Jump to content

Recommended Posts

My computer system does not let me scan with malwarebytes or any anti-virus security system...it opens up the scan window and scans for 20-30 seconds and then it the program shuts down.

Need help with this asap please!

Forgot to include my dds and attach file, but here they are

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 7.0.6002.18005

Run by Laura at 23:59:59 on 2011-10-22

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.2410 [GMT -5:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\1328167361:1053218224.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer provided by Dell

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080906

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080906

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: H - No File

mURLSearchHooks: H - No File

uWinlogon: Shell=c:\users\laura\appdata\local\c1392a4f\X

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File

uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

uRun: [09148171358346488597030787703974] c:\program files\antivirus 2009\av2009.exe

uRun: [Facebook Update] "c:\users\laura\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpqSRMon]

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

mRun: [blackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\users\laura\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe

StartupFolder: c:\users\laura\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: mswsock.dll

DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{311BD824-7FCC-44E1-AA12-372FCE7C8F80} : DhcpNameServer = 209.18.47.61 209.18.47.62

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: AVGRSSTX.DLL c:\progra~1\google\google~2\GOEC62~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\laura\appdata\roaming\mozilla\firefox\profiles\3cdiqb3z.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc8b23e&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.type - 2

FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\laura\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll

FF - plugin: c:\users\laura\appdata\local\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll

FF - plugin: c:\users\laura\appdata\roaming\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\users\laura\appdata\roaming\mozilla\firefox\profiles\3cdiqb3z.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

.

============= SERVICES / DRIVERS ===============

.

S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-9-6 73728]

S2 AGWinService;AG Windows Service;c:\program files\agi\common\win32\pythonservice.exe [2008-9-30 10240]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]

S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

S2 gupdate1ca422aaff4d11f;Google Update Service (gupdate1ca422aaff4d11f);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-22 366152]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-6 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-30 133104]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-9-6 111616]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-22 22216]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-10-23 04:53:26 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-23 04:53:04 -------- d-----w- c:\users\laura\appdata\roaming\Malwarebytes

2011-10-23 04:52:50 -------- d-----w- c:\programdata\Malwarebytes

2011-10-23 04:52:47 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-23 04:52:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-23 03:03:21 -------- d-----w- c:\programdata\Kaspersky Lab

2011-10-23 03:00:15 -------- d-----w- c:\program files\ESET

2011-10-23 02:46:25 48016 --sha-w- c:\windows\system32\c_87811.nl_

2011-10-16 20:15:19 -------- d-sh--w- c:\users\laura\appdata\local\c1392a4f

2011-10-16 13:53:06 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4a5fc8a9-2ade-4e43-9ee2-fbfd3b191a2e}\offreg.dll

2011-10-16 02:44:06 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4a5fc8a9-2ade-4e43-9ee2-fbfd3b191a2e}\mpengine.dll

2011-10-12 21:19:16 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-10-12 21:19:16 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-12 21:19:16 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-12 21:19:15 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-10-12 21:19:14 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-10-11 05:46:54 194362 ----a-w- c:\windows\system32\drivers\windrvr6.sys

2011-10-11 05:46:54 102400 ------w- c:\windows\system32\wdapi811.dll

2011-10-11 05:46:52 -------- d-----w- c:\program files\common files\Vernier Software

2011-10-11 05:46:05 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll

2011-10-11 05:46:04 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll

2011-10-11 05:46:04 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll

2011-10-11 05:46:04 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe

2011-10-11 05:46:04 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll

2011-10-11 05:46:03 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll

2011-10-11 05:46:03 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll

2011-10-11 05:44:41 -------- d-----w- c:\program files\Fathom 2

2011-10-11 04:15:04 703824 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{17c30dfe-9539-4747-884d-3ac8694556bc}\gapaengine.dll

.

==================== Find3M ====================

.

2011-10-23 02:46:04 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-09-02 13:39:07 1383424 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-29 05:56:09 256 ----a-w- c:\windows\system32\pool.bin

2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-08-25 16:14:01 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll

2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-08-16 16:15:15 834048 ----a-w- c:\windows\system32\wininet.dll

2011-08-16 14:20:55 389632 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 0:01:46.33 ===============

dds.txt

attach.txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.