Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE Script errors but IE isnt open


  • This topic is locked This topic is locked
4 replies to this topic

#1 rossf

rossf

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 06 July 2009 - 02:14 PM

Hi,

I've got a problem with Internet Explorer Script Error pop ups displaying and I'm not even using IE, I browse with google Chrome. I've run Malwarebytes and it discovered some infections but this problem persists.

The URL which is causing the error alternates.


Here is my DSS log:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Ross at 19:50:18.79 on 06/07/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.306 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\System Control Manager\edd.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\tsnp2std.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\32_twunk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ross\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [O2] "c:\program files\o2\bin\sprtcmd.exe" /P O2
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTRegRun] c:\windows\CTRegRun.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [twunk_32] c:\windows\32_twunk.exe
mRun: [FlashMute] c:\windows\flashmute.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\ross\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wlanut~1.lnk - c:\program files\microstar\wlanutility\WlanUtility.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ross\applic~1\mozilla\firefox\profiles\sji51zp6.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-11-14 34176]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2005-10-31 28800]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 214024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-24 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-6-24 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-6-24 144704]
R2 NishService;SCM Driver Daemon;c:\program files\system control manager\edd.exe [2009-6-14 40960]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\o2\bin\sprtsvc.exe [2007-6-7 202280]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-6-24 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-24 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-24 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-24 40552]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2009-6-14 20128]
S2 gupdate1c9eddd1e0ff58c;Google Update Service (gupdate1c9eddd1e0ff58c);c:\program files\google\update\GoogleUpdate.exe [2009-6-15 133104]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-24 34248]

=============== Created Last 30 ================

2009-07-04 11:54 <DIR> --d----- c:\windows\system32\RTCOM
2009-07-04 11:35 <DIR> --d----- c:\windows\system32\en
2009-07-04 11:35 <DIR> --d----- c:\windows\system32\bits
2009-07-04 11:19 <DIR> --d----- c:\windows\EHome
2009-07-04 11:16 0 a------t c:\windows\005232_.tmp
2009-07-01 22:42 8,192 ac------ c:\windows\system32\dllcache\kbdkor.dll
2009-07-01 22:42 8,192 a------- c:\windows\system32\kbdkor.dll
2009-07-01 22:42 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll
2009-07-01 22:42 6,144 ac------ c:\windows\system32\dllcache\kbd101c.dll
2009-07-01 22:42 5,632 ac------ c:\windows\system32\dllcache\kbd103.dll
2009-07-01 22:42 8,704 a------- c:\windows\system32\kbdjpn.dll
2009-07-01 22:42 6,144 a------- c:\windows\system32\kbd106.dll
2009-07-01 22:42 6,144 a------- c:\windows\system32\kbd101c.dll
2009-07-01 22:42 5,632 a------- c:\windows\system32\kbd103.dll
2009-07-01 22:42 6,144 ac------ c:\windows\system32\dllcache\kbd101b.dll
2009-07-01 22:42 6,144 a------- c:\windows\system32\kbd101b.dll
2009-07-01 22:40 <DIR> --d----- c:\docume~1\ross\applic~1\Malwarebytes
2009-07-01 22:40 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-01 22:40 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-01 22:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-01 22:40 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-01 22:06 1,737,856 -------- c:\windows\system32\mtxparhd.dll
2009-07-01 22:04 63,488 -------- c:\windows\system32\drivers\atinxsxx.sys
2009-06-28 00:29 400,435 a------- c:\windows\32_twunk.exe
2009-06-24 22:36 <DIR> --d----- c:\program files\Trend Micro
2009-06-24 21:52 9,923 a------- c:\windows\system32\Config.MPF
2009-06-24 21:44 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-06-24 21:44 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-06-24 21:44 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-06-24 21:44 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-06-24 21:43 <DIR> --d----- c:\program files\common files\McAfee
2009-06-24 21:43 <DIR> --d----- c:\program files\McAfee.com
2009-06-24 21:42 <DIR> --d----- c:\program files\McAfee
2009-06-24 21:37 34,248 a------- c:\windows\system32\drivers\mferkdk.sys
2009-06-24 20:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Citrix
2009-06-24 20:40 61,224 a------- c:\documents and settings\ross\GoToAssistDownloadHelper.exe
2009-06-24 20:21 <DIR> --d----- c:\docume~1\ross\applic~1\McAfee
2009-06-23 23:20 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-06-21 15:43 1 a------- c:\windows\934fdfg34fgjf23
2009-06-21 15:43 <DIR> --d----- c:\program files\driver
2009-06-19 19:12 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-06-19 19:11 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-06-19 19:11 <DIR> --d----- c:\windows\system32\Lang
2009-06-18 21:51 <DIR> --d----- c:\windows\system32\scripting
2009-06-18 21:51 <DIR> --d----- c:\windows\l2schemas
2009-06-18 21:48 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-18 21:44 <DIR> --d----- c:\windows\network diagnostic
2009-06-16 16:36 664 a------- c:\windows\system32\d3d9caps.dat
2009-06-16 10:16 221,184 a------- c:\windows\system32\wmpns.dll
2009-06-15 23:01 <DIR> --d----- c:\docume~1\ross\applic~1\OpenOffice.org
2009-06-15 22:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CanonIJPLM
2009-06-15 22:57 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-06-15 22:56 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-06-15 22:56 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-06-15 22:53 151,552 a------- c:\windows\system32\CNCF2Ld.DLL
2009-06-15 22:50 <DIR> --d----- c:\program files\Canon
2009-06-15 19:52 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-06-15 19:52 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-15 19:51 <DIR> --d----- c:\program files\iPod
2009-06-15 19:51 <DIR> --d----- c:\program files\iTunes
2009-06-15 19:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-15 19:51 <DIR> --d----- c:\program files\Bonjour
2009-06-15 19:49 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-15 19:49 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-06-15 19:43 <DIR> --d----- c:\windows\system32\NtmsData
2009-06-15 19:17 <DIR> --d----- c:\docume~1\ross\applic~1\UseNeXT
2009-06-15 19:17 <DIR> --d----- c:\program files\UseNeXT
2009-06-15 18:52 <DIR> --d----- c:\program files\JRE
2009-06-15 18:52 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-06-15 18:16 <DIR> --d----- c:\program files\common files\DivX Shared
2009-06-15 15:00 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-06-15 14:58 <DIR> --d--r-- c:\program files\Skype
2009-06-15 07:39 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-15 07:39 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-15 07:10 160,896 a----r-- c:\windows\system32\drivers\ctusfsyn.sys
2009-06-15 00:37 23,880 a------- c:\windows\system32\BMXStateBkp-{00000006-00000000-00000000-00001102-00000008-20011102}.rfx
2009-06-15 00:37 23,880 a------- c:\windows\system32\BMXState-{00000006-00000000-00000000-00001102-00000008-20011102}.rfx
2009-06-15 00:37 11,564 a------- c:\windows\system32\DVCState-{00000006-00000000-00000000-00001102-00000008-20011102}.rfx
2009-06-15 00:37 7,884 a------- c:\windows\system32\BMXCtrlState-{00000006-00000000-00000000-00001102-00000008-20011102}.rfx
2009-06-15 00:37 7,884 a------- c:\windows\system32\BMXBkpCtrlState-{00000006-00000000-00000000-00001102-00000008-20011102}.rfx
2009-06-15 00:29 4,958,588 a------- c:\windows\{00000006-00000000-00000000-00001102-00000008-20011102}.BAK
2009-06-15 00:18 <DIR> --d----- c:\program files\Yahoo!
2009-06-15 00:16 7,062 a------- c:\windows\system32\audiopid.vxd
2009-06-15 00:14 375,519 -c------ c:\windows\system32\dllcache\nuskin.wmv
2009-06-15 00:13 44,032 -------- c:\windows\system32\CTSVCCDA.EXE
2009-06-15 00:13 25,088 -------- c:\windows\system32\CTSVCCTL.EXE
2009-06-15 00:12 <DIR> --d----- c:\program files\common files\Creative
2009-06-15 00:12 <DIR> --d-h--- c:\program files\Creative Installation Information
2009-06-15 00:12 64,352 -------- c:\windows\system32\drivers\ativmc20.cod
2009-06-15 00:04 <DIR> --d----- c:\windows\system32\Defaults
2009-06-15 00:03 <DIR> --d----- c:\program files\Creative
2009-06-15 00:03 4,958,588 a------- c:\windows\{00000006-00000000-00000000-00001102-00000008-20011102}.CDF
2009-06-15 00:03 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-06-15 00:03 83,072 a------- c:\windows\system32\drivers\wdmaud.sys
2009-06-15 00:03 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-06-15 00:03 56,576 a------- c:\windows\system32\drivers\swmidi.sys
2009-06-15 00:03 142,592 a------- c:\windows\system32\drivers\aec.sys
2009-06-15 00:02 172,416 a------- c:\windows\system32\drivers\kmixer.sys
2009-06-15 00:02 2,944 a------- c:\windows\system32\drivers\drmkaud.sys
2009-06-15 00:02 60,800 a------- c:\windows\system32\drivers\sysaudio.sys
2009-06-15 00:02 7,406 a----r-- c:\windows\system32\SBAudigy.ico
2009-06-15 00:02 1,912 a------- c:\windows\system32\Audigy.bmp
2009-06-15 00:02 146,048 ac------ c:\windows\system32\dllcache\portcls.sys
2009-06-15 00:02 146,048 a------- c:\windows\system32\drivers\portcls.sys
2009-06-15 00:02 60,160 ac------ c:\windows\system32\dllcache\drmk.sys
2009-06-15 00:02 60,160 a------- c:\windows\system32\drivers\drmk.sys
2009-06-15 00:01 50,410 a----r-- c:\windows\system32\e10kxwdm.ini
2009-06-15 00:01 193 a----r-- c:\windows\system32\ctzapxx.ini
2009-06-15 00:01 11,776 a------- c:\windows\INRES.DLL
2009-06-15 00:01 10,240 a------- c:\windows\CTDCRES.DLL
2009-06-15 00:01 <DIR> --d----- c:\windows\system32\Data
2009-06-14 23:57 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-06-14 23:57 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-06-14 23:57 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-06-14 23:55 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-14 23:54 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-06-14 23:50 <DIR> --d----- c:\windows\system32\LogFiles
2009-06-14 23:49 <DIR> --ds---- c:\documents and settings\ross\UserData
2009-06-14 23:47 <DIR> --d----- c:\program files\O2
2009-06-14 23:47 728 a------- c:\windows\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
2009-06-14 23:46 <DIR> --d----- c:\windows\system32\PreInstall
2009-06-14 23:46 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-06-14 23:46 <DIR> --d-h--- c:\windows\$hf_mig$
2009-06-14 23:37 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-06-14 23:36 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-06-14 23:36 10,240 a------- c:\windows\system32\drivers\compbatt.sys
2009-06-14 23:36 14,208 a------- c:\windows\system32\drivers\battc.sys
2009-06-14 23:36 13,952 a------- c:\windows\system32\drivers\cmbatt.sys
2009-06-14 23:36 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-06-14 23:35 74,240 a------- c:\windows\system32\usbui.dll
2009-06-14 23:34 <DIR> --d----- c:\program files\common files\ODBC
2009-06-14 23:34 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-06-14 23:33 66,594 ac------ c:\windows\system32\dllcache\c_855.nls
2009-06-14 23:33 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-06-14 23:32 <DIR> --d----- C:\Documents and Settings
2009-06-14 23:31 261 a------- c:\windows\system32\$winnt$.inf
2009-06-14 23:28 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-06-14 23:18 <DIR> --d----- c:\program files\System Control Manager
2009-06-14 23:16 <DIR> --d----- c:\program files\DivX
2009-06-14 23:16 <DIR> --d----- c:\program files\Fingerprint Sensor
2009-06-14 23:15 <DIR> --d----- c:\program files\common files\snp2std
2009-06-14 23:08 <DIR> --d----- c:\program files\AMD
2009-06-14 23:03 <DIR> --d----- c:\program files\ATI Technologies
2009-06-14 23:02 <DIR> --d----- c:\program files\MicroStar
2009-06-14 22:59 <DIR> --d----- c:\program files\common files\SupportSoft
2009-06-14 22:49 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-06-14 22:48 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-06-14 22:47 <DIR> --d----- c:\program files\common files\MSSoap
2009-06-14 22:45 <DIR> --d----- c:\program files\Online Services
2009-06-14 22:45 <DIR> --d----- c:\program files\Messenger
2009-06-14 22:45 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-06-14 22:44 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-06-18 21:55 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-14 22:46 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-05-13 23:25 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 22:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 22:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 22:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 22:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 22:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 22:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 22:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-29 05:52 1,023,488 a------- c:\windows\system32\browseui(2).dll
2009-04-29 05:52 616,448 a------- c:\windows\system32\urlmon(4).dll
2009-04-29 05:52 616,448 a------- c:\windows\system32\urlmon(3).dll
2009-04-29 05:52 474,112 a------- c:\windows\system32\shlwapi(3).dll
2009-04-29 05:52 659,456 a------- c:\windows\system32\wininet(4).dll
2009-04-29 05:52 659,456 a------- c:\windows\system32\wininet(3).dll
2009-04-29 05:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-29 05:46 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-17 13:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 16:11 584,192 a------- c:\windows\system32\rpcrt4(4).dll
2009-04-15 16:11 584,192 a------- c:\windows\system32\rpcrt4(3).dll
2009-04-15 15:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 19:51:53.93 ===============

Thanks

Ross

Attached Files


Edited by rossf, 06 July 2009 - 02:16 PM.


BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:44 PM

Posted 13 July 2009 - 09:21 AM

Hi Ross,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh DDS log, please. Post also MBAM report of your scan.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 rossf

rossf
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 15 July 2009 - 01:09 PM

Hi there,

Thanks a lot for the reply, better late than never! Sorry its taken me a while to get back, been a busy week!

So, here's my latest DDS log:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Ross at 19:15:51.73 on 15/07/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.244 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\System Control Manager\edd.exe
C:\WINDOWS\system32\o2flash.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\tsnp2std.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\32_twunk.exe
C:\WINDOWS\flashmute.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ross\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - c:\program files\mininova-vuze\tbMin1.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - c:\program files\mininova-vuze\tbMin1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Mininova-Vuze Toolbar: {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - c:\program files\mininova-vuze\tbMin1.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [O2] "c:\program files\o2\bin\sprtcmd.exe" /P O2
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTRegRun] c:\windows\CTRegRun.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [twunk_32] c:\windows\32_twunk.exe
mRun: [FlashMute] c:\windows\flashmute.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\ross\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wlanut~1.lnk - c:\program files\microstar\wlanutility\WlanUtility.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} - hxxps://testdirector.rmplc.net/qcbin/Spider91.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ross\applic~1\mozilla\firefox\profiles\sji51zp6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1978305&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Mininova-Vuze Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1978305&q=
FF - component: c:\documents and settings\ross\application data\mozilla\firefox\profiles\sji51zp6.default\extensions\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}\components\FFExternalAlert.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-11-14 34176]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2005-10-31 28800]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 214024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-24 210216]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-6-24 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-6-24 144704]
R2 NishService;SCM Driver Daemon;c:\program files\system control manager\edd.exe [2009-6-14 40960]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\o2\bin\sprtsvc.exe [2007-6-7 202280]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-6-24 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-24 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-24 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-6-24 40552]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2009-6-14 20128]
S2 gupdate1c9eddd1e0ff58c;Google Update Service (gupdate1c9eddd1e0ff58c);c:\program files\google\update\GoogleUpdate.exe [2009-6-15 133104]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-6-24 34248]

=============== Created Last 30 ================

2009-07-11 13:02 116 a------- c:\windows\NeroDigital.ini
2009-07-11 12:52 106,496 a------- c:\windows\system32\TwnLib20.dll
2009-07-11 12:52 364,544 -------- c:\windows\system32\TwnLib4.dll
2009-07-11 12:52 1,568,768 -------- c:\windows\system32\ImagX7.dll
2009-07-11 12:52 476,320 -------- c:\windows\system32\ImagXpr7.dll
2009-07-11 12:52 471,040 -------- c:\windows\system32\ImagXRA7.dll
2009-07-11 12:52 262,144 -------- c:\windows\system32\ImagXR7.dll
2009-07-11 12:52 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-07-11 11:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus
2009-07-11 11:16 <DIR> --d----- c:\docume~1\ross\applic~1\Azureus
2009-07-11 11:16 <DIR> --d----- c:\program files\Conduit
2009-07-11 11:16 <DIR> --d----- c:\program files\Mininova-Vuze
2009-07-11 10:26 <DIR> --d----- c:\program files\Vuze
2009-07-11 10:26 <DIR> --d----- c:\program files\common files\i4j_jres
2009-07-09 22:11 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-07-09 22:11 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-07-09 22:11 268,288 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-07-09 22:11 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-09 22:11 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-07-09 22:11 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-07-09 22:11 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-07-09 22:11 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-07-09 22:11 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-07-09 22:10 13,646 a------- c:\windows\system32\wpa.bak
2009-07-06 20:23 <DIR> --d----- c:\program files\common files\Mercury Interactive
2009-07-06 20:23 215 a------- c:\windows\mercury.ini
2009-07-04 11:54 <DIR> --d----- c:\windows\system32\RTCOM
2009-07-04 11:35 <DIR> --d----- c:\windows\system32\en
2009-07-04 11:35 <DIR> --d----- c:\windows\system32\bits
2009-07-04 11:19 <DIR> --d----- c:\windows\EHome
2009-07-04 11:16 0 a------t c:\windows\005232_.tmp
2009-07-01 22:42 8,192 ac------ c:\windows\system32\dllcache\kbdkor.dll
2009-07-01 22:42 8,192 a------- c:\windows\system32\kbdkor.dll
2009-07-01 22:42 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll
2009-07-01 22:42 6,144 ac------ c:\windows\system32\dllcache\kbd101c.dll
2009-07-01 22:42 5,632 ac------ c:\windows\system32\dllcache\kbd103.dll
2009-07-01 22:42 8,704 a------- c:\windows\system32\kbdjpn.dll
2009-07-01 22:42 6,144 a------- c:\windows\system32\kbd106.dll
2009-07-01 22:42 6,144 a------- c:\windows\system32\kbd101c.dll
2009-07-01 22:42 5,632 a------- c:\windows\system32\kbd103.dll
2009-07-01 22:42 6,144 ac------ c:\windows\system32\dllcache\kbd101b.dll
2009-07-01 22:42 6,144 a------- c:\windows\system32\kbd101b.dll
2009-07-01 22:40 <DIR> --d----- c:\docume~1\ross\applic~1\Malwarebytes
2009-07-01 22:40 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-01 22:40 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-01 22:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-01 22:40 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-01 22:06 1,737,856 -------- c:\windows\system32\mtxparhd.dll
2009-07-01 22:04 63,488 -------- c:\windows\system32\drivers\atinxsxx.sys
2009-06-28 00:29 400,435 a------- c:\windows\32_twunk.exe
2009-06-24 22:36 <DIR> --d----- c:\program files\Trend Micro
2009-06-24 21:52 11,035 a------- c:\windows\system32\Config.MPF
2009-06-24 21:44 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-06-24 21:44 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-06-24 21:44 79,816 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-06-24 21:44 120,136 a------- c:\windows\system32\drivers\Mpfp.sys
2009-06-24 21:43 <DIR> --d----- c:\program files\common files\McAfee
2009-06-24 21:43 <DIR> --d----- c:\program files\McAfee.com
2009-06-24 21:42 <DIR> --d----- c:\program files\McAfee
2009-06-24 21:37 34,248 a------- c:\windows\system32\drivers\mferkdk.sys
2009-06-24 20:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Citrix
2009-06-24 20:40 61,224 a------- c:\documents and settings\ross\GoToAssistDownloadHelper.exe
2009-06-24 20:21 <DIR> --d----- c:\docume~1\ross\applic~1\McAfee
2009-06-23 23:20 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-06-21 15:43 1 a------- c:\windows\934fdfg34fgjf23
2009-06-21 15:43 <DIR> --d----- c:\program files\driver
2009-06-19 19:12 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-06-19 19:11 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-06-19 19:11 <DIR> --d----- c:\windows\system32\Lang
2009-06-18 21:51 <DIR> --d----- c:\windows\system32\scripting
2009-06-18 21:51 <DIR> --d----- c:\windows\l2schemas
2009-06-18 21:48 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-18 21:44 <DIR> --d----- c:\windows\network diagnostic
2009-06-16 16:36 664 a------- c:\windows\system32\d3d9caps.dat
2009-06-16 10:16 221,184 a------- c:\windows\system32\wmpns.dll
2009-06-15 23:01 <DIR> --d----- c:\docume~1\ross\applic~1\OpenOffice.org
2009-06-15 22:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CanonIJPLM
2009-06-15 22:57 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-06-15 22:56 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-06-15 22:56 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-06-15 22:53 151,552 a------- c:\windows\system32\CNCF2Ld.DLL
2009-06-15 22:50 <DIR> --d----- c:\program files\Canon
2009-06-15 19:52 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-06-15 19:52 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-15 19:51 <DIR> --d----- c:\program files\iPod
2009-06-15 19:51 <DIR> --d----- c:\program files\iTunes
2009-06-15 19:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-15 19:51 <DIR> --d----- c:\program files\Bonjour
2009-06-15 19:49 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-15 19:49 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-06-15 19:43 <DIR> --d----- c:\windows\system32\NtmsData
2009-06-15 19:17 <DIR> --d----- c:\docume~1\ross\applic~1\UseNeXT
2009-06-15 19:17 <DIR> --d----- c:\program files\UseNeXT

==================== Find3M ====================

2009-06-18 21:55 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-15 07:39 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-14 22:46 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 22:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 22:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 22:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 22:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 22:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 22:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 22:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-29 05:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 05:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-29 05:52 1,023,488 a------- c:\windows\system32\browseui(2).dll
2009-04-29 05:52 616,448 a------- c:\windows\system32\urlmon(4).dll
2009-04-29 05:52 616,448 a------- c:\windows\system32\urlmon(3).dll
2009-04-29 05:52 474,112 a------- c:\windows\system32\shlwapi(3).dll
2009-04-29 05:52 659,456 a------- c:\windows\system32\wininet(4).dll
2009-04-29 05:52 659,456 a------- c:\windows\system32\wininet(3).dll
2009-04-17 13:26 1,847,168 a------- c:\windows\system32\win32k.sys

============= FINISH: 19:16:56.06 ===============


And here's my MBAM log:

Malwarebytes' Anti-Malware 1.38
Database version: 2360
Windows 5.1.2600 Service Pack 3

15/07/2009 07:46:56
mbam-log-2009-07-15 (07-46-56).txt

Scan type: Full Scan (C:\|E:\|K:\|)
Objects scanned: 206633
Time elapsed: 1 hour(s), 51 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I am still getting the random IE pop up, please help!

thanks,

Ross

Attached Files


Edited by rossf, 15 July 2009 - 01:19 PM.


#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:44 PM

Posted 16 July 2009 - 03:03 AM

Hi,

You seem to have p2p file sharing software installed there. I recommend to uninstall such programs. Big part of infections are received from p2p networks nowadays.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:44 PM

Posted 24 July 2009 - 03:31 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users