Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ctrl Alt Delete not responding after Presto tuneup removed


  • This topic is locked This topic is locked
5 replies to this topic

#1 jennydodson

jennydodson

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 06 October 2009 - 03:12 PM

Ok I have a huge problem. I had a virus (Presto Tuneup) which I removed. It was causing problems using the yahoo, bing and google search engines. It also wasnt allowing me to use Ctrl Alt Delete. I installed Malwarebytes' Anti-Malware and removed Presto Tuneup but cannot get the Ctrl Alt Delete to work still. I am unsure what the next step is... Please someone help... This is my work computer in a small business and they are going to kill me...
The bad part is that we link into a remote desktop for our system and have to disable the firewall. How am i suppose to keep this from happening if I ever get fixed????
Jennydodson
:(

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80112
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2081111
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.del...amp;ibd=2081111
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 74.125.45.100 test1111.com
O1 - Hosts: 74.125.45.100 test1112.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe /hw
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://ea-src-cdn.systemrequirementslab.co...reqlab_srlx.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5C7B058C-6A34-41BD-8B8C-7A973E08C5F3}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{5C7B058C-6A34-41BD-8B8C-7A973E08C5F3}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{5C7B058C-6A34-41BD-8B8C-7A973E08C5F3}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

BC AdBot (Login to Remove)

 


#2 jennydodson

jennydodson
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 07 October 2009 - 08:53 AM

A few months ago I recieved a ei upgrade on my desktop when coming into work. I thought it was from Microsoft and clicked to start the upgrade. I ended up with a fake Malware remover which was actually Malware. It caused me to be redirected everytime I used the search engine. It didnt matter if it was Yahoo, Google or Bing. I installed Malwarebytes' Anti-Malware and removed Presto tuneup and I assume most of what it added to my computer. However when I tried to use Ctrl Alt Delete to close some programs that were running in the back ground that were not needed nothing happened. I right clicked on the task bar and chose run task manager and nothing happened. After looking for help on this I learned that this is caused again by whatever took hold of my computer. I am not sure whatelse I need to do. Can someone please HELP!!!!!!!!!!!!!!!!!!

JennyD


DDS (Ver_09-09-29.01) - NTFSx86
Run by Jenny at 8:32:38.01 on Wed 10/07/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2068 [GMT -5:00]

AV: Malware Catcher 2009 *On-access scanning enabled* (Updated) {E4EE3103-7627-42E6-BB6E-F5B7E8F2AE40}
AV: Total Protection Service *On-access scanning enabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}
AV: Malware Catcher 2009 *On-access scanning enabled* (Updated) {1EA5D05B-B02C-462B-B406-B15C28B0CE7B}
FW: Malware Catcher 2009 *enabled* {CE3F5852-EEA8-4B6B-AC1C-866C3FF11634}
FW: Total Protection Service *disabled* {259FBE35-46BE-45F3-8F2F-4DB67BBBC614}
FW: Malware Catcher 2009 *enabled* {39FC9E97-8163-4083-8ADB-5F1727E36788}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\Jenny\Local Settings\Temporary Internet Files\Content.IE5\8GQP66Z5\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2081111
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com/ie
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80112
BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [8169Diag] c:\program files\realtek\diagnostics utility\8169Diag.exe /hw
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [MVS Splash] c:\program files\mcafee\managed virusscan\agent\Splash.exe
mRun: [McAfee Managed Services Tray] "c:\program files\mcafee\managed virusscan\agent\StartMyagtTry.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: {5C7B058C-6A34-41BD-8B8C-7A973E08C5F3} = 208.67.222.222,208.67.220.220
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\MyRmProt4.7.0.752.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-11-10 213768]
R2 EngineServer;EngineServer;c:\program files\mcafee\managed virusscan\vscan\EngineServer.exe [2008-11-10 14144]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2008-11-10 8960]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-3-30 47640]
R2 McAfee HackerWatch Service;McAfee HackerWatch Service;c:\program files\common files\mcafee\hackerwatch\HWAPI.exe [2008-11-10 540776]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2008-11-10 175704]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-22 24652]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-11-10 84992]
R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2008-11-10 11264]
R3 McShield;McShield;c:\program files\mcafee\managed virusscan\vscan\McShield.exe [2008-11-10 144704]
R3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\MfeAVFK.sys [2008-11-10 79880]
R3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\MfeBOPK.sys [2008-11-10 35272]
R3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\MfeRKDK.sys [2008-11-10 34216]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2008-11-10 16640]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-10-06 14:36 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-10-06 14:36 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-10-06 14:36 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-10-06 14:36 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-10-06 14:36 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-10-06 14:34 364,032 ac------ c:\windows\system32\dllcache\w3svc.dll
2009-10-06 14:33 50,688 ac------ c:\windows\system32\dllcache\umaxscan.dll
2009-10-06 14:32 81,408 ac------ c:\windows\system32\dllcache\tgiul50.dll
2009-10-06 14:31 24,660 ac------ c:\windows\system32\dllcache\spxupchk.dll
2009-10-06 14:30 94,698 ac------ c:\windows\system32\dllcache\sk98xwin.sys
2009-10-06 14:29 75,392 ac------ c:\windows\system32\dllcache\s3savmxm.sys
2009-10-06 14:29 <DIR> --d----- c:\program files\Trend Micro
2009-10-06 14:28 20,736 ac------ c:\windows\system32\dllcache\ramdisk.sys
2009-10-06 14:27 35,328 ac------ c:\windows\system32\dllcache\pcntpci5.sys
2009-10-06 14:26 51,552 ac------ c:\windows\system32\dllcache\ntgrip.sys
2009-10-06 14:25 452,736 ac------ c:\windows\system32\dllcache\mtxparhm.sys
2009-10-06 14:24 7,424 ac------ c:\windows\system32\dllcache\mammoth.sys
2009-10-06 14:23 26,624 ac------ c:\windows\system32\dllcache\iscomlog.dll
2009-10-06 14:22 353,184 ac------ c:\windows\system32\dllcache\i740dnt5.dll
2009-10-06 14:21 19,200 ac------ c:\windows\system32\dllcache\hidir.sys
2009-10-06 14:20 63,360 ac------ c:\windows\system32\dllcache\ess.sys
2009-10-06 14:19 38,985 ac------ c:\windows\system32\dllcache\disrvsu.dll
2009-10-06 14:18 15,872 ac------ c:\windows\system32\dllcache\chgport.exe
2009-10-06 14:17 382,592 ac------ c:\windows\system32\dllcache\atidrab.dll
2009-10-06 12:23 <DIR> --d----- c:\docume~1\jenny\applic~1\Malwarebytes
2009-10-06 12:23 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-06 12:23 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-06 12:23 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-06 12:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-06 09:53 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-10-06 08:38 7 a------- c:\windows\system32\Class15
2009-10-06 08:38 5 a------- c:\windows\system32\Band4
2009-10-05 10:10 509,448 a------- c:\windows\system32\XAudio2_2.dll
2009-10-05 09:59 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-10-05 09:21 <DIR> --d----- c:\program files\Microsoft
2009-10-05 09:11 <DIR> --d----- C:\ProgramData
2009-10-05 09:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Electronic Arts
2009-10-02 13:51 447,752 a----r-- c:\windows\system32\vp6vfw.dll
2009-10-02 13:51 <DIR> --d----- c:\program files\Microsoft WSE
2009-10-02 13:51 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
2009-10-02 13:51 <DIR> --d----- c:\windows\Logs
2009-09-11 14:43 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-11 14:43 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-11 14:43 <DIR> --d----- c:\program files\iPod
2009-09-11 14:42 <DIR> --d----- c:\program files\iTunes
2009-09-11 14:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 14:42 <DIR> --d----- c:\program files\Bonjour

==================== Find3M ====================

2009-10-02 08:44 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2009-10-02 08:44 87,352 a------- c:\windows\system32\LMIinit.dll
2009-10-02 08:44 28,984 a------- c:\windows\system32\LMIport.dll
2009-09-08 08:47 25,248 a------- c:\windows\system32\lmimirr.dll
2009-09-08 08:47 11,552 a------- c:\windows\system32\lmimirr2.dll
2009-09-04 17:44 515,416 a------- c:\windows\system32\XAudio2_5.dll
2009-09-04 17:44 238,936 a------- c:\windows\system32\xactengine3_5.dll
2009-09-04 17:44 69,464 a------- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 17:29 453,456 a------- c:\windows\system32\d3dx10_42.dll
2009-09-04 17:29 235,344 a------- c:\windows\system32\d3dx11_42.dll
2009-09-04 17:29 5,501,792 a------- c:\windows\system32\d3dcsx_42.dll
2009-09-04 17:29 1,974,616 a------- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 17:29 1,892,184 a------- c:\windows\system32\D3DX9_42.dll
2009-09-04 08:42 116,838 a------- c:\windows\hpqins00.dat
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-04-16 09:54 61,224 a------- c:\documents and settings\jenny\GoToAssistDownloadHelper.exe

============= FINISH: 8:33:03.07 ===============

Attached Files



#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:50 PM

Posted 07 October 2009 - 02:01 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#4 jennydodson

jennydodson
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 08 October 2009 - 08:58 AM

Sam,
Here is the info you requested. Please let me know what else you may need...


Thanks,
Jenny

ComboFix 09-10-07.05 - Jenny 10/08/2009 8:50.2.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2319 [GMT -5:00]
Running from: c:\documents and settings\Jenny\Desktop\ComboFix.exe
AV: Total Protection Service *On-access scanning enabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}
FW: Total Protection Service *disabled* {259FBE35-46BE-45F3-8F2F-4DB67BBBC614}
.

((((((((((((((((((((((((( Files Created from 2009-09-08 to 2009-10-08 )))))))))))))))))))))))))))))))
.

2009-10-07 20:14 . 2009-10-07 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-10-07 20:10 . 2009-10-07 20:10 -------- d-----w- c:\documents and settings\Jenny\Application Data\McAfee
2009-10-06 19:36 . 2008-04-14 10:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-10-06 19:36 . 2008-04-14 10:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-10-06 19:36 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-10-06 19:36 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-10-06 19:36 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-10-06 19:34 . 2008-04-14 12:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
2009-10-06 19:33 . 2001-08-18 03:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2009-10-06 19:32 . 2001-08-17 19:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2009-10-06 19:31 . 2001-08-18 03:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2009-10-06 19:30 . 2001-08-17 17:12 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys
2009-10-06 19:29 . 2001-08-17 17:50 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2009-10-06 19:28 . 2008-04-14 12:00 20736 -c--a-w- c:\windows\system32\dllcache\ramdisk.sys
2009-10-06 19:27 . 2001-08-17 17:11 35328 -c--a-w- c:\windows\system32\dllcache\pcntpci5.sys
2009-10-06 19:26 . 2001-08-18 03:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-10-06 19:25 . 2008-04-14 03:04 452736 -c--a-w- c:\windows\system32\dllcache\mtxparhm.sys
2009-10-06 19:24 . 2001-08-17 18:52 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2009-10-06 19:23 . 2008-04-14 12:00 9216 -c--a-w- c:\windows\system32\dllcache\iwrps.dll
2009-10-06 19:22 . 2001-08-17 19:56 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll
2009-10-06 19:21 . 2008-04-14 05:15 19200 -c--a-w- c:\windows\system32\dllcache\hidir.sys
2009-10-06 19:20 . 2001-08-17 17:19 63360 -c--a-w- c:\windows\system32\dllcache\ess.sys
2009-10-06 19:19 . 2001-08-18 03:36 38985 -c--a-w- c:\windows\system32\dllcache\disrvsu.dll
2009-10-06 19:18 . 2008-04-14 12:00 15872 -c--a-w- c:\windows\system32\dllcache\chgport.exe
2009-10-06 19:17 . 2001-08-17 19:56 137216 -c--a-w- c:\windows\system32\dllcache\atidrae.dll
2009-10-06 17:23 . 2009-10-06 17:23 -------- d-----w- c:\documents and settings\Jenny\Application Data\Malwarebytes
2009-10-06 17:23 . 2009-10-06 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-06 14:53 . 2009-10-06 14:53 -------- d-----w- c:\program files\SystemRequirementsLab
2009-10-05 15:10 . 2008-10-27 15:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2009-10-05 14:21 . 2009-10-05 14:21 -------- d-----w- c:\program files\Microsoft
2009-10-05 14:11 . 2009-10-06 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-10-05 14:11 . 2009-10-05 14:11 -------- d-----w- C:\ProgramData
2009-10-02 18:51 . 2008-09-04 20:11 447752 ----a-r- c:\windows\system32\vp6vfw.dll
2009-10-02 18:51 . 2009-10-02 18:51 -------- d-----w- c:\program files\Microsoft WSE
2009-10-02 18:51 . 2006-09-28 21:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-10-02 18:51 . 2009-10-02 18:51 -------- d-----w- c:\windows\Logs
2009-10-02 18:25 . 2009-10-06 21:08 -------- d-----w- c:\program files\Electronic Arts
2009-09-21 20:48 . 2009-10-06 16:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-21 15:54 . 2009-09-21 15:54 -------- d-sh--w- c:\documents and settings\Chad\PrivacIE
2009-09-21 15:54 . 2009-09-21 15:54 -------- d-----w- c:\documents and settings\Chad\Local Settings\Application Data\Apple Computer
2009-09-21 15:54 . 2009-09-21 15:54 -------- d-sh--w- c:\documents and settings\Chad\IETldCache
2009-09-11 19:43 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-11 19:43 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-11 19:43 . 2009-09-11 19:43 -------- d-----w- c:\program files\iPod
2009-09-11 19:42 . 2009-09-11 19:43 -------- d-----w- c:\program files\iTunes
2009-09-11 19:42 . 2009-09-11 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 19:42 . 2009-09-11 19:42 -------- d-----w- c:\program files\Bonjour
2009-09-11 19:42 . 2009-09-11 19:42 -------- d-----w- c:\program files\QuickTime
2009-09-11 19:42 . 2009-09-11 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-11 19:40 . 2009-10-06 16:04 -------- d-----w- c:\program files\Common Files\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-08 11:39 . 2009-03-30 14:21 -------- d-----w- c:\program files\LogMeIn
2009-10-07 20:11 . 2009-03-05 17:27 -------- d-----w- c:\program files\Citrix
2009-10-07 20:10 . 2009-04-16 14:54 61224 ----a-w- c:\documents and settings\Jenny\GoToAssistDownloadHelper.exe
2009-10-07 20:09 . 2008-11-11 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-07 20:09 . 2008-11-11 00:53 -------- d-----w- c:\program files\McAfee
2009-10-06 21:30 . 2009-07-01 17:13 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-06 21:08 . 2008-11-11 00:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-06 21:05 . 2009-02-04 20:02 -------- d-----w- c:\program files\Yahoo!
2009-10-06 19:29 . 2009-10-06 19:29 -------- d-----w- c:\program files\Trend Micro
2009-10-06 16:05 . 2008-11-11 00:52 -------- d-----w- c:\program files\Google
2009-10-05 14:13 . 2008-11-11 00:45 -------- d-----w- c:\program files\Java
2009-10-02 13:44 . 2009-03-30 14:22 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-02 13:44 . 2009-03-30 14:22 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-02 13:44 . 2009-03-30 14:22 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-11 19:43 . 2009-08-13 21:19 -------- d-----w- c:\documents and settings\Jenny\Application Data\Apple Computer
2009-09-09 08:08 . 2009-02-19 19:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 08:00 . 2008-11-11 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-08 13:47 . 2008-10-17 01:35 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-08 13:47 . 2008-10-17 01:35 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-09-04 22:44 . 2009-10-05 15:11 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 22:44 . 2009-10-05 15:11 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 22:44 . 2009-10-05 15:11 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 22:29 . 2009-10-05 15:11 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 22:29 . 2009-10-05 15:11 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 22:29 . 2009-10-05 15:11 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 22:29 . 2009-10-05 15:11 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 22:29 . 2009-10-05 15:11 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-04 13:42 . 2009-09-04 13:40 116838 ----a-w- c:\windows\hpqins00.dat
2009-09-04 13:36 . 2009-09-04 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-08-05 09:01 . 2008-04-25 16:16 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-27 13:32 . 2008-11-11 00:56 32584 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-25 10:23 . 2009-05-05 23:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2008-04-25 16:16 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2008-04-25 16:16 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-26 1392640]
"8169Diag"="c:\program files\Realtek\Diagnostics Utility\8169Diag.exe" [2008-02-26 909312]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-28 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"MVS Splash"="c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe" [2009-04-13 468288]
"McAfee Managed Services Tray"="c:\program files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe" [2009-04-13 87360]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-01-31 16860672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 13:44 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [11/10/2008 7:53 PM 14144]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 6:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [3/30/2009 9:22 AM 47640]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [11/10/2008 7:53 PM 175704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/22/2009 3:09 PM 24652]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [11/10/2008 9:31 PM 84992]
S2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [11/10/2008 7:45 PM 8960]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [11/10/2008 7:45 PM 11264]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [11/10/2008 7:45 PM 16640]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - RSVP

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FC8B4D35-FC70-4A52-9655-E8784FDEEB87}]
msiexec /fu {FC8B4D35-FC70-4A52-9655-E8784FDEEB87}
.
Contents of the 'Scheduled Tasks' folder

2009-10-08 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 19:28]

2009-10-08 c:\windows\Tasks\User_Feed_Synchronization-{60494979-6A4E-416A-946F-AA2519F7189F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

2009-10-07 c:\windows\Tasks\User_Feed_Synchronization-{E19CDA63-086D-4E62-ABEF-CCBE9E0E6916}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]

2009-10-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-15 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=2081111
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: {5C7B058C-6A34-41BD-8B8C-7A973E08C5F3} = 208.67.222.222,208.67.220.220
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://ea-src-cdn.systemrequirementslab.com/curi/bin/sysreqlab_srlx.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-08 08:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1029998061-3005379185-3496736402-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\System32\BCMLogon.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(4548)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-08 8:53
ComboFix-quarantined-files.txt 2009-10-08 13:53
ComboFix2.txt 2009-10-07 21:31

Pre-Run: 228,091,334,656 bytes free
Post-Run: 228,073,828,352 bytes free

229 --- E O F --- 2009-10-07 08:01

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:50 PM

Posted 08 October 2009 - 05:40 PM

I don't see any signs of malware in your logs, so that's a good thing. I'd like to see what Malwarebytes removed. Please open Malwarebytes, select the Logs tab and you'll see the logs that were created. Please open, copy and paste any of these logs that are relevant to your current issue.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:02:50 PM

Posted 23 October 2009 - 07:58 AM

As there has been no response, this thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users