Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant pop ups, errors in internet explorer, mcafee won't fix


  • Please log in to reply
3 replies to this topic

#1 weasel19

weasel19

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 17 January 2009 - 12:32 AM

All of the sudden my computer started getting hit with constant pop ups on every website i go to and my internet explorer also is 'not responding' much more than what it used to. I've tried mcafee and it finds nothing and i've also tried adaware and it finds nothing either. just hoping you could take a look for me and see if anything looks out of the ordinary. Thanks Also, i know this is off topic so disregard it if you are in a hurry, but my computer is brand new and has 4 gb of ram and it doesn't seem to be running as fast as i thought it would. only if you have time could you take a look at my running processes and let me know if there's anything in there that is running unnecessarily and that i can end to hopefully speed my computer up? again this isn't important so please disregard it if you have other things to do but if you could take a look it would be greatly appreciated. thanks again!


DDS (Ver_09-01-07.01) - NTFSx86
Run by Administrator at 0:24:29.95 on Sat 01/17/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3026.1541 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\WINDOWS\VM331_STI.EXE
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fujitsu\Utils\FjDspMon.exe
C:\Program Files\Fujitsu\Utils\fjevents.exe
C:\Program Files\Fujitsu\Utils\FjMenu.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fujitsu\Utils\FjLidMon.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\digtizer.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Gamevance: {0ed403e8-470a-4a8a-85a4-d7688cfe39a3} - c:\program files\gamevance\gamevancelib32.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Gamevance class: {f02fabcb-92dd-475a-98af-14217bd50746} - c:\program files\gamevance\gvtl.dll
BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [COMMUNICATOR] "c:\program files\microsoft office communicator\Communicator.exe" /silentRetrials /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; Tablet PC 1.7; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2)" -"http://www.shockwave.com/contentPlay/shockwave.jsp?id=inklink&dwin=1&memberStatus=SignedInStandard&brand="
mRun: [TabletWizard] c:\windows\help\SplshWrp.exe
mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [331BigDog] c:\windows\VM331_STI.EXE
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [<NO NAME>]
mRun: [FjStrtAp] c:\program files\fujitsu\utils\FjStrtAp.exe
mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [SSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe"
mRun: [Gamevance] c:\program files\gamevance\gamevance32.exe a
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: vt.edu\learn
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: OPXPGina - c:\program files\softex\omnipass\opxpgina.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2008-8-21 7168]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-8-21 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-8-21 35456]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-8-27 207656]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-7-23 38816]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-8-21 475520]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-8-21 244368]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [2008-8-21 18944]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2008-8-21 4864]
R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [2008-8-21 30976]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-8-21 41216]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-21 108032]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-8-27 605512]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-8-27 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-8-27 35240]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-8-27 34152]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-8-27 40488]
R3 vm331avs;VC0331 USB2.0 Digital Camera;c:\windows\system32\drivers\vm331avs.sys [2008-8-21 972544]
R3 vvftav323;vvftav323;c:\windows\system32\drivers\vvftav323.sys [2007-3-19 475136]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-8-21 57408]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R4 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-5-14 1172728]
R4 FJSPA;FJSPA;c:\program files\fujitsu\fjspa\FJSPA.sys [2006-12-7 17712]
R4 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2008-7-21 193888]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-8-28 206096]
R4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-8-27 358736]
R4 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-8-27 144704]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-8 24652]
R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 bioschk;FPC BIOS Check Driver;c:\windows\system32\drivers\bioschk.sys [2008-8-21 3909]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2008-8-21 14208]

=============== Created Last 30 ================

2009-01-17 00:16 <DIR> --d----- c:\program files\Trend Micro
2009-01-14 22:12 244 a---h--- C:\sqmnoopt06.sqm
2009-01-14 22:12 232 a---h--- C:\sqmdata06.sqm
2009-01-14 02:39 268 a---h--- C:\sqmdata05.sqm
2009-01-14 02:39 244 a---h--- C:\sqmnoopt05.sqm
2009-01-13 22:12 244 a---h--- C:\sqmnoopt04.sqm
2009-01-13 22:12 232 a---h--- C:\sqmdata04.sqm
2009-01-07 01:28 <DIR> --d----- c:\program files\Gamevance
2009-01-04 00:03 73,728 a------- c:\windows\system32\Kr4yH23x.exe_
2009-01-04 00:03 0 a------- c:\windows\system32\Kr4yH23x.exe.a_a

==================== Find3M ====================

2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-09-30 21:55 24 a------- c:\documents and settings\administrator\jagex_runescape_preferences.dat

============= FINISH: 0:24:53.82 ===============

Attached Files


Edited by weasel19, 17 January 2009 - 12:35 AM.


BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:16 AM

Posted 29 January 2009 - 05:19 PM

Hello Weasel19 and welcome to Bleeping Computer,

Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbup2:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 weasel19

weasel19
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 30 January 2009 - 10:26 PM

Hey,
Did the combofix scan, here's the log file from it. Thanks for the help!

ComboFix 09-01-21.04 - Administrator 2009-01-30 22:20:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3026.2189 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-31 )))))))))))))))))))))))))))))))
.

2009-01-30 01:10 . 2009-01-30 01:12 <DIR> d-------- C:\b54c3221452be7b565c96682339e
2009-01-29 23:28 . 2009-01-29 23:28 <DIR> d-------- C:\b0bf733574ca3c5706
2009-01-29 23:23 . 2009-01-29 23:23 <DIR> d-------- c:\program files\Microsoft
2009-01-29 23:23 . 2009-01-29 23:23 <DIR> d-------- C:\71006505cf92d100928a
2009-01-29 23:23 . 2009-01-30 00:55 <DIR> d-------- C:\2eb736f4199edfdbab18a0f569bbe0
2009-01-27 22:50 . 2009-01-27 22:50 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SpaceClaim
2009-01-27 22:49 . 2006-06-30 10:39 102,400 --a------ c:\windows\system32\tsccvid.dll
2009-01-27 22:48 . 2009-01-27 22:51 <DIR> d-------- c:\program files\SpaceClaim 2008
2009-01-27 22:48 . 2009-01-27 22:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\SpaceClaim
2009-01-27 22:36 . 2009-01-27 22:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\National Instruments
2009-01-27 22:34 . 2009-01-27 22:34 <DIR> d-------- c:\windows\system32\cvirte
2009-01-27 22:34 . 2009-01-27 22:41 <DIR> d-------- c:\program files\Common Files\Merge Modules
2009-01-27 22:33 . 2009-01-27 22:33 <DIR> d-------- c:\documents and settings\Administrator\Application Data\MathWorks
2009-01-27 22:32 . 2009-01-27 22:39 <DIR> d-------- c:\program files\National Instruments
2009-01-27 22:20 . 2009-01-27 22:20 <DIR> d-------- c:\program files\MATLAB
2009-01-27 21:52 . 2009-01-27 21:52 <DIR> d-------- c:\program files\Autodesk
2009-01-27 21:52 . 2009-01-27 21:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Autodesk, Inc
2009-01-27 21:51 . 2009-01-27 21:51 <DIR> d-------- c:\program files\Microsoft WSE
2009-01-27 21:51 . 2009-01-27 22:03 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Autodesk
2009-01-27 21:50 . 2009-01-27 21:51 <DIR> d-------- c:\program files\DWG TrueView 2009
2009-01-27 21:50 . 2009-01-27 22:01 <DIR> d-------- c:\program files\Common Files\Autodesk Shared
2009-01-27 21:50 . 2009-01-27 21:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Autodesk
2009-01-27 21:50 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2009-01-27 21:50 . 2007-07-19 18:14 1,358,192 --a------ c:\windows\system32\D3DCompiler_35.dll
2009-01-27 21:50 . 2007-07-19 18:14 444,776 --a------ c:\windows\system32\d3dx10_35.dll
2009-01-27 21:47 . 2009-01-30 01:11 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-27 21:47 . 2009-01-27 21:47 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-27 21:46 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-01-27 21:19 . 2009-01-27 21:19 <DIR> d-------- C:\autodesk
2009-01-27 21:16 . 2009-01-27 21:16 <DIR> d-------- c:\program files\Autodesk Student Community Download Tool
2009-01-27 21:08 . 2009-01-27 21:08 <DIR> d-------- c:\program files\PDF Annotator
2009-01-26 19:06 . 2009-01-26 19:06 <DIR> d-------- c:\program files\DyKnow
2009-01-26 19:06 . 2009-01-27 15:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\dyknow
2009-01-18 04:26 . 2009-01-18 04:27 <DIR> d-------- c:\program files\Exterminate It!
2009-01-18 04:15 . 2009-01-18 04:22 <DIR> d-------- c:\program files\Eusing Free Registry Cleaner
2009-01-17 00:16 . 2009-01-17 00:16 <DIR> d-------- c:\program files\Trend Micro
2009-01-14 22:12 . 2009-01-14 22:12 244 --ah----- C:\sqmnoopt06.sqm
2009-01-14 22:12 . 2009-01-14 22:12 232 --ah----- C:\sqmdata06.sqm
2009-01-14 02:39 . 2009-01-14 02:39 268 --ah----- C:\sqmdata05.sqm
2009-01-14 02:39 . 2009-01-14 02:39 244 --ah----- C:\sqmnoopt05.sqm
2009-01-14 00:02 . 2009-01-14 00:02 1,374 --a------ c:\windows\imsins.BAK
2009-01-13 23:24 . 2009-01-13 23:24 <DIR> d-------- c:\program files\QuickTime
2009-01-13 22:12 . 2009-01-13 22:12 244 --ah----- C:\sqmnoopt04.sqm
2009-01-13 22:12 . 2009-01-13 22:12 232 --ah----- C:\sqmdata04.sqm
2009-01-04 00:03 . 2009-01-04 00:03 73,728 --a------ c:\windows\system32\Kr4yH23x.exe_
2009-01-04 00:03 . 2009-01-04 00:03 0 --a------ c:\windows\system32\Kr4yH23x.exe.a_a
2008-12-03 20:26 . 2008-12-03 20:26 <DIR> d--h----- c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 03:08 --------- d-----w c:\documents and settings\Administrator\Application Data\HPAppData
2009-01-30 04:21 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-28 22:15 --------- d-----w c:\program files\McAfee
2009-01-28 02:49 --------- d-----w c:\program files\MSBuild
2009-01-27 06:11 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-01-11 20:19 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-01 06:35 --------- d-----w c:\program files\Google
2008-12-27 22:04 --------- d-----w c:\program files\Camfrog
2008-12-21 18:09 --------- d-----w c:\program files\Norton PC Checkup
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-01 02:55 24 ----a-w c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2007-07-24 23:03 118,784 ----a-w c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"COMMUNICATOR"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-07-23 5803368]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-20 68856]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-13 16384]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-13 271872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-10 141848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1040384]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"331BigDog"="c:\windows\VM331_STI.EXE" [2008-05-28 200704]
"ACU"="c:\program files\Atheros\ACU.exe" [2008-05-09 446651]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"FjStrtAp"="c:\program files\Fujitsu\Utils\FjStrtAp.exe" [2008-05-06 20480]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2008-06-06 3010560]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-07-12 90112]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2008-01-31 88616]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2007-12-28 233472]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2008-01-25 677144]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2008-07-10 5129504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 c:\windows\RTHDCPL.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-07-21 c:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 c:\windows\alcwzrd.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-04-15 2979144]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-27 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-13 19:11 47104 c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2008-06-06 14:05 73728 c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 05:41 11776 c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-13 19:12 32256 c:\windows\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Internet Explorer\\iexplore.exe"=

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2008-08-21 7168]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-08-21 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-08-21 35456]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-07-23 38816]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-08-21 475520]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-08-21 244368]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [2008-08-21 18944]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2008-08-21 4864]
R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [2008-08-21 30976]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-08-21 41216]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-08-21 108032]
R3 vm331avs;VC0331 USB2.0 Digital Camera;c:\windows\system32\drivers\vm331avs.sys [2008-08-21 972544]
R3 vvftav323;vvftav323;c:\windows\system32\drivers\vvftav323.sys [2007-03-19 475136]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-08-21 57408]
R4 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-05-14 1172728]
R4 FJSPA;FJSPA;c:\program files\Fujitsu\FJSPA\FJSPA.sys [2006-12-07 17712]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-08-28 206096]
R4 NetInfs;Network Interface Service;c:\windows\System32\svchost.exe -k netinfsvc [2008-05-25 14336]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-11-08 24652]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 bioschk;FPC BIOS Check Driver;c:\windows\system32\drivers\bioschk.sys [2008-08-21 3909]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2008-08-21 14208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
netinfsvc REG_MULTI_SZ NetInfs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e287750-8b3c-11dd-b40f-002163235ad7}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b49ecab-70a8-11dd-b39e-002163235ad7}]
\Shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd78dc7e-82ac-11dd-b3e8-001742c76f98}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-30 c:\windows\Tasks\At1.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-30 c:\windows\Tasks\At10.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-30 c:\windows\Tasks\At11.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-21 c:\windows\Tasks\At12.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-29 c:\windows\Tasks\At13.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-30 c:\windows\Tasks\At14.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-30 c:\windows\Tasks\At15.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-30 c:\windows\Tasks\At16.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-30 c:\windows\Tasks\At17.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-30 c:\windows\Tasks\At18.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-30 c:\windows\Tasks\At19.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-30 c:\windows\Tasks\At2.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-31 c:\windows\Tasks\At20.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-31 c:\windows\Tasks\At21.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-31 c:\windows\Tasks\At22.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-31 c:\windows\Tasks\At23.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-30 c:\windows\Tasks\At24.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-30 c:\windows\Tasks\At25.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-30 c:\windows\Tasks\At26.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-25 c:\windows\Tasks\At27.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-19 c:\windows\Tasks\At28.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-18 c:\windows\Tasks\At29.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-25 c:\windows\Tasks\At3.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-16 c:\windows\Tasks\At30.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-06 c:\windows\Tasks\At31.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-04 c:\windows\Tasks\At32.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-04 c:\windows\Tasks\At33.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-30 c:\windows\Tasks\At34.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-30 c:\windows\Tasks\At35.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-21 c:\windows\Tasks\At36.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-29 c:\windows\Tasks\At37.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-30 c:\windows\Tasks\At38.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-30 c:\windows\Tasks\At39.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-19 c:\windows\Tasks\At4.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-30 c:\windows\Tasks\At40.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-30 c:\windows\Tasks\At41.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-30 c:\windows\Tasks\At42.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-30 c:\windows\Tasks\At43.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-31 c:\windows\Tasks\At44.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-31 c:\windows\Tasks\At45.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-31 c:\windows\Tasks\At46.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-31 c:\windows\Tasks\At47.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-30 c:\windows\Tasks\At48.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-18 c:\windows\Tasks\At5.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-16 c:\windows\Tasks\At6.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-06 c:\windows\Tasks\At7.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-04 c:\windows\Tasks\At8.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-04 c:\windows\Tasks\At9.job
- c:\windows\system32\Kr4yH23x.exe []

2009-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3237501864-2727451288-313140520-500.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 17:47]

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2009-01-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 21:20]

2009-01-28 c:\windows\Tasks\Norton PC Checkup WeekDay Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-21 13:09]

2009-01-24 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-21 13:09]
.
- - - - ORPHANS REMOVED - - - -

HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; Tablet PC 1.7; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %systemroot%\system32\MSAFDLsp.dll
Trusted Zone: vt.edu\learn
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-30 22:21:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\program files\Softex\OmniPass\opxpgina.dll

- - - - - - - > 'lsass.exe'(1044)
c:\windows\system32\MSAFDLsp.dll
.
Completion time: 2009-01-30 22:22:59
ComboFix-quarantined-files.txt 2009-01-31 03:22:52

Pre-Run: 109,981,085,696 bytes free
Post-Run: 114,742,280,192 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

365 --- E O F --- 2009-01-30 06:01:29

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:16 AM

Posted 31 January 2009 - 07:30 PM

Hello Weasel19,

Please download ComboFix again to replace your current version, as it seems to be outdated.

Then, let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:http://www.bleepingcomputer.com/forums/t/195847/constant-pop-ups-errors-in-internet-explorer-mcafee-wont-fix/
Collect::
c:\windows\system32\Kr4yH23x.exe_
c:\windows\system32\Kr4yH23x.exe.a_a
AtJob::

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh DDS log.

ComboFix wil generate a zipped file, similar to C:\Qoobox\Quarantine\[9]Submit@Date_Time.zip.
Upon reboot, and if an active connection is available, it will attempt to automatically upload the malware sample for further investigation. Please allow this if one of your security programs pops up a warning.
In the event the upload fails, the sample can still be uploaded by double clicking the C:\CF-Submit.htm file (opens browser window) and click OK to start the upload. :thumbup2:

Still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users