Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with trojan?


  • Please log in to reply
10 replies to this topic

#1 raputa

raputa

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 11 January 2009 - 03:49 PM

HP Pavilliion XP Please bear with me, I'm not that computer literate. Computer was infected with something that redirected web searches to their websites and locked up my computer. I tried running my anti-virus, but it did nothing. I then realized that it would not let any updates through and blocked all access to anit-virus websites. I had Norton, but uninstalled it thinking something was wrong with it. I installed Trend and that didn't work either. I then read online to try malwarebytes. That seem to help alot, I can now go to anit-virus websites. But it is still redirecting the computer and sometimes it won't let it log on. Malware bytes keeps coming up with same three issues:

c:\windows\system32\seneka.dat
c:\windows\system32\senekadf.dat
c:\windows\system32\senekalog.dat


Thanks.

DDS (Ver_09-01-07.01) - NTFSx86
Run by HP_Administrator at 13:56:07.10 on

Sun 01/11/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional

5.1.2600.3.1252.1.1033.18.1022.424 [GMT

-5:00]

AV: Trend Micro AntiVirus *On-access

scanning enabled* (Updated)

============== Running Processes

===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k

WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI

Technologies\ATI.ACE\cli.exe
C:\Program Files\Common

Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album

Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet

Security\UfSeAgnt.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft

ActiveSync\Wcescomm.exe
C:\Program

Files\Google\GoogleToolbarNotifier\GoogleT

oolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\WIDCOMM\Bluetooth

Software\BTTray.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft

Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Common Files\Apple\Mobile

Device

Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth

Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common

Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\Program

Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Trend Micro\Internet

Security\SfCtlCom.exe
c:\Program Files\Microsoft SQL

Server\90\Shared\sqlwriter.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend

Micro\BM\TMBMSRV.exe
c:\Program Files\HP\Digital

Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\Internet

Security\TmProxy.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common

Files\InstallShield\UpdateService\issch.ex

e
C:\Program Files\Internet

Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and

Settings\HP_Administrator\Local

Settings\Temporary Internet

Files\Content.IE5\WWEGZSMP\dds[3].scr

============== Pseudo HJT Report

===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL =

hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&t

p=iehome&locale=EN_US&c=Q405&bd=pavilion&p

f=desktop&parm1=seconduser
uDefault_Search_URL =

hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&t

p=iesearch&locale=EN_US&c=Q405&bd=pavilion

&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL =

hxxp://www.google.com/search?q={searchTerm

s}&sourceid=ie7&rls=com.microsoft:en-US&ie

=utf8&oe=utf8
mSearch Bar =

hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&t

p=iesearch&locale=EN_US&c=Q405&bd=pavilion

&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext =

hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&t

p=iehome&locale=EN_US&c=Q405&bd=pavilion&p

f=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =

hxxp://www.google.com/ie
uSearchURL,(Default) =

hxxp://www.google.com/search?q=%s
mSearchAssistant =

hxxp://www.google.com/ie
BHO: Java™ Plug-In SSV Helper:

{761497bb-d6f0-462c-b6eb-d4daf1d92d43} -

c:\program files\java\jre6\bin\ssv.dll
BHO:

{130cf288-9897-1ea8-d0d4-634fcacbd4c9}:

{9c4dbcac-f436-4d0d-8ae1-7989882fc031} -
BHO: Google Toolbar Helper:

{aa58ed58-01dd-4d91-8333-cf10577473f7} -

c:\program files\google\google

toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO:

{af69de43-7d58-4638-b6fa-ce66b5ad205d} -

c:\program

files\google\googletoolbarnotifier\5.0.926

.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper:

{dbc80044-a445-435b-bc74-9c25c1c588a9} -

c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

- No File
TB: &Google Toolbar:

{2318c2b1-4965-11d4-9b18-009027a5cd4f} -

c:\program files\google\google

toolbar\GoogleToolbar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

- No File
TB: &Yahoo! Toolbar:

{ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe]

c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program

files\messenger\msmsgs.exe" /background
uRun: [updateMgr] "c:\program

files\adobe\acrobat

7.0\reader\AdobeUpdateManager.exe"

AcRdB7_0_9 -reboot 1
uRun: [H/PC Connection Agent] "c:\program

files\microsoft activesync\Wcescomm.exe"
uRun: [swg] c:\program

files\google\googletoolbarnotifier\GoogleT

oolbarNotifier.exe
uRunOnce: [Shockwave Updater]

c:\windows\system32\adobe\shockw~1\SWHELP~

2.EXE -Update -1100465 -"Mozilla/4.0

(compatible; MSIE 7.0; Windows NT 5.1;

.NET CLR 1.0.3705; .NET CLR 1.1.4322;

Media Center PC 4.0; .NET CLR 2.0.50727;

.NET CLR 3.0.4506.2152; .NET CLR

3.5.30729)"

-"http://www.miniclip.com/games/snowboarde

r-xs/en/"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [AlwaysReady Power Message APP]

ARPWRMSG.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ATICCC] "c:\program files\ati

technologies\ati.ace\cli.exe" runtime
mRun: [HPHUPD08] c:\program

files\hp\digital

imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3

729}\hphupd08.exe
mRun: [HPBootOp] "c:\program

files\hewlett-packard\hp boot

optimizer\HPBootOp.exe" /run
mRun: [TkBellExe] "c:\program files\common

files\real\update_ob\realsched.exe"

-osboot
mRun: [HP Software Update] c:\program

files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program

files\java\jre6\bin\jusched.exe"
mRun: [ISUSPM Startup]

c:\progra~1\common~1\instal~1\update~1\isu

spm.exe -startup
mRun: [Adobe Photo Downloader] "c:\program

files\adobe\photoshop album starter

edition\3.0\apps\apdproxy.exe"
mRun: [AppleSyncNotifier] c:\program

files\common files\apple\mobile device

support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program

files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program

files\itunes\iTunesHelper.exe"
mRun: [UfSeAgnt.exe] "c:\program

files\trend micro\internet

security\UfSeAgnt.exe"
mRun: [KBD] c:\hp\kbd\KBD.EXE
mExplorerRun: [none] c:\program

files\video activex object\pmsngr.exe
StartupFolder:

c:\docume~1\alluse~1\startm~1\programs\sta

rtup\adober~1.lnk - c:\program

files\adobe\acrobat

7.0\reader\reader_sl.exe
StartupFolder:

c:\docume~1\alluse~1\startm~1\programs\sta

rtup\aticat~1.lnk - c:\program files\ati

technologies\ati.ace\CLI.exe
StartupFolder:

c:\docume~1\alluse~1\startm~1\programs\sta

rtup\blueto~1.lnk - c:\program

files\widcomm\bluetooth

software\BTTray.exe
StartupFolder:

c:\docume~1\alluse~1\startm~1\programs\sta

rtup\extend~1.lnk -

c:\windows\ehome\RMSysTry.exe
StartupFolder:

c:\docume~1\alluse~1\startm~1\programs\sta

rtup\hpdigi~1.lnk - c:\program

files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder:

c:\docume~1\alluse~1\startm~1\programs\sta

rtup\micros~1.lnk - c:\program

files\microsoft

office\office11\ONENOTEM.EXE
IE: E&xport to Microsoft Excel -

c:\progra~1\micros~4\office11\EXCEL.EXE/30

00
IE: Send To &Bluetooth - c:\program

files\widcomm\bluetooth

software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F}

- c:\program files\widcomm\bluetooth

software\btsendto_ie.htm
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789}

-

c:\windows\pchealth\helpctr\vendors\cn=hew

lett-packard,l=cupertino,s=ca,c=us\iebutto

n\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583}

- %windir%\Network

Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}

- c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}

- {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} -

c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}

- {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} -

c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263}

- {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~4\office11\REFIEBAR.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: cbXQiIXo - cbXQiIXo.dll
SSODL: breadthes -

{5c4f2cbc-f32d-4a03-9812-86f39379811b} -

No File
SSODL: WPDShServiceObj -

{AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
STS:

{5c4f2cbc-f32d-4a03-9812-86f39379811b} -

No File

============= SERVICES / DRIVERS

===============

R3 tmproxy;Trend Micro Proxy

Service;c:\program files\trend

micro\internet security\TmProxy.exe

[2009-1-4 648456]
R4 McrdSvc;Media Center Extender

Service;c:\windows\ehome\McrdSvc.exe

[2004-8-10 144896]
R4

tmevtmgr;tmevtmgr;c:\windows\system32\driv

ers\tmevtmgr.sys [2009-1-4 52240]
R4

tmpreflt;tmpreflt;c:\windows\system32\driv

ers\tmpreflt.sys [2008-2-15 36368]
S3

EraserUtilRebootDrv;EraserUtilRebootDrv;\?

?\c:\program files\common files\symantec

shared\eengine\eraserutilrebootdrv.sys -->

c:\program files\common files\symantec

shared\eengine\EraserUtilRebootDrv.sys [?]
S3 Symantec Core LC;Symantec Core

LC;c:\progra~1\common~1\symant~1\ccpd-lc\s

ymlcsvc.exe [2008-1-31 1251720]
S4 MSSQLServerADHelper100;SQL Active

Directory Helper Service;c:\program

files\microsoft sql

server\100\shared\sqladhlp.exe [2008-7-10

47128]
S4 RsFx0102;RsFx0102

Driver;c:\windows\system32\drivers\RsFx010

2.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent

(SQLEXPRESS);c:\program files\microsoft

sql

server\mssql10.sqlexpress\mssql\binn\SQLAG

ENT.EXE [2008-7-10 369688]

=============== Created Last 30

================

2009-01-07 18:05 73,216 a-------

c:\windows\system32\ffkuz.dll
2009-01-06 21:19 16,384 a-------

c:\windows\DCEBoot.exe
2009-01-04 20:24 <DIR> --d-----

c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2009-01-04 20:24 15,504 a-------

c:\windows\system32\drivers\mbam.sys
2009-01-04 20:24 38,496 a-------

c:\windows\system32\drivers\mbamswissarmy.

sys
2009-01-04 20:24 <DIR> --d-----

c:\program files\Malwarebytes'

Anti-Malware
2009-01-04 20:24 <DIR> --d-----

c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-04 19:37 227 a-------

c:\windows\HP_CounterReport_Update_HPSU.in

i
2009-01-04 19:37 214 a-------

c:\windows\HP_48BitScanUpdatePatch.ini
2009-01-04 19:29 <DIR> --d-----

c:\docume~1\hp_adm~1\applic~1\WinBatch
2009-01-04 19:17 234 a-------

c:\windows\PrnHlpLogConfig.ini
2009-01-04 19:16 214 a-------

c:\windows\HP_InstantSHareJPG.ini
2009-01-04 19:15 217 a-------

c:\windows\HP_IZClosingDiscErrorPatch.ini
2009-01-04 18:42 221 a-------

c:\windows\HP_RedboxHprblog_HPSU.ini
2009-01-04 15:07 1,307,356

---sh---

c:\windows\system32\dlcrfthj.ini
2009-01-04 12:38 52,240 a-------

c:\windows\system32\drivers\tmevtmgr.sys
2009-01-04 12:37 138,384 a-------

c:\windows\system32\drivers\tmcomm.sys
2009-01-04 12:37 52,496 a-------

c:\windows\system32\drivers\tmactmon.sys
2009-01-04 12:37 <DIR> --d-----

c:\docume~1\alluse~1\applic~1\Trend Micro
2009-01-04 12:36 <DIR> --d-----

c:\program files\Trend Micro
2009-01-03 09:10 410,984 a-------

c:\windows\system32\deploytk.dll
2009-01-03 09:07 <DIR> --d-----

c:\windows\pss
2009-01-02 18:44 1,307,356

---sh---

c:\windows\system32\reodesjx.ini
2008-12-27 13:57 10,368 a-------

c:\windows\system32\drivers\hidusb.sys
2008-12-27 13:57 10,368 a-------

c:\windows\system32\dllcache\hidusb.sys
2008-12-26 12:19 2,297,552

a-------

c:\windows\system32\d3dx9_26.dll
2008-12-26 11:46 <DIR> --d-----

c:\program files\Microsoft Games
2008-12-13 19:42 <DIR> --d-----

c:\program files\iPod
2008-12-13 19:42 <DIR> --d-----

c:\program files\iTunes
2008-12-13 19:42 <DIR> --d-----

c:\docume~1\alluse~1\applic~1\{3276BE95_AF

08_429F_A64F_CA64CB79BCF6}
2008-12-13 19:40 <DIR> --d-----

c:\program files\Bonjour

==================== Find3M

====================

2008-12-31 13:20 31 a-------

c:\documents and

settings\hp_administrator\jagex_runescape_

preferences.dat
2008-12-26 10:47 2,004 a-------

c:\windows\system32\ealregsnapshot1.reg
2008-12-13 01:40 3,593,216

a-------

c:\windows\system32\dllcache\mshtml.dll
2008-10-24 06:21 455,296 --------

c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a-------

c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 --------

c:\windows\system32\dllcache\gdi32.dll
2008-10-17 17:08 10,040 a-------

c:\windows\system32\lmimirr2.dll
2008-10-16 14:13 1,809,944

a-------

c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a-------

c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a-------

c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a-------

c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a-------

c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a-------

c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a-------

c:\windows\system32\dllcache\wups.dll
2008-10-16 08:11 70,656 a-------

c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 --------

c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:34 337,408 --------

c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 a-------

c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 a-------

c:\windows\system32\dllcache\ieakui.dll
2008-04-21 19:43 2,876 a-------

c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2005-11-24 11:09 251 a-------

c:\program files\wt3d.ini
2008-09-19 06:50 32,768 a--sh---

c:\windows\system32\config\systemprofile\l

ocal

settings\history\history.ie5\mshist0120080

91920080920\index.dat

============= FINISH: 13:57:16.46

===============


I was reading the instruction and it said to attach the attach.txt, but this post did not have a place to browse and upload????

Attached Files



BC AdBot (Login to Remove)

 


#2 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 21 January 2009 - 03:55 PM

raputa

Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Posted Image
Microsoft MVP - Windows Security

#3 raputa

raputa
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 22 January 2009 - 06:16 PM

Hi Bamajim,

Hope I did this step ok.

Attached Files



#4 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 23 January 2009 - 09:57 AM

raputa

Yes you did it right. Good job.
Please in the future, copy and paste the requested logs in your reply, and not attach them. Thanks

1. Open NotePad (not wordpad). Copy and paste the following into Notepad

File::
C:\WINDOWS\aqoneniqedukicu.dll
C:\WINDOWS\Jvoretelag.dll
C:\WINDOWS\system32\pcload.exe
C:\WINDOWS\system32\ffkuz.dll
C:\WINDOWS\DCEBoot.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xruvetasoyuyebi"=-
"Rzeramiroluqo"=-

Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

Posted ImageYou will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply
2. Rerun Hijackthis and post a fresh Hijackthis log as well
Posted Image
Microsoft MVP - Windows Security

#5 raputa

raputa
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 23 January 2009 - 11:20 AM

Ok Bamajim...here they are. Thanks for taking me step by step.

ComboFix 09-01-21.04 - HP_Administrator 2009-01-23 10:58:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.471 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\aqoneniqedukicu.dll
c:\windows\DCEBoot.exe
c:\windows\Jvoretelag.dll
c:\windows\system32\ffkuz.dll
c:\windows\system32\pcload.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\aqoneniqedukicu.dll
c:\windows\DCEBoot.exe
c:\windows\Jvoretelag.dll
c:\windows\system32\ffkuz.dll
c:\windows\system32\pcload.exe
.
---- Previous Run -------
.
c:\windows\Downloaded Program Files\Temp
c:\windows\IE4 Error Log.txt
c:\windows\system32\chert5-998.exe
c:\windows\system32\dlcrfthj.ini
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekaotjdxsap.sys
c:\windows\system32\log.exe
c:\windows\system32\reodesjx.ini
c:\windows\system32\rQHyVPfc.dll
c:\windows\system32\senekadf.dat
c:\windows\system32\senekalog.dat
c:\windows\system32\senekaltfmludo.dat
c:\windows\system32\senekapteivjiy.dll
c:\windows\system32\senekasxtfkixi.dll
c:\windows\system32\senekayljkhlmk.dll
c:\windows\system32\test.ttt
c:\windows\system32\ttxqfm.dll
c:\windows\system32\uniq.tll
c:\windows\system32\win32hlp.cnf
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA


((((((((((((((((((((((((( Files Created from 2008-12-23 to 2009-01-23 )))))))))))))))))))))))))))))))
.

2009-01-14 17:54 . 2009-01-14 17:54 127 --a------ c:\windows\system32\MRT.INI
2009-01-04 20:24 . 2009-01-04 20:44 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-04 20:24 . 2009-01-04 20:24 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-01-04 20:24 . 2009-01-04 20:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-04 20:24 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-04 20:24 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-04 19:37 . 2009-01-04 19:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-01-04 19:37 . 2009-01-04 19:37 227 --a------ c:\windows\HP_CounterReport_Update_HPSU.ini
2009-01-04 19:37 . 2009-01-04 19:37 214 --a------ c:\windows\HP_48BitScanUpdatePatch.ini
2009-01-04 19:29 . 2009-01-04 19:29 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\WinBatch
2009-01-04 19:17 . 2009-01-04 19:17 234 --a------ c:\windows\PrnHlpLogConfig.ini
2009-01-04 19:16 . 2009-01-04 19:16 214 --a------ c:\windows\HP_InstantSHareJPG.ini
2009-01-04 19:15 . 2009-01-04 19:15 217 --a------ c:\windows\HP_IZClosingDiscErrorPatch.ini
2009-01-04 18:42 . 2009-01-04 18:42 221 --a------ c:\windows\HP_RedboxHprblog_HPSU.ini
2009-01-04 12:38 . 2008-02-15 10:06 52,240 --a------ c:\windows\system32\drivers\tmevtmgr.sys
2009-01-04 12:37 . 2009-01-04 12:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trend Micro
2009-01-04 12:37 . 2008-02-15 10:06 138,384 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-01-04 12:37 . 2008-02-15 10:06 52,496 --a------ c:\windows\system32\drivers\tmactmon.sys
2009-01-04 12:36 . 2009-01-08 20:48 <DIR> d-------- c:\program files\Trend Micro
2009-01-03 09:10 . 2009-01-03 09:10 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-27 13:57 . 2008-04-13 14:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-12-27 13:57 . 2008-04-13 14:45 10,368 --a------ c:\windows\system32\dllcache\hidusb.sys
2008-12-26 12:19 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll
2008-12-26 11:46 . 2008-12-26 11:46 <DIR> d-------- c:\program files\Microsoft Games
2008-12-26 10:52 . 2008-12-26 10:52 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-22 21:52 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-01-10 19:59 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-05 00:55 --------- d-----w c:\program files\HP
2009-01-05 00:55 --------- d-----w c:\program files\Hewlett-Packard
2009-01-03 20:15 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-03 15:19 --------- d-----w c:\program files\MSN Games
2009-01-03 15:16 --------- d-----w c:\program files\WildTangent
2009-01-03 15:15 --------- d-----w c:\program files\GemMaster
2009-01-03 14:10 --------- d-----w c:\program files\Java
2008-12-31 18:20 31 ----a-w c:\documents and settings\HP_Administrator\jagex_runescape_preferences.dat
2008-12-28 16:22 --------- d-----w c:\program files\Google
2008-12-26 17:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-26 15:59 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2008-12-26 15:59 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-26 15:54 --------- d-----w c:\program files\WarRock
2008-12-26 15:51 --------- d-----w c:\program files\NCSoft
2008-12-26 15:49 --------- d-----w c:\program files\Pivot Stickfigure Animator
2008-12-26 15:47 2,004 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-12-17 22:55 --------- d-----w c:\program files\Norton PC Checkup
2008-12-14 00:42 --------- d-----w c:\program files\iTunes
2008-12-14 00:42 --------- d-----w c:\program files\iPod
2008-12-14 00:42 --------- d-----w c:\program files\Common Files\Apple
2008-12-14 00:42 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-14 00:40 --------- d-----w c:\program files\Bonjour
2008-12-14 00:39 --------- d-----w c:\program files\QuickTime
2008-12-14 00:37 --------- d-----w c:\program files\Apple Software Update
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-11-26 22:42 36,368 ----a-w c:\windows\system32\drivers\tmpreflt.sys
2008-11-26 22:42 205,328 ----a-w c:\windows\system32\drivers\tmxpflt.sys
2008-11-26 22:39 1,195,384 ----a-w c:\windows\system32\drivers\vsapint.sys
2008-11-24 01:18 --------- d-----w c:\program files\Microsoft SQL Server
2008-11-24 01:16 --------- d-----w c:\program files\MSXML 6.0
2008-11-24 01:15 --------- d-----w c:\program files\Microsoft.NET
2008-11-24 00:58 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-24 00:41 --------- d-----w c:\program files\Microsoft SDKs
2008-11-24 00:38 --------- d-----w c:\program files\Reference Assemblies
2008-11-24 00:38 --------- d-----w c:\program files\MSBuild
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-04-22 00:43 2,876 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2005-11-24 16:09 251 ----a-w c:\program files\wt3d.ini
2008-09-19 11:50 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091920080920\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-22_18.02.48.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-23 15:48:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_a18.dat
+ 2009-01-23 15:48:52 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_bdc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f1427261-332f-4e54-8e96-4738a123f919}]
c:\windows\system32\ttxqfm.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 68856]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-10 61440]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-14 180269]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-03 136600]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 c:\windows\arpwrmsg.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-08 c:\windows\RTHDCPL.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-10 61440]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-07-07 577597]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2004-08-10 17408]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 51776]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXQiIXo]
cbXQiIXo.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-01-04 648456]
R4 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-01-04 52240]
R4 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-02-15 36368]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-07-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-07-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b57db15-91a1-11dd-af30-0013d4b00dc2}]
\Shell\AutoRun\command - setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-24 c:\windows\Tasks\Norton PC Checkup WeekDay Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-17 17:54]

2009-01-11 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-17 17:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.photoworks.com/pixami/DragDropUploader.cab
DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 11:04:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-648677277-1641418695-467535799-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-23 11:07:51
ComboFix-quarantined-files.txt 2009-01-23 16:07:34

Pre-Run: 100,597,760,000 bytes free
Post-Run: 100,576,477,184 bytes free

267 --- E O F --- 2009-01-14 22:54:44


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:01 AM, on 1/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: {919f321a-8374-69e8-45e4-f2331627241f} - {f1427261-332f-4e54-8e96-4738a123f919} - C:\WINDOWS\system32\ttxqfm.dll (file missing)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.miniclip.com/games/snowboarder-xs/en/"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.co...agi3.0.84.2.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/A...ersion=1,0,0,10
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.photoworks.com/pixami/DragDropUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/cinematycoon.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O16 - DPF: {E2739AFF-FA40-4527-9A19-DE81795C2C03} (MSN Money Ticker) - http://moneycentral.msn.com/cabs/ticker.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...tupv2.0.0.9.cab?
O20 - Winlogon Notify: cbXQiIXo - cbXQiIXo.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O24 - Desktop Component 0: (no name) - http://images.ibsys.com/2005/0328/4322273.jpg

--
End of file - 14988 bytes

#6 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 23 January 2009 - 11:44 AM

raputa

You are most welcome.

1. Rerun Hijackthis (scan only) and place checks beside the following entries
O2 - BHO: {919f321a-8374-69e8-45e4-f2331627241f} - {f1427261-332f-4e54-8e96-4738a123f919} - C:\WINDOWS\system32\ttxqfm.dll (file missing)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O20 - Winlogon Notify: cbXQiIXo - cbXQiIXo.dll (file missing)

Close all other open windows except Hijackthis and Select "Fix checked"

Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log

And in your reply give me an update on how your PC is running now.
Posted Image
Microsoft MVP - Windows Security

#7 raputa

raputa
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 23 January 2009 - 12:57 PM

I did what you said to do and have posted the fresh log. I then went and spent a few moments fooling around with the computer and it seems to be working great again. It seems to be logging on fine and it doesn't seem to be redirecting me to bogus websites anymore. Thanks!!!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:38 PM, on 1/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\RMSvc.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.miniclip.com/games/snowboarder-xs/en/"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.co...agi3.0.84.2.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/A...ersion=1,0,0,10
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.photoworks.com/pixami/DragDropUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/cinematycoon.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O16 - DPF: {E2739AFF-FA40-4527-9A19-DE81795C2C03} (MSN Money Ticker) - http://moneycentral.msn.com/cabs/ticker.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...tupv2.0.0.9.cab?
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O24 - Desktop Component 0: (no name) - http://images.ibsys.com/2005/0328/4322273.jpg

--
End of file - 14865 bytes

#8 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 23 January 2009 - 04:55 PM

raputa

Excellent.

For a little clean up.

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!

Download CCleaner from here to clean temp files from your computer.
  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.
Let's Remove Combofix

Select Start ->> Run ->> type in combofix /u (there is a space between x and /) Then O.K.

Posted Image

You may now remove/delete/uninstall the other tools we used to clean your PC. Except CCleaner, keep it.

Now that your log is clean

There are some final notes:
Lets create a clean System Restore point
the instructions are here
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:Download the latest version of
Java Runtime Environment (JRE) 6.u11.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u11-windowsi586-p.exe to install the newest version.
Update your Anti Virus Software

Use and maintain a Firewall
Visit Microsoft's Windows Update Site Frequently for critical updates

Backup your Important Documents and Files on a regular basisTo a disc or a USB key, not your Hardrive
You may want to read this article"So how did I get infected in the first place" by Tony Klein

surf safe
Posted Image
Microsoft MVP - Windows Security

#9 raputa

raputa
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 24 January 2009 - 11:38 AM

Ok. I have installed CCleaner and deleted comboxfix. I am now at the point where you say to create a new system restore point. I read the instruction and am a little confused. Do I go to the section that says "manually creating restore point?" Just want to make sure I do it right.

#10 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 25 January 2009 - 09:59 AM

Ok. I have installed CCleaner and deleted comboxfix. I am now at the point where you say to create a new system restore point. I read the instruction and am a little confused. Do I go to the section that says "manually creating restore point?" Just want to make sure I do it right.

Yes that is the correct section.

surf safe
Posted Image
Microsoft MVP - Windows Security

#11 raputa

raputa
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 30 January 2009 - 09:11 AM

Bamajim, I just wanted to thank you. I've been using my computer constantly and everything is back to normal. THANKS!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users