Tech Support Forum banner
Cancel

Pop-ups, Home page changes and frustration!

Jump to Latest Follow
Status
Not open for further replies.
1 - 3 of 3 Posts
P

· Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
Hey Folks. I began having problems with pop-ups - mostly pornographic ones, a few search engine sites here and there as well. Plus my computer seems to be running really slow. I have Norton 2008 which hasn't really found anything. I ran AVG which found a few things and said it repaired them, but the problem with pop-ups and slow performance continues.

I also have my home page change on me after restarting.

I have worked my way through the steps. I didn't see any of the programs listed in Step One. I have completed Windows update as well. I have not run HiJackThis yet. I think this Deckard system does that right?

Anyway, my log is below and the other log is attached. I could really use some help here. Anything look off?

Thanks in advance.



Deckard's System Scanner v20071014.68
Run by homeuser on 2007-11-05 17:10:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
86: 2007-11-05 23:10:11 UTC - RP853 - Deckard's System Scanner Restore Point
85: 2007-11-05 23:04:42 UTC - RP852 - Software Distribution Service 3.0
84: 2007-11-04 20:45:28 UTC - RP851 - Last known good configuration
83: 2007-11-04 20:45:21 UTC - RP850 - System Checkpoint
82: 2007-11-04 20:45:21 UTC - RP849 - System Checkpoint


-- First Restore Point --
1: 2007-11-04 20:45:01 UTC - RP768 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 7.96 GiB (less than 15%) free.


-- HijackThis (run as homeuser.exe) ---------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:35 PM, on 11/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Philips\Auto Run Software for Photo Frame\PhotoManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\homeuser\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\homeuser.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.cnn.com/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {77135966-57B2-4D29-A9B9-67F47039A217} - C:\WINDOWS\system32\pmnll.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BCC73622-F72D-4277-803C-D65565A0947F} - C:\WINDOWS\system32\khfebcy.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Auto Run Software for Photo Frame] "C:\Program Files\Philips\Auto Run Software for Photo Frame\PhotoManager.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [18428624] rundll32.exe "C:\WINDOWS\system32\erfcjnui.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "homeuser"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "homeuser"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: Kremlin Sentry.lnk = C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_13\bin\npjpi142_13.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_13\bin\npjpi142_13.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O16 - DPF: {804F9BC5-0EAB-4150-8065-0DF485420670} (InstallShield Setup Player V11.5) - http://www.knoll.com/FSL/KnFSLInstall/setup.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2) - https://mtcchpfweb.bmhcc.org/download/j2re-1_4_2_03-win.exe
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmug.com/photos/activex/XUpload.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: khfebcy - C:\WINDOWS\SYSTEM32\khfebcy.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe

--
End of file - 14049 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Shockprf - c:\windows\system32\drivers\shockprf.sys <Not Verified; IBM Corporation; IBM Hard Drive Active Protection System>
R0 TPDiskPM - c:\windows\system32\drivers\tpdiskpm.sys <Not Verified; IBM Corporation; IBM SATA Power Management Driver>
R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections>
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 ShockMgr - c:\windows\system32\drivers\shockmgr.sys <Not Verified; IBM Corporation; IBM Hard Drive Active Protection System>
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWRIF - c:\windows\system32\drivers\tppwrif.sys
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.6.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.6.0>
R2 ibmfilter - c:\windows\system32\drivers\ibmfilter.sys <Not Verified; IBM; FFE and RRU>
R2 PMEM - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 TPInput - c:\windows\system32\drivers\tpinput.sys <Not Verified; IBM Corporation; IBM SATA Power Management Driver>

S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 pgfilter - c:\program files\peerguardian2\pgfilter.sys
S3 psadd (IBM PSA Access Driver) - c:\windows\system32\drivers\psadd.sys <Not Verified; IBM Corporation; SMI Driver>
S3 QCNDISIF - c:\windows\system32\drivers\qcndisif.sys <Not Verified; IBM Corporation.; IBM ThinkPad Utility>
S3 sscdbus (SAMSUNG USB Composite Device driver (WDM)) - c:\windows\system32\drivers\sscdbus.sys <Not Verified; MCCI; SAMSUNG USB Composite Device>
S3 sscdmdfl (SAMSUNG CDMA Modem Filter) - c:\windows\system32\drivers\sscdmdfl.sys <Not Verified; MCCI; SAMSUNG CDMA Modem Filter Driver>
S3 sscdmdm (SAMSUNG CDMA Modem Drivers) - c:\windows\system32\drivers\sscdmdm.sys <Not Verified; MCCI; SAMSUNG CDMA Modem>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 IBM Rapid Restore Ultra Service - "c:\program files\ibm\ibm rapid restore ultra\rrpcsb.exe" <Not Verified; ; rrpcsb Module>
R2 QCONSVC - system32\qconsvc.exe <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 TPHDEXLGSVC (IBM HDD APS Logging Service) - system32\tphdexlg.exe <Not Verified; IBM Corporation; IBM Active Protection System>
R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe
R2 vtserver (Protector Suite Virtual Token) - "c:\program files\common files\virtual token\vtserver.exe" <Not Verified; UPEK Inc.; IBM fingerprint software>

S3 PsaSrv (IBM PSA Access Driver Control) - c:\windows\system32\psasrv.exe (file missing)
S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-04 14:47:05 584 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - homeuser.job


-- Files created between 2007-10-05 and 2007-11-05 -----------------------------

2007-11-05 17:15:13 0 d-------- C:\Program Files\Trend Micro <TRENDM~1>
2007-11-05 16:37:24 0 d-------- C:\Program Files\SpywareBlaster <SPYWAR~1>
2007-11-05 14:36:57 0 d-------- C:\WINDOWS\LastGood
2007-11-05 11:35:15 83008 --a------ C:\WINDOWS\system32\bmfvdqqs.dll
2007-11-05 11:29:15 85568 --a------ C:\WINDOWS\system32\erfcjnui.dll
2007-11-05 11:21:27 379336 ---hs---- C:\WINDOWS\system32\llnmp.bak2
2007-11-04 23:21:10 6465 ---hs---- C:\WINDOWS\system32\llnmp.bak1
2007-11-04 23:20:51 320608 -----n--- C:\WINDOWS\system32\pmnll.dll
2007-11-04 21:55:57 5338 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-04 21:55:22 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-04 21:55:21 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-04 21:55:21 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-04 21:55:21 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-11-04 21:55:21 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-04 19:12:22 7259 ---hs---- C:\WINDOWS\system32\stutv.ini2
2007-11-04 18:48:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-04 14:45:33 6505 ---hs---- C:\WINDOWS\system32\stutv.bak1
2007-11-04 14:43:13 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-11-04 14:39:41 35328 --a------ C:\WINDOWS\system32\khfebcy.dll
2007-11-04 14:39:14 32768 --a------ C:\Documents and Settings\homeuser\pdf.exe
2007-11-04 14:38:10 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-04 13:44:26 0 d-------- C:\Program Files\Windows Sidebar <WICC9F~1>
2007-10-23 12:01:15 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-22 07:52:13 557056 --a------ C:\WINDOWS\Mars Screensaver.scr
2007-10-22 07:52:13 0 d-------- C:\Program Files\Longgame
2007-10-22 07:47:11 2789376 --a------ C:\WINDOWS\system32\Cities.scr <Not Verified; Screenomania.com; Cities of Earth Free 3D Screensaver>
2007-10-22 07:47:11 0 d-------- C:\Program Files\Cities of Earth <CITIES~1>
2007-10-22 07:22:22 0 d-------- C:\Program Files\Desktop XP <DESKTO~1>
2007-10-22 07:22:20 0 d-------- C:\Program Files\Free Waterfall Screensaver <FREEWA~1>
2007-10-20 07:08:18 38400 --a------ C:\WINDOWS\system32\Sports.scr <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2007-10-20 07:08:18 0 d-------- C:\Program Files\Plus!
2007-10-14 07:50:14 0 d-------- C:\Program Files\ExtractNow <EXTRAC~1>
2007-10-08 14:12:59 0 d-------- C:\Documents and Settings\All Users\Application DataTechSmith


-- Find3M Report ---------------------------------------------------------------

2007-11-05 15:50:25 0 d-------- C:\Program Files\SUPERAntiSpyware <SUPERA~1>
2007-11-05 15:48:31 0 d-------- C:\Program Files\QuickTime <QUICKT~1>
2007-11-05 15:47:20 0 d-------- C:\Program Files\Palm
2007-11-05 15:46:09 0 d-------- C:\Program Files\Norton AntiVirus <NORTON~1>
2007-11-05 15:45:53 0 d-------- C:\Program Files\MSN Messenger <MSNMES~1>
2007-11-05 15:39:42 0 d-------- C:\Program Files\iTunes
2007-11-05 15:37:50 0 d-------- C:\Program Files\ICQToolbar <ICQTOO~1>
2007-11-05 15:37:24 0 d-------- C:\Program Files\IBM RecordNow! <IBMREC~1>
2007-11-05 15:37:21 0 d-------- C:\Program Files\IBM fingerprint software <IBMFIN~1>
2007-11-05 15:35:00 0 d-------- C:\Program Files\Google
2007-11-05 15:34:30 0 d-------- C:\Program Files\D-Tools
2007-11-05 15:34:30 0 d-------- C:\Program Files\Digital Line Detect <DIGITA~1>
2007-11-05 15:34:24 0 d-------- C:\Program Files\Common Files\Webroot Shared
2007-11-05 15:34:23 0 d-------- C:\Program Files\Common Files\Virtual Token
2007-11-05 15:33:51 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-05 12:42:00 0 d-------- C:\Documents and Settings\homeuser\Application Data\Adobe
2007-11-04 14:55:57 0 d-------- C:\Program Files\Symantec
2007-11-04 13:58:19 0 d-------- C:\Program Files\Common Files <COMMON~1>
2007-10-28 08:26:58 0 d-------- C:\Documents and Settings\homeuser\Application Data\AdobeUM
2007-10-01 10:08:33 0 d-------- C:\Program Files\Emailer
2007-09-30 17:26:01 0 d-------- C:\Documents and Settings\homeuser\Application Data\Sony
2007-09-30 17:23:45 0 d-------- C:\Program Files\Sony
2007-09-30 16:31:25 0 d-------- C:\Program Files\Vstplugins <VSTPLU~1>
2007-09-30 14:50:18 0 d-------- C:\Program Files\Incomplete <INCOMP~1>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
11/04/2007 01:58 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{77135966-57B2-4D29-A9B9-67F47039A217}]
11/04/2007 11:20 PM 320608 --------- C:\WINDOWS\system32\pmnll.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]
11/04/2007 02:39 PM 35328 --a------ C:\WINDOWS\system32\khfebcy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 03:01 AM]
"UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [07/14/2004 06:34 PM]
"UC_SMB"="" []
"TpShocks"="TpShocks.exe" [10/27/2004 05:58 PM C:\WINDOWS\system32\TpShocks.exe]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [02/04/2004 08:39 PM]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [11/17/2004 02:48 AM]
"TP4EX"="tp4ex.exe" [11/12/2004 03:07 AM C:\WINDOWS\system32\TP4EX.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [11/08/2004 01:17 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/08/2004 01:17 PM]
"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [11/09/2004 05:53 AM]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [12/21/2004 03:00 AM]
"IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [12/16/2004 05:41 AM]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe" [08/06/2004 04:10 AM]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [11/24/2004 04:10 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [09/02/2004 03:05 AM]
"ControlCenter"="C:\Program Files\IBM fingerprint software\ctlcntr.exe" [11/04/2004 11:46 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/11/2004 11:00 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [04/13/2005 02:48 AM]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [08/22/2004 04:05 PM]
"PCLEPCI"="C:\PROGRA~1\Pinnacle\PPE\ppe.exe" [12/04/2001 01:12 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/31/2005 01:32 PM]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [10/08/2004 10:52 AM]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [01/18/2005 04:47 PM]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [01/18/2005 04:37 PM]
"Auto Run Software for Photo Frame"="C:\Program Files\Philips\Auto Run Software for Photo Frame\PhotoManager.exe" [08/04/2006 04:57 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/2007 08:41 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [04/27/2007 10:25 AM]
"QCTray"="C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe" [11/09/2004 05:53 AM]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/15/2005 03:48 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/23/2007 04:18 PM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [08/24/2007 10:53 PM]
"18428624"="C:\WINDOWS\system32\erfcjnui.dll" [11/05/2007 11:29 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/04/2007 06:46 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"TPKMAPMN"="C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe" [02/04/2004 08:39 PM]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [10/08/2003 05:00 AM]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [08/06/2004 04:10 AM]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [01/18/2005 04:07 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [11/04/2007 06:44 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/16/2007 02:17 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"Index Washer"=C:\Program Files\Webroot\Washer\WashIdx.exe "homeuser"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Index Washer"=C:\Program Files\Webroot\Washer\WashIdx.exe "homeuser"

C:\Documents and Settings\homeuser\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [3/19/2003 6:08:14 PM]
Kremlin Sentry.lnk - C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe [11/21/2005 12:18:48 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [12/6/2005 8:48:45 PM]
BTTray.lnk - C:\Program Files\IBM\Bluetooth Software\BTTray.exe [10/1/2004 5:12:18 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [3/6/2005 12:54:07 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 3:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
"{BCC73622-F72D-4277-803C-D65565A0947F}"= C:\WINDOWS\system32\khfebcy.dll [11/04/2007 02:39 PM 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 11/04/2007 06:44 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfebcy]
khfebcy.dll 11/04/2007 02:39 PM 35328 C:\WINDOWS\system32\khfebcy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Program Files\IBM fingerprint software\psfus.dll 11/04/2004 11:51 AM 108636 C:\Program Files\IBM fingerprint software\psfus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 11/09/2004 05:53 AM 262144 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 08/12/2004 10:11 PM 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnll.dll
"Notification Packages"= scecli pwdmon


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ba4c5fa-d279-11db-9db1-000e9b9c4e66}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f95291e-ed1f-11db-9dbd-000e35d9b8b8}]
AutoRun\command- F:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2007-11-05 17:17:53 ------------
 

Attachments

P

· Registered
Joined
·
2 Posts
Discussion Starter · #2 ·
I just wanted to add a few NEW developments. Today, 4 new problems started,
1. My font on web pges changes on its own.
2. I have a yellow exclamation triangle warning from the toolbar that flashes and warns me that I need to download new spyware software.
3. Security Toolbar 7.1 has installed itself in place of my Google toolbar and I can't get rid of it.
4. New icons for "Online Security Guard" and "Live Safety Center" have popped-up on my desktop.
All of this is happening in addition to the problems listed in my original post.

Please help. I have alot of my work that I must do on this laptop and my computer is extreeeemely slow now and its affecting my job.
 
tetonbob

· TSF Security Manager, Emeritus
Joined
·
51,795 Posts
#3 ·
Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
  1. Download this file - http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

    * IMPORTANT !!! Place combofix.exe on your Desktop


  2. Disconnect from the internet....pull the plug!
  3. Go to
    -> Run -> paste in the following single line command & click OK


    "%userprofile%\desktop\combofix.exe" /killall




  4. Follow the prompts. Type "1" and press Enter to begin the scan.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  7. Re-establish an internet connection.
  8. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

    ---------------------------------------------------------------------------------------------
 
1 - 3 of 3 Posts
Status
Not open for further replies.
About this Discussion
2 Replies
2 Participants
Last post:
tetonbob
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top