Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91634 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Help (need solution


  • This topic is locked This topic is locked
4 replies to this topic

#1 jazzdrummer

jazzdrummer

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 01 June 2008 - 01:14 AM

log file. help . I get popups and my time is set to military instead of normal.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:15:07, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DelayLoad] C:\DOCUME~1\LEROYG~1\LOCALS~1\Temp\msprint.exe
O4 - HKLM\..\Run: [409c8631] rundll32.exe "C:\WINDOWS\system32\pirifcbm.dll",b
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe







HELP

    Advertisements

Register to Remove


#2 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 01 June 2008 - 10:23 AM

Hello

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.




Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#3 jazzdrummer

jazzdrummer

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 01 June 2008 - 01:24 PM

ComboFix 08-06-01.2 - Leroy Gonzalez 2008-06-01 13:10:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.314 [GMT -6:00]
Running from: C:\Documents and Settings\Leroy Gonzalez\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\byXQIXpN.dll
C:\WINDOWS\system32\gajhywck.dll
C:\WINDOWS\system32\gvanpokh.ini
C:\WINDOWS\system32\jkkkjHbY.dll
C:\WINDOWS\system32\kcwyhjag.ini
C:\WINDOWS\system32\mbcfirip.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mmkupcct.ini
C:\WINDOWS\system32\pirifcbm.dll
C:\WINDOWS\system32\usjlpwnx.ini
C:\WINDOWS\system32\vnqrmune.ini
C:\WINDOWS\system32\YbHjkkkj.ini
C:\WINDOWS\system32\YbHjkkkj.ini2
C:\WINDOWS\xmpstean.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.

2008-06-01 01:49 . 2008-06-01 01:49 <DIR> d-------- C:\Program Files\MagicISO
2008-05-31 21:58 . 2008-05-31 21:58 <DIR> d-------- C:\Program Files\DOOM Collector's Edition
2008-05-31 21:06 . 1998-10-29 15:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-31 20:36 . 2008-05-31 21:44 635 --a------ C:\WINDOWS\Dc.INI
2008-05-31 16:27 . 2008-05-31 16:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-31 16:18 . 2008-05-31 16:18 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-31 16:15 . 2008-05-31 16:18 1,271 --a------ C:\WINDOWS\mozver.dat
2008-05-31 15:53 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-28 19:59 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-28 19:59 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-28 19:59 . 2008-05-27 13:54 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-28 19:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-28 19:59 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-28 19:59 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-28 19:59 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-28 19:59 . 2008-05-31 15:53 3,574 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-28 19:27 . 2008-05-28 19:27 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-28 17:54 . 2008-05-28 11:58 94,208 --a------ C:\WINDOWS\esva.exe
2008-05-27 20:39 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-05-27 20:39 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-05-27 20:39 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-27 20:39 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-27 19:08 . 2008-05-27 19:08 331 --a------ C:\WINDOWS\doom3.ini
2008-05-27 18:56 . 2008-05-30 17:53 <DIR> d-------- C:\Program Files\Doom 3
2008-05-27 18:22 . 2008-05-27 18:22 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-27 16:02 . 2008-05-27 16:02 <DIR> d-------- C:\Program Files\uTorrent
2008-05-27 16:02 . 2008-06-01 13:16 <DIR> d-------- C:\Documents and Settings\Leroy Gonzalez\Application Data\uTorrent
2008-05-27 03:08 . 2006-08-21 03:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-05-27 03:08 . 2006-08-21 03:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-05-27 03:08 . 2006-08-21 06:21 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-05-27 03:02 . 2008-05-27 03:02 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-27 02:57 . 2008-05-27 02:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-05-27 00:11 . 2008-05-27 00:11 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-05-26 23:52 . 2008-05-28 23:50 <DIR> d-------- C:\Program Files\Xfire
2008-05-26 23:52 . 2008-05-30 23:51 <DIR> d-------- C:\Documents and Settings\Leroy Gonzalez\Application Data\Xfire
2008-05-26 23:48 . 2007-02-28 03:55 2,182,144 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-05-26 23:47 . 2006-08-25 09:45 617,472 --------- C:\WINDOWS\system32\dllcache\comctl32.dll
2008-05-26 23:47 . 2007-03-17 07:43 292,864 --------- C:\WINDOWS\system32\dllcache\winsrv.dll
2008-05-26 23:47 . 2006-07-13 02:48 202,240 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-26 23:47 . 2006-10-16 10:15 122,880 --------- C:\WINDOWS\system32\dllcache\oledlg.dll
2008-05-26 23:47 . 2006-05-19 06:59 111,616 --------- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
2008-05-26 23:47 . 2006-05-19 06:59 94,720 --------- C:\WINDOWS\system32\dllcache\iphlpapi.dll
2008-05-26 23:45 . 2008-03-24 22:50 1,516,568 --------- C:\WINDOWS\system32\dllcache\msjet40.dll
2008-05-26 23:44 . 2006-06-21 23:06 1,435,648 --------- C:\WINDOWS\system32\dllcache\query.dll
2008-05-26 23:44 . 2007-04-16 09:52 984,576 --------- C:\WINDOWS\system32\dllcache\kernel32.dll
2008-05-26 23:44 . 2007-12-04 12:38 550,912 --------- C:\WINDOWS\system32\dllcache\oleaut32.dll
2008-05-26 23:44 . 2006-05-05 03:41 453,120 --------- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-05-26 23:44 . 2007-12-18 03:51 179,584 --------- C:\WINDOWS\system32\dllcache\mrxdav.sys
2008-05-26 23:44 . 2006-05-05 03:47 174,592 --------- C:\WINDOWS\system32\dllcache\rdbss.sys
2008-05-26 23:44 . 2008-02-19 23:32 148,992 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-05-26 23:44 . 2006-06-21 23:06 69,120 --------- C:\WINDOWS\system32\dllcache\ciodm.dll
2008-05-26 23:44 . 2006-06-26 11:37 8,192 --------- C:\WINDOWS\system32\dllcache\rasadhlp.dll
2008-05-26 23:43 . 2006-06-22 04:47 181,248 --------- C:\WINDOWS\system32\dllcache\rasmans.dll
2008-05-26 23:43 . 2006-10-13 04:23 163,584 --------- C:\WINDOWS\system32\dllcache\nwrdr.sys
2008-05-26 23:43 . 2006-10-13 06:35 142,336 --------- C:\WINDOWS\system32\dllcache\nwprovau.dll
2008-05-26 23:43 . 2006-10-13 06:35 65,536 --------- C:\WINDOWS\system32\dllcache\nwwks.dll
2008-05-26 23:43 . 2006-10-13 06:35 64,000 --------- C:\WINDOWS\system32\dllcache\nwapi32.dll
2008-05-26 23:42 . 2007-06-26 00:08 1,104,896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2008-05-26 23:42 . 2007-06-13 04:23 1,033,216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2008-05-26 23:42 . 2006-12-14 07:45 981,760 --------- C:\WINDOWS\system32\dllcache\mfc42u.dll
2008-05-26 23:42 . 2006-11-01 13:17 927,504 --------- C:\WINDOWS\system32\dllcache\mfc40u.dll
2008-05-26 23:42 . 2006-08-17 06:28 332,288 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-05-26 23:42 . 2007-02-05 14:17 185,344 --------- C:\WINDOWS\system32\dllcache\upnphost.dll
2008-05-26 23:42 . 2006-08-17 06:28 132,096 --------- C:\WINDOWS\system32\dllcache\wkssvc.dll
2008-05-26 23:38 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-26 23:38 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-26 23:38 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-26 22:24 . 2006-03-20 21:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-05-26 22:20 . 2006-12-06 22:14 2,330,624 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll
2008-05-26 22:20 . 2007-01-23 13:29 546,304 --------- C:\WINDOWS\system32\dllcache\hhctrl.ocx
2008-05-26 21:51 . 2008-05-26 21:51 <DIR> d-------- C:\Documents and Settings\Leroy Gonzalez\Application Data\vlc
2008-05-26 21:49 . 2008-05-26 21:49 <DIR> d-------- C:\Program Files\VideoLAN
2008-05-26 21:06 . 2008-05-26 21:06 <DIR> d---s---- C:\Documents and Settings\Leroy Gonzalez\UserData
2008-05-26 20:51 . 2008-05-26 20:52 <DIR> d-------- C:\Program Files\Google
2008-05-26 20:33 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-05-26 20:33 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2008-05-26 20:33 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-26 20:33 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-05-26 20:33 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-26 20:33 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2008-05-26 19:15 . 2008-06-01 13:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-26 19:15 . 2008-05-26 19:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-26 19:14 . 2008-05-26 19:14 <DIR> d-------- C:\Program Files\iPod
2008-05-26 19:14 . 2008-05-29 03:12 <DIR> d-------- C:\Documents and Settings\Leroy Gonzalez\Application Data\Apple Computer
2008-05-26 19:13 . 2008-05-26 19:14 <DIR> d-------- C:\Program Files\iTunes
2008-05-26 19:13 . 2008-05-26 19:13 <DIR> d-------- C:\Program Files\Bonjour
2008-05-26 19:11 . 2008-05-26 19:12 <DIR> d-------- C:\Program Files\QuickTime
2008-05-26 19:11 . 2008-05-26 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-26 19:10 . 2008-05-26 19:10 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-26 19:09 . 2008-05-26 19:09 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-26 19:09 . 2008-05-26 19:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-26 18:52 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-05-26 18:52 . 2008-05-26 18:52 4,128 --a------ C:\INFCACHE.1
2008-05-26 18:46 . 2008-05-26 19:30 <DIR> d-------- C:\Documents and Settings\Leroy Gonzalez\Contacts
2008-05-26 18:42 . 2008-05-26 19:09 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-26 18:42 . 2008-05-28 23:27 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-05-26 18:42 . 2008-05-26 18:42 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-05-26 18:39 . 2008-05-26 18:42 <DIR> d-------- C:\Program Files\Windows Live
2008-05-26 18:39 . 2008-05-26 18:41 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-26 18:39 . 2008-05-26 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-26 18:09 . 2008-05-26 18:09 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2008-05-26 16:58 . 2008-05-26 18:11 <DIR> d-------- C:\Documents and Settings\Leroy Gonzalez\Application Data\McAfee.com Personal Firewall
2008-05-26 16:58 . 2006-05-22 10:10 <DIR> d-------- C:\Documents and Settings\Leroy Gonzalez\Application Data\Intel
2008-05-26 16:58 . 2006-05-22 10:20 <DIR> d--h----- C:\Documents and Settings\Leroy Gonzalez\Application Data\Gtek
2008-05-26 16:58 . 2006-05-22 10:25 <DIR> d-------- C:\Documents and Settings\Leroy Gonzalez\Application Data\Corel
2008-05-26 16:58 . 2008-05-26 21:06 <DIR> d-------- C:\Documents and Settings\Leroy Gonzalez
2008-05-26 16:54 . 2008-05-26 16:54 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-05-13 19:28 . 2008-05-13 19:28 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 05:32 --------- d-----w C:\Program Files\WildTangent
2008-05-28 01:15 --------- d-----w C:\Program Files\RGB
2008-05-28 01:15 --------- d-----w C:\Program Files\GemMaster
2008-05-28 01:15 --------- d-----w C:\Program Files\ESPNMotion
2008-05-28 01:15 --------- d-----w C:\Program Files\EnglishOtto
2008-05-28 01:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-28 00:08 --------- d-----w C:\Program Files\NetWaiting
2008-05-28 00:08 --------- d-----w C:\Program Files\Modem Helper
2008-05-28 00:08 --------- d-----w C:\Program Files\America Online 9.0
2008-05-27 00:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-03-26 08:09 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-26 08:09 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-25 16:20 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
2008-03-25 16:20 219,936 ------w C:\WINDOWS\system32\dllcache\msltus40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{355D7733-76E2-4146-9BB2-C761006CE06B}]
C:\WINDOWS\boqnrwdmwet.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 01:24 20480]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-31 00:18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 01:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 01:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 01:45 118784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-28 20:56 761947]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 10:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 10:56 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 13:35 397312 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 13:58 1032192]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 19:29 49152]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 00:05 127035]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 17:18 151552]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 21:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-07-01 18:22 303104]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2005-08-26 13:26 212992]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 18:05 1117184]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-07-12 17:06 110592]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 11:49 163840]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-08-18 16:52 999424]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-22 10:14:31 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{296addcf-2b83-11dd-a4b5-0013025dcd7f}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-06-01 01:05:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-01 19:19:51 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-01 19:18:17 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (D1T4L0B1-Leroy Gonzalez).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 13:18:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\PROGRA~1\McAfee.com\VSO\McShield.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\PROGRA~1\McAfee.com\VSO\oasclnt.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee.com\VSO\McVSEscn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\McAfee.com\VSO\mcvsftsn.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\SoftwareDistribution\Download\48a70a151a3d9c31b7f015a321520ae4\update\update.exe
.
**************************************************************************
.
Completion time: 2008-06-01 13:22:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-01 19:21:54

Pre-Run: 13,251,665,920 bytes free
Post-Run: 13,174,194,176 bytes free

278 --- E O F --- 2008-05-28 09:02:11

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22:57, on 6/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\dllhost.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SoftwareDistribution\Download\0fbfbb50ba543b7b50c54ea4b8e33a14\update\update.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: QXK Olive - {355D7733-76E2-4146-9BB2-C761006CE06B} - C:\WINDOWS\boqnrwdmwet.dll (file missing)
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9922 bytes







MY clock is still diplaying time in 24 hr mode....how do i get am/pm back?

#4 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 01 June 2008 - 01:28 PM

Please follow all my steps

Post the Kaspersky log and do this


1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\esva.exe
E:\setup.exe

Folder::

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{296addcf-2b83-11dd-a4b5-0013025dcd7f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]


Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


#5 Rorschach112

Rorschach112

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 3,651 posts

Posted 05 June 2008 - 05:07 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users