.dll'O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [INTERNATIONAL] International*O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cabO16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cabO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe' Start=service (file missing)O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeO23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeO23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1	mproxy.exe

bamajim · Answer

ebleau

Please download Combofix and save to your desktop:

Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Microsoft MVP Consumer-Security

CastleCops Instructor

"The world is what you make of it"

ebleau · Answer

Thank you for getting back to me, I can only do this in safe mode, but here's the log:   ComboFix 08-03-04.5 - Administrator 2008-03-05 10:57:05.2 - NTFSx86 NETWORKMicrosoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.144 [GMT -5:00]Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!. (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.C:\Documents and Settings\Bleau\My Documents\TSKS~1C:\Documents and Settings\Bleau\My Documents\TSKS~1\c?rss.exeC:\Program Files\wnsxs~1C:\Program Files\wnsxs~1\W?nSxS\C:\Temp\1cbC:\Temp\1cb\syscheck.logC:\Temp\sanR24C:\Temp\sanR24\lDii.logC:\WINDOWS\pskt.iniC:\WINDOWS\system32\adkfjpjc.dllC:\WINDOWS\system32\adkfjpjc.dllboxC:\WINDOWS\system32\c4C:\WINDOWS\system32\c4
p89104.exeC:\WINDOWS\system32\ckupqgcr.dllC:\WINDOWS\system32\cnltmkoh.dllC:\WINDOWS\system32\fkjjbqwk.dllC:\WINDOWS\system32\giqxqoip.iniC:\WINDOWS\system32\hgjlm.iniC:\WINDOWS\system32\hgjlm.ini2C:\WINDOWS\system32\hokmtlnc.iniC:\WINDOWS\system32\iDlo01C:\WINDOWS\system32\k8C:\WINDOWS\system32\k8avecom3.exeC:\WINDOWS\system32\mljgh.dllC:\WINDOWS\system32\opqybxac.dllC:\WINDOWS\system32\pac.txtC:\WINDOWS\system32\pioqxqig.dllC:\WINDOWS\system32\s7C:\WINDOWS\system32\s7\gbsu011.exeC:\WINDOWS\system32\uvcikhno.dllC:\WINDOWS\system32\x3C:\WINDOWS\system32\xxyvtqp.dll .(((((((((((((((((((((((((((((((((((((((   Drivers/Services   ))))))))))))))))))))))))))))))))))))))))))))))))) .-------\LEGACY_CMDSERVICE-------\LEGACY_NETWORK_MONITOR   (((((((((((((((((((((((((   Files Created from 2008-02-05 to 2008-03-05  ))))))))))))))))))))))))))))))). 2008-03-03 13:48 . 2008-03-03 13:48   d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-03 13:48 . 2008-03-03 13:49   d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-03 10:43 . 2008-03-03 11:04   d-------- C:\Documents and Settings\Administrator\.housecall6.6 2008-03-02 21:13 . 2005-06-21 17:02   d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc 2008-03-02 20:36 . 2008-03-02 23:47   d-------- C:\Program Files\Trend Micro 2008-03-02 20:30 . 2008-03-02 20:30   d--hs---- C:\WINDOWS\QmxlYXU 2008-03-02 20:29 . 2008-03-05 10:37   d-------- C:\Temp 2008-03-01 11:07 . 2008-03-01 11:08   d-------- C:\Documents and Settings\Bleau\Application Data\Corel 2008-02-28 19:12 . 2008-02-28 19:12   d-------- C:\Documents and Settings\Bleau\Application Data\AOL 2008-02-27 18:21 . 2008-02-27 18:21   d-------- C:\Program Files\DellSupport 2008-02-26 19:36 . 2008-02-26 19:36   d-------- C:\Program Files\Hewlett-Packard 2008-02-26 19:35 . 2008-02-26 19:35   d-------- C:\Documents and Settings\All Users\Application Data\HP 2008-02-26 19:34 . 2005-05-10 20:49 37,376 --a------ C:\WINDOWS\system32\hpz3l3xu.dll 2008-02-26 19:33 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll 2008-02-26 19:33 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2008-02-26 19:33 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2008-02-26 19:33 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2008-02-26 19:33 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe 2008-02-26 19:33 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2008-02-26 19:32 . 2008-02-26 19:36   d-------- C:\Program Files\HP 2008-02-26 19:31 . 2008-02-26 19:37 79,371 --a------ C:\WINDOWS\hpfins05.dat 2008-02-26 19:31 . 2005-08-10 21:06 1,547 --------- C:\WINDOWS\hpfmdl05.dat 2008-02-26 19:29 . 2008-02-26 19:29   d-------- C:\Documents and Settings\Bleau\Application Data\HP 2008-02-26 19:28 . 2005-04-27 20:38 372,736 --a------ C:\WINDOWS\system32\hpzidi01.dll 2008-02-26 19:28 . 2004-09-30 11:49 274,432 --a------ C:\WINDOWS\system32\HPZc3212.dll 2008-02-26 19:28 . 2005-04-27 20:37 77,824 --a------ C:\WINDOWS\system32\hpzids01.dll 2008-02-26 19:28 . 2005-03-08 14:52 51,120 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys 2008-02-26 19:28 . 2005-03-08 14:52 21,744 --a------ C:\WINDOWS\system32\drivers\HPZius12.sys 2008-02-26 19:28 . 2005-03-08 14:52 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2008-02-26 18:56 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2008-02-24 20:31 . 2008-02-24 20:31   d-------- C:\Program Files\Common Files\Adobe 2008-02-24 20:31 . 2008-02-26 19:44   d-------- C:\Documents and Settings\Bleau\Application Data\AdobeUM 2008-02-23 11:22 . 2003-02-28 16:34 313,856 --a------ C:\WINDOWS\system32\dx3j.dll 2008-02-23 11:22 . 2003-02-28 18:26 171,280 --a------ C:\WINDOWS\system32\jit.dll 2008-02-23 11:22 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe 2008-02-23 11:22 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd 2008-02-23 11:22 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat 2008-02-23 11:18 . 2008-02-23 11:18   d-------- C:\QBTIMER 2008-02-23 09:39 . 2007-12-06 21:21 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-02-23 09:39 . 2007-06-30 22:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-02-23 09:39 . 2007-06-30 22:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-02-23 09:39 . 2007-12-06 21:21 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-02-23 09:39 . 2007-12-06 21:21 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-02-23 09:39 . 2007-12-06 21:21 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-02-23 09:39 . 2007-12-06 21:21 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-02-23 09:39 . 2007-12-06 21:21 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-02-23 09:39 . 2007-12-06 06:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-23 08:57 . 2008-02-23 08:57   d-------- C:\Program Files\MSXML 4.0 2008-02-22 22:05 . 2007-07-09 08:09 584,192 --------- C:\WINDOWS\system32\dllcachepcrt4.dll 2008-02-22 21:36 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-02-21 17:10 . 2008-02-21 17:10   d---s---- C:\Documents and Settings\Bleau\UserData 2008-02-20 15:35 . 2008-03-04 20:10   d-------- C:\Program Files\Common Files\Intuit 2008-02-20 15:27 . 2008-02-20 15:27   d-------- C:\WINDOWS\Intuit 2008-02-20 15:27 . 2008-02-20 15:27   d-------- C:\Program Files\Intuit 2008-02-20 15:27 . 1997-09-15 14:31 40,448 --a------ C:\WINDOWS\Icg32.dll 2008-02-20 15:27 . 1997-09-09 11:27 5,776 --a------ C:\WINDOWS\Icoadb32.dat 2008-02-20 15:27 . 2008-02-23 11:16 64 --a------ C:\WINDOWS\QBWCD.INI 2008-02-20 15:26 . 2008-02-20 15:26   d-------- C:\Documents and Settings\Bleau\WINDOWS 2008-02-20 14:48 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-02-20 14:48 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-02-20 14:48 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-02-20 14:48 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys 2008-02-20 14:48 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-02-20 14:48 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys 2008-02-20 14:48 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-02-20 14:48 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys 2008-02-20 14:48 . 2008-02-20 14:48 4,128 --a------ C:\INFCACHE.1 2008-02-20 09:49 . 2008-02-20 09:49   d-------- C:\Documents and Settings\All Users\Application Data\Citrix 2008-02-20 09:48 . 2008-02-20 09:48   d-------- C:\WINDOWS\Sun 2008-02-20 09:48 . 2008-02-20 09:48   d-------- C:\Program Files\Citrix 2008-02-20 09:48 . 2008-02-20 09:48 60,968 --a------ C:\Documents and Settings\Bleau\GoToAssistDownloadHelper.exe 2008-02-20 09:42 . 2005-06-21 17:02   d-------- C:\Documents and Settings\Bleau\Application Data\Jasc Software Inc 2008-02-20 09:42 . 2008-02-27 18:25   d--h----- C:\Documents and Settings\Bleau\Application Data\Gtek 2008-02-20 09:38 . 2008-02-20 09:38 8,192 --a------ C:\WINDOWS\REGLOCS.OLD .((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-02-29 00:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL2008-02-29 00:11 --------- d-----w C:\Program Files\America Online 9.02008-02-23 16:22 155,995 ----a-w C:\WINDOWS\java\Packages\PVHZJ7DZ.ZIP2008-02-23 16:21 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll2007-12-19 23:01 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys2007-12-08 15:51 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll2007-12-07 01:07 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll2007-12-07 01:07 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll2007-12-07 01:07 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll2007-12-07 01:07 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll2007-12-07 01:07 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll2005-08-02 21:46 187,904 --sha-r C:\WINDOWS\QmxlYXU\asappsrv.dll2005-08-02 21:58 293,888 --sha-r C:\WINDOWS\QmxlYXU\command.exe2005-07-29 21:24 472 --sha-r C:\WINDOWS\QmxlYXU\kAU5sro.vbs. (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4742CFE2-0C00-5089-0261-2C00CDBFDA96}]   C:\WINDOWS\system32\esogmctz.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFF21A79-4D56-40C7-A7A1-2B409E72B830}]   C:\Program Files\Windows Media Player\quhaceqy214.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'DellSupport'='C:\Program Files\DellSupport\DSAgnt.exe' [2007-03-15 11:09 460784]'ctfmon.exe'='C:\WINDOWS\system32\ctfmon.exe' [2004-08-04 05:00 15360]'SpybotSD TeaTimer'='C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe' [2008-01-28 11:43 2097488] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]'SpybotDeletingB688'='command /c del C:\Documents and Settings\Bleau\Start Menu\Programs\Outerinfo\Terms.lnk' [ ]'SpybotDeletingD5315'='cmd /c del C:\Documents and Settings\Bleau\Start Menu\Programs\Outerinfo\Terms.lnk' [ ]'SpybotDeletingB9376'='command /c del C:\Documents and Settings\Bleau\Start Menu\Programs\Outerinfo\Uninstall.lnk' [ ]'SpybotDeletingD5178'='cmd /c del C:\Documents and Settings\Bleau\Start Menu\Programs\Outerinfo\Uninstall.lnk' [ ]'SpybotDeletingB8961'='command /c del C:\WINDOWS\system32\siuugtqk.dll_old' [ ]'SpybotDeletingD9988'='cmd /c del C:\WINDOWS\system32\siuugtqk.dll_old' [ ]'SpybotDeletingB6495'='command /c del C:\WINDOWS\system32\siuugtqk.dll' [ ]'SpybotDeletingD8235'='cmd /c del C:\WINDOWS\system32\siuugtqk.dll' [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'IgfxTray'='C:\WINDOWS\system32\igfxtray.exe' [2004-11-02 23:03 155648]'HotKeysCmds'='C:\WINDOWS\system32\hkcmd.exe' [2004-11-02 22:59 126976]'SunJavaUpdateSched'='C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe' [2003-11-19 17:48 32881]'SynTPLpr'='C:\Program Files\Synaptics\SynTP\SynTPLpr.exe' [2004-05-13 10:23 98304]'SynTPEnh'='C:\Program Files\Synaptics\SynTP\SynTPEnh.exe' [2004-05-14 00:35 536576]'PRONoMgrWired'='C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe' [2004-12-09 13:58 86016]'Dell QuickSet'='C:\Program Files\Dell\QuickSet\quickset.exe' [2005-03-04 11:26 606208]'DVDLauncher'='C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe' [2005-02-23 16:19 53248]'MMTray'='C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe' [2004-09-14 08:50 131072]'mmtask'='C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe' [2004-09-14 08:50 53248]'RealTray'='C:\Program Files\Real\RealPlayer\RealPlay.exe' [2005-06-21 17:06 26112]'QuickTime Task'='C:\Program Files\QuickTime\qttask.exe' [2005-06-21 17:07 98304]'dla'='C:\WINDOWS\system32\dla	fswctrl.exe' [2004-12-06 01:05 127035]'ISUSPM Startup'='C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe' [2004-07-27 16:50 221184]'ISUSScheduler'='C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe' [2004-07-27 16:50 81920]'DMXLauncher'='C:\Program Files\Dell\Media Experience\DMXLauncher.exe' [2005-01-27 01:02 86016]'HP Software Update'='C:\Program Files\HP\HP Software Update\HPWuSchd2.exe' [2005-05-11 23:12 49152]'AOLDialer'='C:\Program Files\Common Files\AOL\ACS\AOLDial.exe' [2004-04-07 12:07 496752]'pccguide.exe'='C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe' [2006-03-08 13:30 897089] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-06-21 17:06:07 156784]Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-06-21 16:59:18 24576]HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\GoToAssist]C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2008-02-20 09:48 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]'DisableMonitoring'=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]'DisableMonitoring'=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]'EnableFirewall'= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]'%windir%\system32\sessmgr.exe'='C:\Program Files\Common Files\AOL\ACS\AOLDial.exe'='C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe'='%windir%\Network Diagnostic\xpnetdiag.exe'='C:\Program Files\America Online 9.0\waol.exe'= S3 GoToAssist;GoToAssist;'C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe' Start=service [] .************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-03-05 10:58:33Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TnIDriver]'ImagePath'='\??\C:\DOCUME~1\Bleau\LOCALS~1\Temp	ni292.tmp'.Completion time: 2008-03-05 10:59:07ComboFix-quarantined-files.txt  2008-03-05 15:58:58.2008-02-26 23:57:01 --- E O F ---

bamajim · Answer

ebleau

1. Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.

2. Open NotePad (not wordpad). Copy and paste the following into Notepad

File::
C:\WINDOWS\Icoadb32.dat
C:\WINDOWS\QBWCD.INI
C:\Program Files\Windows Media Player\quhaceqy214.dll
C:\WINDOWS\system32\esogmctz.dll

Folder::
C:\WINDOWS\QmxlYXU

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4742CFE2-0C00-5089-0261-2C00CDBFDA96}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFF21A79-4D56-40C7-A7A1-2B409E72B830}]
[-HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TnIDriver]

Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

user posted image

You will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply

3. Rerun Hijackthis and post a fresh Hijackthis log as well

Microsoft MVP Consumer-Security

CastleCops Instructor

"The world is what you make of it"

ebleau · Answer

here's the new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:41:36 PM, on 3/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4742CFE2-0C00-5089-0261-2C00CDBFDA96} - (no file)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - (no file)
O2 - BHO: (no name) - {B987B188-C1DD-4536-843C-4A148AA0600A} - (no file)
O2 - BHO: (no name) - {BFF21A79-4D56-40C7-A7A1-2B409E72B830} - (no file)
O2 - BHO: (no name) - {ED120D76-BF31-412C-A99B-783C6676E128} - (no file)
O2 - BHO: (no name) - {f5543d94-4b65-4137-9a85-1984ea85f7b8} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [64ffd956] rundll32.exe "C:\WINDOWS\system32\cnltmkoh.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA6409] command /c del "C:\Documents and Settings\Bleau\Start Menu\Programs\Outerinfo\Terms.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9292] cmd /c del "C:\Documents and Settings\Bleau\Start Menu\Programs\Outerinfo\Terms.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA821] command /c del "C:\Documents and Settings\Bleau\Start Menu\Programs\Outerinfo\Uninstall.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8127] cmd /c del "C:\Documents and Settings\Bleau\Start Menu\Programs\Outerinfo\Uninstall.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6500] command /c del "C:\WINDOWS\system32\siuugtqk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6546] cmd /c del "C:\WINDOWS\system32\siuugtqk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5992] command /c del "C:\WINDOWS\system32\siuugtqk.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7661] cmd /c del "C:\WINDOWS\system32\siuugtqk.dll"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB688] command /c del "C:\Documents and Settings\Bleau\Start Menu\Programs\Outerinfo\Terms.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5315] cmd /c del "C:\Documents and Settings\Bleau\Start Menu\Programs\Outerinfo\Terms.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9376] command /c del "C:\Documents and Settings\Bleau\Start Menu\Programs\Outerinfo\Uninstall.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5178] cmd /c del "C:\Documents and Settings\Bleau\Start Menu\Programs\Outerinfo\Uninstall.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8961] command /c del "C:\WINDOWS\system32\siuugtqk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9988] cmd /c del "C:\WINDOWS\system32\siuugtqk.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6495] command /c del "C:\WINDOWS\system32\siuugtqk.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8235] cmd /c del "C:\WINDOWS\system32\siuugtqk.dll"
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

ebleau · Answer

Here's the new combofix log         ComboFix 08-03-04.5 - Administrator 2008-03-05 13:31:09.2 - NTFSx86 NETWORKMicrosoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.133 [GMT -5:00]Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exeCommand switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE ::C:\Program Files\Windows Media Player\quhaceqy214.dllC:\WINDOWS\Icoadb32.datC:\WINDOWS\QBWCD.INIC:\WINDOWS\system32\esogmctz.dll. (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))). C:\WINDOWS\Icoadb32.datC:\WINDOWS\QBWCD.INIC:\WINDOWS\QmxlYXUC:\WINDOWS\QmxlYXU\asappsrv.dllC:\WINDOWS\QmxlYXU\command.exeC:\WINDOWS\QmxlYXU\kAU5sro.vbs .--------------- FMove --------------- .(((((((((((((((((((((((((   Files Created from 2008-02-05 to 2008-03-05  ))))))))))))))))))))))))))))))). 2008-03-03 13:48 . 2008-03-03 13:48   d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-03 13:48 . 2008-03-03 13:49   d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-03 10:43 . 2008-03-03 11:04   d-------- C:\Documents and Settings\Administrator\.housecall6.6 2008-03-02 21:13 . 2005-06-21 17:02   d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc 2008-03-02 20:36 . 2008-03-02 23:47   d-------- C:\Program Files\Trend Micro 2008-03-02 20:29 . 2008-03-05 10:37   d-------- C:\Temp 2008-03-01 11:07 . 2008-03-01 11:08   d-------- C:\Documents and Settings\Bleau\Application Data\Corel 2008-02-28 19:12 . 2008-02-28 19:12   d-------- C:\Documents and Settings\Bleau\Application Data\AOL 2008-02-27 18:21 . 2008-02-27 18:21   d-------- C:\Program Files\DellSupport 2008-02-26 19:36 . 2008-02-26 19:36   d-------- C:\Program Files\Hewlett-Packard 2008-02-26 19:35 . 2008-02-26 19:35   d-------- C:\Documents and Settings\All Users\Application Data\HP 2008-02-26 19:34 . 2005-05-10 20:49 37,376 --a------ C:\WINDOWS\system32\hpz3l3xu.dll 2008-02-26 19:33 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll 2008-02-26 19:33 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2008-02-26 19:33 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2008-02-26 19:33 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2008-02-26 19:33 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe 2008-02-26 19:33 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2008-02-26 19:32 . 2008-02-26 19:36   d-------- C:\Program Files\HP 2008-02-26 19:31 . 2008-02-26 19:37 79,371 --a------ C:\WINDOWS\hpfins05.dat 2008-02-26 19:31 . 2005-08-10 21:06 1,547 --------- C:\WINDOWS\hpfmdl05.dat 2008-02-26 19:29 . 2008-02-26 19:29   d-------- C:\Documents and Settings\Bleau\Application Data\HP 2008-02-26 19:28 . 2005-04-27 20:38 372,736 --a------ C:\WINDOWS\system32\hpzidi01.dll 2008-02-26 19:28 . 2004-09-30 11:49 274,432 --a------ C:\WINDOWS\system32\HPZc3212.dll 2008-02-26 19:28 . 2005-04-27 20:37 77,824 --a------ C:\WINDOWS\system32\hpzids01.dll 2008-02-26 19:28 . 2005-03-08 14:52 51,120 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys 2008-02-26 19:28 . 2005-03-08 14:52 21,744 --a------ C:\WINDOWS\system32\drivers\HPZius12.sys 2008-02-26 19:28 . 2005-03-08 14:52 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2008-02-26 18:56 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2008-02-24 20:31 . 2008-02-24 20:31   d-------- C:\Program Files\Common Files\Adobe 2008-02-24 20:31 . 2008-02-26 19:44   d-------- C:\Documents and Settings\Bleau\Application Data\AdobeUM 2008-02-23 11:22 . 2003-02-28 16:34 313,856 --a------ C:\WINDOWS\system32\dx3j.dll 2008-02-23 11:22 . 2003-02-28 18:26 171,280 --a------ C:\WINDOWS\system32\jit.dll 2008-02-23 11:22 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe 2008-02-23 11:22 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd 2008-02-23 11:22 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat 2008-02-23 11:18 . 2008-02-23 11:18   d-------- C:\QBTIMER 2008-02-23 09:39 . 2007-12-06 21:21 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-02-23 09:39 . 2007-06-30 22:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-02-23 09:39 . 2007-06-30 22:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-02-23 09:39 . 2007-12-06 21:21 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-02-23 09:39 . 2007-12-06 21:21 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-02-23 09:39 . 2007-12-06 21:21 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-02-23 09:39 . 2007-12-06 21:21 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-02-23 09:39 . 2007-12-06 21:21 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-02-23 09:39 . 2007-12-06 06:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-23 08:57 . 2008-02-23 08:57   d-------- C:\Program Files\MSXML 4.0 2008-02-22 22:05 . 2007-07-09 08:09 584,192 --------- C:\WINDOWS\system32\dllcachepcrt4.dll 2008-02-22 21:36 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-02-21 17:10 . 2008-02-21 17:10   d---s---- C:\Documents and Settings\Bleau\UserData 2008-02-20 15:35 . 2008-03-04 20:10   d-------- C:\Program Files\Common Files\Intuit 2008-02-20 15:27 . 2008-02-20 15:27   d-------- C:\WINDOWS\Intuit 2008-02-20 15:27 . 2008-02-20 15:27   d-------- C:\Program Files\Intuit 2008-02-20 15:27 . 1997-09-15 14:31 40,448 --a------ C:\WINDOWS\Icg32.dll 2008-02-20 15:26 . 2008-02-20 15:26   d-------- C:\Documents and Settings\Bleau\WINDOWS 2008-02-20 14:48 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-02-20 14:48 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-02-20 14:48 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-02-20 14:48 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys 2008-02-20 14:48 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-02-20 14:48 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys 2008-02-20 14:48 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-02-20 14:48 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys 2008-02-20 14:48 . 2008-02-20 14:48 4,128 --a------ C:\INFCACHE.1 2008-02-20 09:49 . 2008-02-20 09:49   d-------- C:\Documents and Settings\All Users\Application Data\Citrix 2008-02-20 09:48 . 2008-02-20 09:48   d-------- C:\WINDOWS\Sun 2008-02-20 09:48 . 2008-02-20 09:48   d-------- C:\Program Files\Citrix 2008-02-20 09:48 . 2008-02-20 09:48 60,968 --a------ C:\Documents and Settings\Bleau\GoToAssistDownloadHelper.exe 2008-02-20 09:42 . 2005-06-21 17:02   d-------- C:\Documents and Settings\Bleau\Application Data\Jasc Software Inc 2008-02-20 09:42 . 2008-02-27 18:25   d--h----- C:\Documents and Settings\Bleau\Application Data\Gtek 2008-02-20 09:38 . 2008-02-20 09:38 8,192 --a------ C:\WINDOWS\REGLOCS.OLD .((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-02-29 00:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL2008-02-29 00:11 --------- d-----w C:\Program Files\America Online 9.02008-02-23 16:22 155,995 ----a-w C:\WINDOWS\java\Packages\PVHZJ7DZ.ZIP2008-02-23 16:21 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll2007-12-19 23:01 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys2007-12-08 15:51 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll2007-12-07 01:07 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll2007-12-07 01:07 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll2007-12-07 01:07 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll2007-12-07 01:07 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll2007-12-07 01:07 1,023,488 ------w C:\WINDOWS\system32\dllcache\browseui.dll2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll. (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'DellSupport'='C:\Program Files\DellSupport\DSAgnt.exe' [2007-03-15 11:09 460784]'ctfmon.exe'='C:\WINDOWS\system32\ctfmon.exe' [2004-08-04 05:00 15360]'SpybotSD TeaTimer'='C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe' [2008-01-28 11:43 2097488] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]'SpybotDeletingB688'='command /c del C:\Documents and Settings\Bleau\Start Menu\Programs\Outerinfo\Terms.lnk' [ ]'SpybotDeletingD5315'='cmd /c del C:\Documents and Settings\Bleau\Start Menu\Programs\Outerinfo\Terms.lnk' [ ]'SpybotDeletingB9376'='command /c del C:\Documents and Settings\Bleau\Start Menu\Programs\Outerinfo\Uninstall.lnk' [ ]'SpybotDeletingD5178'='cmd /c del C:\Documents and Settings\Bleau\Start Menu\Programs\Outerinfo\Uninstall.lnk' [ ]'SpybotDeletingB8961'='command /c del C:\WINDOWS\system32\siuugtqk.dll_old' [ ]'SpybotDeletingD9988'='cmd /c del C:\WINDOWS\system32\siuugtqk.dll_old' [ ]'SpybotDeletingB6495'='command /c del C:\WINDOWS\system32\siuugtqk.dll' [ ]'SpybotDeletingD8235'='cmd /c del C:\WINDOWS\system32\siuugtqk.dll' [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'IgfxTray'='C:\WINDOWS\system32\igfxtray.exe' [2004-11-02 23:03 155648]'HotKeysCmds'='C:\WINDOWS\system32\hkcmd.exe' [2004-11-02 22:59 126976]'SunJavaUpdateSched'='C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe' [2003-11-19 17:48 32881]'SynTPLpr'='C:\Program Files\Synaptics\SynTP\SynTPLpr.exe' [2004-05-13 10:23 98304]'SynTPEnh'='C:\Program Files\Synaptics\SynTP\SynTPEnh.exe' [2004-05-14 00:35 536576]'PRONoMgrWired'='C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe' [2004-12-09 13:58 86016]'Dell QuickSet'='C:\Program Files\Dell\QuickSet\quickset.exe' [2005-03-04 11:26 606208]'DVDLauncher'='C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe' [2005-02-23 16:19 53248]'MMTray'='C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe' [2004-09-14 08:50 131072]'mmtask'='C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe' [2004-09-14 08:50 53248]'RealTray'='C:\Program Files\Real\RealPlayer\RealPlay.exe' [2005-06-21 17:06 26112]'QuickTime Task'='C:\Program Files\QuickTime\qttask.exe' [2005-06-21 17:07 98304]'dla'='C:\WINDOWS\system32\dla	fswctrl.exe' [2004-12-06 01:05 127035]'ISUSPM Startup'='C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe' [2004-07-27 16:50 221184]'ISUSScheduler'='C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe' [2004-07-27 16:50 81920]'DMXLauncher'='C:\Program Files\Dell\Media Experience\DMXLauncher.exe' [2005-01-27 01:02 86016]'HP Software Update'='C:\Program Files\HP\HP Software Update\HPWuSchd2.exe' [2005-05-11 23:12 49152]'AOLDialer'='C:\Program Files\Common Files\AOL\ACS\AOLDial.exe' [2004-04-07 12:07 496752]'pccguide.exe'='C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe' [2006-03-08 13:30 897089] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-06-21 17:06:07 156784]Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-06-21 16:59:18 24576]HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\GoToAssist]C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2008-02-20 09:48 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]'DisableMonitoring'=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]'DisableMonitoring'=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]'EnableFirewall'= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]'%windir%\system32\sessmgr.exe'='C:\Program Files\Common Files\AOL\ACS\AOLDial.exe'='C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe'='%windir%\Network Diagnostic\xpnetdiag.exe'='C:\Program Files\America Online 9.0\waol.exe'= S3 GoToAssist;GoToAssist;'C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe' Start=service [] .************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-03-05 13:32:38Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0 **************************************************************************.Completion time: 2008-03-05 13:33:10ComboFix-quarantined-files.txt  2008-03-05 18:33:02ComboFix2.txt  2008-03-05 15:59:08.2008-02-26 23:57:01 --- E O F ---

bamajim · Answer

ebleau

Are you able to boot into Normal windows mode?

Also it seems that Spybot S&D is stuck we may have to uninstall it temporarily

Microsoft MVP Consumer-Security

CastleCops Instructor

"The world is what you make of it"

ebleau · Answer

Yes! It seems like everything is working perfectly now in normal mode.  I uninstalled Spybot for now.  Thank you so much for all your help and responding so fast!!!!!!!!!!!! Erin

bamajim · Answer

ebleau   Good. You are most welcome. Post a fresh Hijackthis log so I can see if it's clean.     Microsoft MVP Consumer-Security CastleCops Instructor   'The world is what you make of it'

ebleau · Answer

Still have viruses that Trendmicro is picking up here's another hijack log

Logfile of HijackThis v1.99.1
Scan saved at 20:25, on 2008-03-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4742CFE2-0C00-5089-0261-2C00CDBFDA96} - (no file)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {B987B188-C1DD-4536-843C-4A148AA0600A} - (no file)
O2 - BHO: (no name) - {BFF21A79-4D56-40C7-A7A1-2B409E72B830} - (no file)
O2 - BHO: (no name) - {ED120D76-BF31-412C-A99B-783C6676E128} - (no file)
O2 - BHO: (no name) - {f5543d94-4b65-4137-9a85-1984ea85f7b8} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [64ffd956] rundll32.exe "C:\WINDOWS\system32\cnltmkoh.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Rtc] "C:\Documents and Settings\Bleau\My Documents\T?sks\c?rss.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

bamajim · Answer

ebleau   Now that is seems we have Spybot S&D calmed down, rerun Combofix and post a fresh Combofix log.     Microsoft MVP Consumer-Security CastleCops Instructor   'The world is what you make of it'

ebleau · Answer

ComboFix 08-03-07.4 - Bleau 2008-03-08 10:31:07.3 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.276 [GMT -5:00]Running from: C:\Documents and Settings\Bleau\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!. (((((((((((((((((((((((((   Files Created from 2008-02-08 to 2008-03-08  ))))))))))))))))))))))))))))))). 2008-03-05 20:08 . 2008-03-05 20:08   d-------- C:\Program Files\Common Files\WexTech Shared 2008-03-05 20:08 . 2008-03-05 20:08   d-------- C:\Program Files\Common Files\LHSPF 2008-03-05 20:08 . 2002-07-01 17:30 1,687,625 --a------ C:\WINDOWS\system32\InetClnt.dll 2008-03-05 20:08 . 2000-05-02 10:03 225,280 --a------ C:\WINDOWS\system32\AWRTL30.DLL 2008-03-05 20:08 . 1998-08-04 11:22 111,616 --a------ C:\WINDOWS\system32\LTIH30TB.DLL 2008-03-05 20:02 . 1997-09-09 11:27 5,776 --a------ C:\WINDOWS\Icoadb32.dat 2008-03-05 20:02 . 2008-03-05 20:02 64 --a------ C:\WINDOWS\QBWCD.INI 2008-03-05 19:26 . 2008-03-05 19:26 376 --a------ C:\WINDOWS\ODBC.INI 2008-03-05 19:25 . 2008-03-05 19:25   d-------- C:\Program Files\Microsoft ActiveSync 2008-03-03 13:48 . 2008-03-05 18:20   d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-03 13:48 . 2008-03-05 19:04   d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-03 10:43 . 2008-03-03 11:04   d-------- C:\Documents and Settings\Administrator\.housecall6.6 2008-03-02 21:13 . 2005-06-21 17:02   d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc 2008-03-02 20:36 . 2008-03-02 23:47   d-------- C:\Program Files\Trend Micro 2008-03-02 20:29 . 2008-03-05 10:37   d-------- C:\Temp 2008-03-01 11:07 . 2008-03-01 11:08   d-------- C:\Documents and Settings\Bleau\Application Data\Corel 2008-02-28 19:12 . 2008-02-28 19:12   d-------- C:\Documents and Settings\Bleau\Application Data\AOL 2008-02-27 18:21 . 2008-02-27 18:21   d-------- C:\Program Files\DellSupport 2008-02-26 19:36 . 2008-02-26 19:36   d-------- C:\Program Files\Hewlett-Packard 2008-02-26 19:35 . 2008-02-26 19:35   d-------- C:\Documents and Settings\All Users\Application Data\HP 2008-02-26 19:34 . 2005-05-10 20:49 37,376 --a------ C:\WINDOWS\system32\hpz3l3xu.dll 2008-02-26 19:33 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll 2008-02-26 19:33 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2008-02-26 19:33 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2008-02-26 19:33 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2008-02-26 19:33 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe 2008-02-26 19:33 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2008-02-26 19:32 . 2008-02-26 19:36   d-------- C:\Program Files\HP 2008-02-26 19:31 . 2008-02-26 19:37 79,371 --a------ C:\WINDOWS\hpfins05.dat 2008-02-26 19:31 . 2005-08-10 21:06 1,547 --------- C:\WINDOWS\hpfmdl05.dat 2008-02-26 19:29 . 2008-02-26 19:29   d-------- C:\Documents and Settings\Bleau\Application Data\HP 2008-02-26 19:28 . 2005-04-27 20:38 372,736 --a------ C:\WINDOWS\system32\hpzidi01.dll 2008-02-26 19:28 . 2004-09-30 11:49 274,432 --a------ C:\WINDOWS\system32\HPZc3212.dll 2008-02-26 19:28 . 2005-04-27 20:37 77,824 --a------ C:\WINDOWS\system32\hpzids01.dll 2008-02-26 19:28 . 2005-03-08 14:52 51,120 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys 2008-02-26 19:28 . 2005-03-08 14:52 21,744 --a------ C:\WINDOWS\system32\drivers\HPZius12.sys 2008-02-26 19:28 . 2005-03-08 14:52 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2008-02-26 18:56 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2008-02-24 20:31 . 2008-02-24 20:31   d-------- C:\Program Files\Common Files\Adobe 2008-02-24 20:31 . 2008-02-26 19:44   d-------- C:\Documents and Settings\Bleau\Application Data\AdobeUM 2008-02-23 11:22 . 2003-02-28 16:34 313,856 --a------ C:\WINDOWS\system32\dx3j.dll 2008-02-23 11:22 . 2003-02-28 18:26 171,280 --a------ C:\WINDOWS\system32\jit.dll 2008-02-23 11:22 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe 2008-02-23 11:22 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd 2008-02-23 11:22 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat 2008-02-23 11:18 . 2008-02-23 11:18   d-------- C:\QBTIMER 2008-02-23 09:39 . 2007-12-06 21:21 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-02-23 09:39 . 2007-06-30 22:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-02-23 09:39 . 2007-06-30 22:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-02-23 09:39 . 2007-12-06 21:21 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-02-23 09:39 . 2007-12-06 21:21 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-02-23 09:39 . 2007-12-06 21:21 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-02-23 09:39 . 2007-12-06 21:21 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-02-23 09:39 . 2007-12-06 21:21 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-02-23 09:39 . 2007-12-06 06:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-23 08:57 . 2008-02-23 08:57   d-------- C:\Program Files\MSXML 4.0 2008-02-22 22:05 . 2007-07-09 08:09 584,192 --------- C:\WINDOWS\system32\dllcachepcrt4.dll 2008-02-22 21:36 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-02-21 17:10 . 2008-02-21 17:10   d--hs---- C:\Documents and Settings\Bleau\UserData 2008-02-20 15:35 . 2008-03-05 20:08   d-------- C:\Program Files\Common Files\Intuit 2008-02-20 15:27 . 2008-02-20 15:27   d-------- C:\WINDOWS\Intuit 2008-02-20 15:27 . 2008-02-20 15:27   d-------- C:\Program Files\Intuit 2008-02-20 15:27 . 1997-09-15 14:31 40,448 --a------ C:\WINDOWS\Icg32.dll 2008-02-20 15:26 . 2008-02-20 15:26   d-------- C:\Documents and Settings\Bleau\WINDOWS 2008-02-20 14:48 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-02-20 14:48 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-02-20 14:48 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-02-20 14:48 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys 2008-02-20 14:48 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-02-20 14:48 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys 2008-02-20 14:48 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-02-20 14:48 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys 2008-02-20 14:48 . 2008-02-20 14:48 4,128 --a------ C:\INFCACHE.1 2008-02-20 09:49 . 2008-02-20 09:49   d-------- C:\Documents and Settings\All Users\Application Data\Citrix 2008-02-20 09:48 . 2008-02-20 09:48   d-------- C:\WINDOWS\Sun 2008-02-20 09:48 . 2008-02-20 09:48   d-------- C:\Program Files\Citrix 2008-02-20 09:48 . 2008-02-20 09:48 60,968 --a------ C:\Documents and Settings\Bleau\GoToAssistDownloadHelper.exe 2008-02-20 09:42 . 2005-06-21 17:02   d-------- C:\Documents and Settings\Bleau\Application Data\Jasc Software Inc 2008-02-20 09:42 . 2008-02-27 18:25   d--h----- C:\Documents and Settings\Bleau\Application Data\Gtek 2008-02-20 09:38 . 2008-02-20 09:38 8,192 --a------ C:\WINDOWS\REGLOCS.OLD .((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-03-06 01:07 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-02-29 00:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL2008-02-29 00:11 --------- d-----w C:\Program Files\America Online 9.02008-02-23 16:22 155,995 ----a-w C:\WINDOWS\java\Packages\PVHZJ7DZ.ZIP2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll2007-12-19 23:01 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys2007-12-08 15:51 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll. (((((((((((((((((((((((((((((   snapshot@2008-03-05_13.32.50.48   ))))))))))))))))))))))))))))))))))))))))).+ 2008-03-06 00:25:53 34,304 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\misc.exe+ 2008-03-06 00:25:54 8,192 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe+ 2008-03-06 00:25:53 3,584 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe+ 2008-03-06 00:25:53 114,688 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\outicon.exe+ 2008-03-06 00:25:53 16,384 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe+ 2008-03-06 00:25:53 30,720 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\pptico.exe+ 2008-03-06 00:25:53 22,528 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe+ 2008-03-06 00:25:54 45,056 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe+ 2008-03-06 00:25:53 90,112 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\xlicons.exe+ 2001-01-22 08:25:24 32,768 ----a-w C:\WINDOWS\system32\ATHPRXY.DLL+ 1999-10-18 01:01:42 1,129,232 ----a-w C:\WINDOWS\system32\FM20.DLL+ 1999-10-18 01:01:16 26,384 ----a-w C:\WINDOWS\system32\FM20ENU.DLL- 2008-02-23 14:11:51 172,280 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT+ 2008-03-06 01:10:50 191,384 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT+ 1998-10-01 18:00:38 520,128 ----a-w C:\WINDOWS\system32\MAPI.DLL+ 1998-03-26 06:00:00 38,160 ----a-w C:\WINDOWS\system32\MAPISRVR.EXE+ 1998-06-18 00:08:32 53,248 ----a-w C:\WINDOWS\system32\MFC42ENU.DLL+ 2000-05-11 18:06:20 397,312 ----a-w C:\WINDOWS\system32\MSRDO20.DLL+ 2000-05-24 03:45:58 118,784 ----a-w C:\WINDOWS\system32\MSSTDFMT.DLL+ 2000-04-03 22:52:54 151,552 ----a-w C:\WINDOWS\system32\RDOCURS.DLL+ 1998-03-25 02:54:08 15,872 ----a-w C:\WINDOWS\system32\SCP32.DLL+ 1999-11-24 23:40:50 40,960 ----a-w C:\WINDOWS\system32\VBAME.DLL.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4742CFE2-0C00-5089-0261-2C00CDBFDA96}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B987B188-C1DD-4536-843C-4A148AA0600A}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFF21A79-4D56-40C7-A7A1-2B409E72B830}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED120D76-BF31-412C-A99B-783C6676E128}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f5543d94-4b65-4137-9a85-1984ea85f7b8}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'ctfmon.exe'='C:\WINDOWS\system32\ctfmon.exe' [2004-08-04 05:00 15360]'DellSupport'='C:\Program Files\DellSupport\DSAgnt.exe' [2007-03-15 11:09 460784]'Rtc'='C:\Documents and Settings\Bleau\My Documents\T?sks\c?rss.exe' [ ]'SpybotSD TeaTimer'='C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe' [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'IgfxTray'='C:\WINDOWS\system32\igfxtray.exe' [2004-11-02 23:03 155648]'HotKeysCmds'='C:\WINDOWS\system32\hkcmd.exe' [2004-11-02 22:59 126976]'SunJavaUpdateSched'='C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe' [2003-11-19 17:48 32881]'SynTPLpr'='C:\Program Files\Synaptics\SynTP\SynTPLpr.exe' [2004-05-13 10:23 98304]'SynTPEnh'='C:\Program Files\Synaptics\SynTP\SynTPEnh.exe' [2004-05-14 00:35 536576]'PRONoMgrWired'='C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe' [2004-12-09 13:58 86016]'Dell QuickSet'='C:\Program Files\Dell\QuickSet\quickset.exe' [2005-03-04 11:26 606208]'DVDLauncher'='C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe' [2005-02-23 16:19 53248]'MMTray'='C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe' [2004-09-14 08:50 131072]'mmtask'='C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe' [2004-09-14 08:50 53248]'RealTray'='C:\Program Files\Real\RealPlayer\RealPlay.exe' [2005-06-21 17:06 26112]'QuickTime Task'='C:\Program Files\QuickTime\qttask.exe' [2005-06-21 17:07 98304]'dla'='C:\WINDOWS\system32\dla	fswctrl.exe' [2004-12-06 01:05 127035]'ISUSPM Startup'='C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe' [2004-07-27 16:50 221184]'ISUSScheduler'='C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe' [2004-07-27 16:50 81920]'DMXLauncher'='C:\Program Files\Dell\Media Experience\DMXLauncher.exe' [2005-01-27 01:02 86016]'HP Software Update'='C:\Program Files\HP\HP Software Update\HPWuSchd2.exe' [2005-05-11 23:12 49152]'AOLDialer'='C:\Program Files\Common Files\AOL\ACS\AOLDial.exe' [2004-04-07 12:07 496752]'pccguide.exe'='C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe' [2006-03-08 13:30 897089]'64ffd956'='C:\WINDOWS\system32\cnltmkoh.dll' [ ] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-06-21 17:06:07 156784]Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-06-21 16:59:18 24576]HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-03-05 20:08:34 651264] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\GoToAssist]C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2008-02-20 09:48 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]'DisableMonitoring'=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]'DisableMonitoring'=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]'%windir%\system32\sessmgr.exe'='C:\Program Files\Common Files\AOL\ACS\AOLDial.exe'='C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe'='%windir%\Network Diagnostic\xpnetdiag.exe'='C:\Program Files\America Online 9.0\waol.exe'= S3 GoToAssist;GoToAssist;'C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe' Start=service [] .************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-03-08 10:35:16Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0 **************************************************************************.------------------------ Other Running Processes ------------------------.C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\WINDOWS\system32\HPZipm12.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1	mproxy.exeC:\WINDOWS\system32\wdfmgr.exeC:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe.**************************************************************************.Completion time: 2008-03-08 10:36:43 - machine was rebootedComboFix-quarantined-files.txt  2008-03-08 15:36:39ComboFix2.txt  2008-03-05 18:33:11ComboFix3.txt  2008-03-05 15:59:08.2008-03-06 00:57:03 --- E O F ---

bamajim · Answer

ebleau 1. Open NotePad (not wordpad). Copy and paste the following into Notepad File::C:\WINDOWS\QBWCD.INIC:\WINDOWS\ODBC.INIRegistry::[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'Rtc'=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'64ffd956'=- Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop Using the Image as a reference, drag CFScript into ComboFix.exe You will be prompted to run Combofix again, Do so Following the same rules as indicated in my first post Then post the contents of the C:\ComboFix.txt log in your reply 2. Rerun Hijackthis and post a fresh Hijackthis log as well Microsoft MVP Consumer-Security CastleCops Instructor   'The world is what you make of it'

ebleau · Answer

ComboFix 08-03-07.4 - Bleau 2008-03-10 17:49:37.4 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.331 [GMT -4:00]Running from: C:\Documents and Settings\Bleau\Desktop\ComboFix.exeCommand switches used :: C:\Documents and Settings\Bleau\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE ::C:\WINDOWS\ODBC.INIC:\WINDOWS\QBWCD.INI. (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))). C:\WINDOWS\ODBC.INIC:\WINDOWS\QBWCD.INI .(((((((((((((((((((((((((   Files Created from 2008-02-10 to 2008-03-10  ))))))))))))))))))))))))))))))). 2008-03-05 21:08 . 2008-03-05 21:08   d-------- C:\Program Files\Common Files\WexTech Shared 2008-03-05 21:08 . 2008-03-05 21:08   d-------- C:\Program Files\Common Files\LHSPF 2008-03-05 21:08 . 2002-07-01 18:30 1,687,625 --a------ C:\WINDOWS\system32\InetClnt.dll 2008-03-05 21:08 . 2000-05-02 11:03 225,280 --a------ C:\WINDOWS\system32\AWRTL30.DLL 2008-03-05 21:08 . 1998-08-04 12:22 111,616 --a------ C:\WINDOWS\system32\LTIH30TB.DLL 2008-03-05 21:02 . 1997-09-09 12:27 5,776 --a------ C:\WINDOWS\Icoadb32.dat 2008-03-05 20:25 . 2008-03-05 20:25   d-------- C:\Program Files\Microsoft ActiveSync 2008-03-03 14:48 . 2008-03-05 19:20   d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-03 14:48 . 2008-03-05 20:04   d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-03 11:43 . 2008-03-03 12:04   d-------- C:\Documents and Settings\Administrator\.housecall6.6 2008-03-02 22:13 . 2005-06-21 18:02   d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc 2008-03-02 21:36 . 2008-03-03 00:47   d-------- C:\Program Files\Trend Micro 2008-03-02 21:29 . 2008-03-05 11:37   d-------- C:\Temp 2008-03-01 12:07 . 2008-03-01 12:08   d-------- C:\Documents and Settings\Bleau\Application Data\Corel 2008-02-28 20:12 . 2008-02-28 20:12   d-------- C:\Documents and Settings\Bleau\Application Data\AOL 2008-02-27 19:21 . 2008-02-27 19:21   d-------- C:\Program Files\DellSupport 2008-02-26 20:36 . 2008-02-26 20:36   d-------- C:\Program Files\Hewlett-Packard 2008-02-26 20:35 . 2008-02-26 20:35   d-------- C:\Documents and Settings\All Users\Application Data\HP 2008-02-26 20:34 . 2005-05-10 21:49 37,376 --a------ C:\WINDOWS\system32\hpz3l3xu.dll 2008-02-26 20:33 . 2004-09-29 13:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll 2008-02-26 20:33 . 2004-09-29 13:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2008-02-26 20:33 . 2004-09-29 13:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2008-02-26 20:33 . 2004-09-29 13:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2008-02-26 20:33 . 2004-09-29 13:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe 2008-02-26 20:33 . 2004-09-29 13:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2008-02-26 20:32 . 2008-02-26 20:36   d-------- C:\Program Files\HP 2008-02-26 20:31 . 2008-02-26 20:37 79,371 --a------ C:\WINDOWS\hpfins05.dat 2008-02-26 20:31 . 2005-08-10 22:06 1,547 --------- C:\WINDOWS\hpfmdl05.dat 2008-02-26 20:29 . 2008-02-26 20:29   d-------- C:\Documents and Settings\Bleau\Application Data\HP 2008-02-26 20:28 . 2005-04-27 21:38 372,736 --a------ C:\WINDOWS\system32\hpzidi01.dll 2008-02-26 20:28 . 2004-09-30 12:49 274,432 --a------ C:\WINDOWS\system32\HPZc3212.dll 2008-02-26 20:28 . 2005-04-27 21:37 77,824 --a------ C:\WINDOWS\system32\hpzids01.dll 2008-02-26 20:28 . 2005-03-08 15:52 51,120 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys 2008-02-26 20:28 . 2005-03-08 15:52 21,744 --a------ C:\WINDOWS\system32\drivers\HPZius12.sys 2008-02-26 20:28 . 2005-03-08 15:52 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2008-02-26 19:56 . 2003-02-28 19:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll 2008-02-24 21:31 . 2008-02-24 21:31   d-------- C:\Program Files\Common Files\Adobe 2008-02-24 21:31 . 2008-02-26 20:44   d-------- C:\Documents and Settings\Bleau\Application Data\AdobeUM 2008-02-23 12:22 . 2003-02-28 17:34 313,856 --a------ C:\WINDOWS\system32\dx3j.dll 2008-02-23 12:22 . 2003-02-28 19:26 171,280 --a------ C:\WINDOWS\system32\jit.dll 2008-02-23 12:22 . 2003-02-28 19:26 46,352 --a------ C:\WINDOWS\setdebug.exe 2008-02-23 12:22 . 2003-02-28 17:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd 2008-02-23 12:22 . 2003-02-28 17:35 6,550 --a------ C:\WINDOWS\jautoexp.dat 2008-02-23 12:18 . 2008-02-23 12:18   d-------- C:\QBTIMER 2008-02-23 10:39 . 2007-12-06 22:21 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-02-23 10:39 . 2007-06-30 23:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-02-23 10:39 . 2007-06-30 23:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-02-23 10:39 . 2007-12-06 22:21 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-02-23 10:39 . 2007-12-06 22:21 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-02-23 10:39 . 2007-12-06 22:21 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-02-23 10:39 . 2007-12-06 22:21 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-02-23 10:39 . 2007-12-06 22:21 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-02-23 10:39 . 2007-12-06 07:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-23 09:57 . 2008-02-23 09:57   d-------- C:\Program Files\MSXML 4.0 2008-02-22 23:05 . 2007-07-09 09:09 584,192 --------- C:\WINDOWS\system32\dllcachepcrt4.dll 2008-02-22 22:36 . 2006-09-06 18:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-02-21 18:10 . 2008-02-21 18:10   d--hs---- C:\Documents and Settings\Bleau\UserData 2008-02-20 16:35 . 2008-03-05 21:08   d-------- C:\Program Files\Common Files\Intuit 2008-02-20 16:27 . 2008-02-20 16:27   d-------- C:\WINDOWS\Intuit 2008-02-20 16:27 . 2008-02-20 16:27   d-------- C:\Program Files\Intuit 2008-02-20 16:27 . 1997-09-15 15:31 40,448 --a------ C:\WINDOWS\Icg32.dll 2008-02-20 16:26 . 2008-02-20 16:26   d-------- C:\Documents and Settings\Bleau\WINDOWS 2008-02-20 15:48 . 2004-08-04 00:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-02-20 15:48 . 2004-08-04 00:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-02-20 15:48 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-02-20 15:48 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys 2008-02-20 15:48 . 2001-08-17 14:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-02-20 15:48 . 2001-08-17 14:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys 2008-02-20 15:48 . 2001-08-17 15:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-02-20 15:48 . 2001-08-17 15:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys 2008-02-20 15:48 . 2008-02-20 15:48 4,128 --a------ C:\INFCACHE.1 2008-02-20 10:49 . 2008-02-20 10:49   d-------- C:\Documents and Settings\All Users\Application Data\Citrix 2008-02-20 10:48 . 2008-02-20 10:48   d-------- C:\WINDOWS\Sun 2008-02-20 10:48 . 2008-02-20 10:48   d-------- C:\Program Files\Citrix 2008-02-20 10:48 . 2008-02-20 10:48 60,968 --a------ C:\Documents and Settings\Bleau\GoToAssistDownloadHelper.exe 2008-02-20 10:42 . 2005-06-21 18:02   d-------- C:\Documents and Settings\Bleau\Application Data\Jasc Software Inc 2008-02-20 10:42 . 2008-02-27 19:25   d--h----- C:\Documents and Settings\Bleau\Application Data\Gtek 2008-02-20 10:38 . 2008-02-20 10:38 8,192 --a------ C:\WINDOWS\REGLOCS.OLD .((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-03-06 01:07 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-02-29 00:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL2008-02-29 00:11 --------- d-----w C:\Program Files\America Online 9.02008-02-23 16:22 155,995 ----a-w C:\WINDOWS\java\Packages\PVHZJ7DZ.ZIP2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll2007-12-19 23:01 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys. (((((((((((((((((((((((((((((   snapshot@2008-03-05_13.32.50.48   ))))))))))))))))))))))))))))))))))))))))).- 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE+ 2000-08-31 12:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE+ 2008-03-06 00:25:53 34,304 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\misc.exe+ 2008-03-06 00:25:54 8,192 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe+ 2008-03-06 00:25:53 3,584 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe+ 2008-03-06 00:25:53 114,688 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\outicon.exe+ 2008-03-06 00:25:53 16,384 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe+ 2008-03-06 00:25:53 30,720 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\pptico.exe+ 2008-03-06 00:25:53 22,528 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe+ 2008-03-06 00:25:54 45,056 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe+ 2008-03-06 00:25:53 90,112 ----a-r C:\WINDOWS\Installer\{913D0409-6000-11D3-8CFE-0050048383C9}\xlicons.exe- 2000-08-31 13:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe+ 2000-08-31 12:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe+ 2001-01-22 08:25:24 32,768 ----a-w C:\WINDOWS\system32\ATHPRXY.DLL+ 1999-10-18 01:01:42 1,129,232 ----a-w C:\WINDOWS\system32\FM20.DLL+ 1999-10-18 01:01:16 26,384 ----a-w C:\WINDOWS\system32\FM20ENU.DLL- 2008-02-23 14:11:51 172,280 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT+ 2008-03-06 01:10:50 191,384 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT+ 1998-10-01 18:00:38 520,128 ----a-w C:\WINDOWS\system32\MAPI.DLL+ 1998-03-26 06:00:00 38,160 ----a-w C:\WINDOWS\system32\MAPISRVR.EXE+ 1998-06-18 00:08:32 53,248 ----a-w C:\WINDOWS\system32\MFC42ENU.DLL+ 2000-05-11 18:06:20 397,312 ----a-w C:\WINDOWS\system32\MSRDO20.DLL+ 2000-05-24 03:45:58 118,784 ----a-w C:\WINDOWS\system32\MSSTDFMT.DLL+ 2000-04-03 22:52:54 151,552 ----a-w C:\WINDOWS\system32\RDOCURS.DLL+ 1998-03-25 02:54:08 15,872 ----a-w C:\WINDOWS\system32\SCP32.DLL- 2000-08-31 13:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe+ 2000-08-31 12:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe+ 1999-11-24 23:40:50 40,960 ----a-w C:\WINDOWS\system32\VBAME.DLL.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4742CFE2-0C00-5089-0261-2C00CDBFDA96}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B987B188-C1DD-4536-843C-4A148AA0600A}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFF21A79-4D56-40C7-A7A1-2B409E72B830}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f5543d94-4b65-4137-9a85-1984ea85f7b8}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'ctfmon.exe'='C:\WINDOWS\system32\ctfmon.exe' [2004-08-04 06:00 15360]'DellSupport'='C:\Program Files\DellSupport\DSAgnt.exe' [2007-03-15 12:09 460784]'SpybotSD TeaTimer'='C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe' [2008-01-28 12:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]'IgfxTray'='C:\WINDOWS\system32\igfxtray.exe' [2004-11-03 00:03 155648]'HotKeysCmds'='C:\WINDOWS\system32\hkcmd.exe' [2004-11-02 23:59 126976]'SunJavaUpdateSched'='C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe' [2003-11-19 18:48 32881]'SynTPLpr'='C:\Program Files\Synaptics\SynTP\SynTPLpr.exe' [2004-05-13 11:23 98304]'SynTPEnh'='C:\Program Files\Synaptics\SynTP\SynTPEnh.exe' [2004-05-14 01:35 536576]'PRONoMgrWired'='C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe' [2004-12-09 14:58 86016]'Dell QuickSet'='C:\Program Files\Dell\QuickSet\quickset.exe' [2005-03-04 12:26 606208]'DVDLauncher'='C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe' [2005-02-23 17:19 53248]'MMTray'='C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe' [2004-09-14 09:50 131072]'mmtask'='C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe' [2004-09-14 09:50 53248]'RealTray'='C:\Program Files\Real\RealPlayer\RealPlay.exe' [2005-06-21 18:06 26112]'QuickTime Task'='C:\Program Files\QuickTime\qttask.exe' [2005-06-21 18:07 98304]'dla'='C:\WINDOWS\system32\dla	fswctrl.exe' [2004-12-06 02:05 127035]'ISUSPM Startup'='C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe' [2004-07-27 17:50 221184]'ISUSScheduler'='C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe' [2004-07-27 17:50 81920]'DMXLauncher'='C:\Program Files\Dell\Media Experience\DMXLauncher.exe' [2005-01-27 02:02 86016]'HP Software Update'='C:\Program Files\HP\HP Software Update\HPWuSchd2.exe' [2005-05-12 00:12 49152]'AOLDialer'='C:\Program Files\Common Files\AOL\ACS\AOLDial.exe' [2004-04-07 13:07 496752]'pccguide.exe'='C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe' [2006-03-08 14:30 897089] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-06-21 18:06:07 156784]Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-06-21 17:59:18 24576]HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04 83360]QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-03-05 21:08:34 651264] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\GoToAssist]C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2008-02-20 10:48 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]'DisableMonitoring'=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]'DisableMonitoring'=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]'%windir%\system32\sessmgr.exe'='C:\Program Files\Common Files\AOL\ACS\AOLDial.exe'='C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe'='%windir%\Network Diagnostic\xpnetdiag.exe'='C:\Program Files\America Online 9.0\waol.exe'= S3 GoToAssist;GoToAssist;'C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe' Start=service [] .************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-03-10 17:51:10Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0 **************************************************************************.Completion time: 2008-03-10 17:51:46ComboFix-quarantined-files.txt  2008-03-10 21:51:38ComboFix2.txt  2008-03-08 15:36:44ComboFix3.txt  2008-03-05 18:33:11ComboFix4.txt  2008-03-05 15:59:08.2008-03-06 00:57:03 --- E O F ---

ebleau · Answer

Logfile of HijackThis v1.99.1Scan saved at 19:02, on 2008-03-10Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608) Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\WINDOWS\system32\dla	fswctrl.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\AOL\ACS\AOLDial.exeC:\Program Files\Trend Micro\Internet Security 2006\pccguide.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\America Online 9.0\aoltray.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\Program Files\Digital Line Detect\DLG.exeC:\PROGRA~1\TRENDM~1\INTERN~1	mproxy.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeC:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\explorer.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywayR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywayR3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {4742CFE2-0C00-5089-0261-2C00CDBFDA96} - (no file)O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla	fswshx.dllO2 - BHO: (no name) - {B987B188-C1DD-4536-843C-4A148AA0600A} - (no file)O2 - BHO: (no name) - {BFF21A79-4D56-40C7-A7A1-2B409E72B830} - (no file)O2 - BHO: (no name) - {f5543d94-4b65-4137-9a85-1984ea85f7b8} - (no file)O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeO4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [DVDLauncher] 'C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe'O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeO4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exeO4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYERO4 - HKLM\..\Run: [QuickTime Task] 'C:\Program Files\QuickTime\qttask.exe' -atboottimeO4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla	fswctrl.exeO4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [ISUSScheduler] 'C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe' -startO4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exeO4 - HKLM\..\Run: [pccguide.exe] 'C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe'O4 - HKLM\..\Run: [64ffd956] rundll32.exe 'C:\WINDOWS\system32\cnltmkoh.dll',bO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DellSupport] 'C:\Program Files\DellSupport\DSAgnt.exe' /startupO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exeO4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [INTERNATIONAL] International*O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cabO16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cabO20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dllO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe' Start=service (file missing)O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeO23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeO23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeO23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1	mproxy.exe

bamajim · Answer

ebleau

1. Turn off Spybot S&D Tea timer.

2. Rerun Hijackthis (scan only) and place checks beside the following entries

O2 - BHO: (no name) - {4742CFE2-0C00-5089-0261-2C00CDBFDA96} - (no file)
O2 - BHO: (no name) - {B987B188-C1DD-4536-843C-4A148AA0600A} - (no file)
O2 - BHO: (no name) - {BFF21A79-4D56-40C7-A7A1-2B409E72B830} - (no file)
O2 - BHO: (no name) - {f5543d94-4b65-4137-9a85-1984ea85f7b8} - (no file)
O4 - HKLM\..\Run: [64ffd956] rundll32.exe "C:\WINDOWS\system32\cnltmkoh.dll",b

Close all other open windows except Hijackthis and Select " Fix checked"

Close Hijackthis ->> Reboot your ->> Rerun Hijackthis and post a fresh Hijackthis log.

Microsoft MVP Consumer-Security

CastleCops Instructor

"The world is what you make of it"

Virus & Spyware

Was this post helpful?