Jump to content

Recommended Posts

My computer has been having the same problem I see a lot of the other people on here posting about. I can't run MBAM or any other kind of anti-virus program. Internet Explorer won't run, Firefox will but my Google searches have been hijacked. I tried the methods in the stickied thread and none worked for me including renaming MBAM. As suggested in another thread I ran DSS. Here are the results of that:

DDS (Ver_09-07-30.01) - NTFSx86

Run by Smiths at 17:42:56.81 on Sat 08/08/2009

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.60 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Norton Ghost\Agent\GhostTray.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe

C:\Program Files\Common Files\AOL\1148070065\ee\AOLSoftware.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\dlcccoms.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Smiths\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll

BHO: McAfee AntiPhishing Filter: {41d68ed8-4cff-4115-88a6-6ebb8af19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [Aim6]

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [Norton Ghost 10.0] "c:\program files\norton ghost\agent\GhostTray.exe"

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [MSKAGENTEXE] c:\progra~1\mcafee\spamki~1\MskAgent.exe

mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16

mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"

mRun: [HostManager] c:\program files\common files\aol\1148070065\ee\AOLSoftware.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: &Search

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: musicmatch.com\online

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\smiths\applic~1\mozilla\firefox\profiles\bgh5fusc.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\documents and settings\smiths\application data\mozilla\firefox\profiles\bgh5fusc.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll

FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll

FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll

FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll

FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll

FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll

FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll

FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-7-31 214024]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-12-13 165488]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-1 210216]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-6-11 359952]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-7-31 144704]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-7-31 606736]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-7-31 79880]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-7-31 35272]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-7-31 40552]

R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-5-12 822424]

S2 0048591249751005mcinstcleanup;McAfee Application Installer Cleanup (0048591249751005);c:\windows\temp\004859~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\004859~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

S3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-12-13 198256]

S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-12-13 79472]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1aa.tmp --> c:\windows\system32\1AA.tmp [?]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-7-31 34216]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]

=============== Created Last 30 ================

2009-08-08 17:01 0 a------- c:\documents and settings\smiths\settings.dat

2009-08-07 22:34 15,504 a------- c:\windows\system32\drivers\mbam.sys

2009-08-07 22:34 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-07 22:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware2

2009-08-07 22:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2009-08-07 22:21 <DIR> --d----- c:\program files\SUPERAntiSpyware

2009-08-07 22:21 <DIR> --d----- c:\docume~1\smiths\applic~1\SUPERAntiSpyware.com

2009-08-07 22:20 <DIR> --d----- c:\program files\common files\Wise Installation Wizard

2009-08-07 21:38 <DIR> --d----- c:\program files\Windows Resource Kits

2009-08-07 21:29 <DIR> --dsh--- c:\documents and settings\smiths\PrivacIE

2009-08-07 21:23 <DIR> --dsh--- c:\documents and settings\smiths\IETldCache

2009-08-07 20:55 <DIR> --d----- c:\program files\Sophos

2009-08-07 20:48 12,800 -------- c:\windows\system32\dllcache\xpshims.dll

2009-08-07 20:48 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll

2009-08-07 20:47 <DIR> --d----- c:\windows\ie8updates

2009-08-07 20:46 101,376 -------- c:\windows\system32\dllcache\iecompat.dll

2009-08-07 20:42 <DIR> -cd-h--- c:\windows\ie8

2009-08-07 16:15 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-08-07 15:02 <DIR> --d----- c:\program files\ESET

2009-08-07 14:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan

2009-08-07 14:30 <DIR> --d----- c:\program files\thing

2009-08-07 12:47 1,234,795 a------- c:\windows\system32\xa.tmp

==================== Find3M ====================

2009-08-04 09:48 4,184 a--sh--- c:\windows\system32\KGyGaAvL.sys

2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll

2009-07-19 09:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll

2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll

2009-07-03 13:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll

2009-07-03 13:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll

2009-07-03 13:09 206,848 -------- c:\windows\system32\dllcache\occache.dll

2009-07-03 13:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll

2009-07-03 13:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll

2009-07-03 13:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll

2009-07-03 13:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll

2009-07-03 13:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll

2009-07-03 13:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll

2009-07-03 07:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe

2009-06-29 12:12 133,120 a------- c:\windows\system32\dllcache\extmgr.dll

2009-06-29 07:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe

2009-06-16 10:55 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 10:55 82,432 a------- c:\windows\system32\fontsub.dll

2009-06-16 10:55 119,808 -------- c:\windows\system32\dllcache\t2embed.dll

2009-06-16 10:55 82,432 -------- c:\windows\system32\dllcache\fontsub.dll

2009-06-07 16:24 180,224 a------- c:\windows\system32\xvidvfw.dll

2009-06-07 16:16 819,200 a------- c:\windows\system32\xvidcore.dll

2009-06-03 15:27 1,290,752 a------- c:\windows\system32\quartz.dll

2009-06-03 15:27 1,290,752 -------- c:\windows\system32\dllcache\quartz.dll

2007-02-02 20:32 88 ---shr-- c:\windows\system32\97E2747BB5.sys

============= FINISH: 17:43:50.59 ===============

Attach.txt

Attach.txt

Link to post
Share on other sites

  • Staff

ads1234,

Bumping your topic makes it less likely you'll get help since it appears that someone has already responded to your thread. There are hundreds of people waiting and it would be appreciated if you exercised patience.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.