Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to get my computer running safely and correct?


  • This topic is locked This topic is locked
2 replies to this topic

#1 neisha

neisha

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 31 January 2009 - 02:41 PM

I have removed Antivirus,2009 from my computer by using Malwarebytes' Anti-Malware. My computer is showing that the virus has been removed by a scan using the Malwarebytes' scan, and McAfee through Comcast. Yet, everytime I try to access different websites, I get an Internet Explorer warning blocking this site; threatning potential harm from an untrusted source. I am currently running my computer through safe mode, so I know its an security issue because I bypassed all the security settings and I can access sites with no problem. How can I get my computer to run properly without being in safe mode?

DDS (Ver_09-01-19.01) - NTFSx86 NETWORK
Run by Administrator at 14:17:20.28 on Sat 01/31/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.202 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3507
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3507
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com
mWindow Title = Windows Internet Explorer provided by Comcast
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W3507
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: &Research: {0b014b81-4e12-46f9-806f-55867af8fd3c} - c:\windows\system32\winsystems.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Power2GoExpress] NA
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [HostManager] c:\program files\common files\aol\1160182700\ee\AOLSoftware.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [BearFlix] "c:\program files\bearflix\bearflix.exe" /pause
mRun: [SDR6cw] c:\program files\common files\systemdoctor\SDR6cw.exe -c
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
dRunOnce: [LabelMaker2.0] regsvr32 c:\program files\common files\mysoftware\regdll.dll /s
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\instal~1.lnk - c:\program files\sifxinst\SIFXINST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin.cab
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath -

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

============= SERVICES / DRIVERS ===============

S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-7-24 201320]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-10-6 29744]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-7-24 695624]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-7-24 79304]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-7-24 35240]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-7-24 33832]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-7-24 40488]
S4 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-7-24 359248]
S4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S4 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-7-24 144704]

=============== Created Last 30 ================

2009-01-31 13:44 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-01-31 13:36 296,462 a------- c:\windows\~DFEB39.tmp
2009-01-31 13:33 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-31 13:33 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-31 13:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-31 13:33 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-31 11:06 <DIR> --d----- c:\windows\LastGood.Tmp
2009-01-31 10:50 <DIR> --d----- c:\windows\system32\scripting
2009-01-31 10:50 <DIR> --d----- c:\windows\l2schemas
2009-01-31 10:50 <DIR> --d----- c:\windows\system32\en
2009-01-31 10:50 <DIR> --d----- c:\windows\system32\bits
2009-01-31 10:42 <DIR> --d----- c:\windows\ServicePackFiles
2009-01-29 11:44 <DIR> --d----- c:\program files\Avanquest update
2009-01-29 11:43 37,062 a------- c:\windows\system32\odbcinst.hlp
2009-01-29 11:43 324 a------- c:\windows\system32\odbcinst.cnt
2009-01-29 11:43 344,064 a------- c:\windows\system32\msexch35.dll
2009-01-29 11:43 170,865 a------- c:\windows\system32\Odbcjet.hlp
2009-01-29 11:43 123,664 a------- c:\windows\system32\msjint35.dll
2009-01-29 11:43 6,902 a------- c:\windows\system32\Odbcjet.cnt
2009-01-29 11:43 294,912 a------- c:\windows\system32\msxbse35.dll
2009-01-29 11:43 166,672 a------- c:\windows\system32\mstext35.dll
2009-01-29 11:43 262,144 a------- c:\windows\system32\msrd2x35.dll
2009-01-29 11:43 250,128 a------- c:\windows\system32\mspdox35.dll
2009-01-29 11:40 348,160 -------- c:\windows\system32\MFC30.DLL
2009-01-29 11:40 <DIR> --d----- c:\program files\MySoftware
2009-01-29 11:40 <DIR> --d----- c:\program files\common files\MySoftware
2009-01-29 09:20 <DIR> --d----- c:\windows\system32\FxsTmp
2009-01-29 09:19 535 a------- c:\windows\system32\mapisvc.inf
2009-01-29 09:19 11,264 ac------ c:\windows\system32\dllcache\fxssend.exe
2009-01-29 09:19 11,264 a------- c:\windows\system32\fxssend.exe
2009-01-29 09:19 31,744 ac------ c:\windows\system32\dllcache\fxsroute.dll
2009-01-29 09:19 31,744 a------- c:\windows\system32\fxsroute.dll
2009-01-29 09:19 1,793 a------- c:\windows\system32\fxsperf.ini
2009-01-29 09:19 132,608 ac------ c:\windows\system32\dllcache\fxsclntr.dll
2009-01-29 09:19 132,608 a------- c:\windows\system32\fxsclntR.dll
2009-01-29 09:19 1,361 a------- c:\windows\system32\fxscount.h
2009-01-29 09:19 111,104 ac------ c:\windows\system32\dllcache\fxscfgwz.dll
2009-01-29 09:19 111,104 a------- c:\windows\system32\fxscfgwz.dll
2009-01-29 09:19 400,384 a------- c:\windows\system32\fxsxp32.dll
2009-01-29 04:16 276,992 -------- c:\windows\system32\wmphoto.dll
2009-01-29 04:15 291,328 -------- c:\windows\system32\qagentrt.dll
2009-01-29 04:14 37,376 -------- c:\windows\system32\l2gpstore.dll
2009-01-29 04:13 39,936 -------- c:\windows\system32\dimsroam.dll
2009-01-29 03:49 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-01-29 03:49 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-01-29 03:49 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2009-01-29 03:49 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-29 03:48 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-29 03:48 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-29 03:48 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-29 03:48 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-01-29 03:48 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-01-29 03:47 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-01-29 03:47 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-01-29 03:47 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-01-29 03:46 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-01-29 03:07 <DIR> --d----- c:\windows\SHELLNEW
2009-01-27 01:12 62 a------- c:\windows\PrintWorkShop2009.ini
2009-01-27 00:51 <DIR> --d----- c:\program files\Print Workshop 2009
2009-01-24 15:08 5,532 a------- c:\windows\system32\Stdole.tlb
2009-01-24 15:07 21,776 a------- c:\windows\system32\msxml2a.dll
2009-01-24 15:07 24,576 a------- c:\windows\system32\msxml3a.dll
2009-01-24 15:07 44,544 a------- c:\windows\system32\msxml4a.dll
2009-01-24 15:04 <DIR> --d----- c:\program files\Keyboarding Pro 5
2009-01-18 19:24 65,536 a------- c:\windows\system32\Brmfrmps.exe
2009-01-18 19:23 176,128 -------- c:\windows\system32\Pdrvinst.dll
2009-01-18 19:23 81,920 -------- c:\windows\system32\BrWebIns.dll
2009-01-18 19:23 65,536 -------- c:\windows\system32\Brwebup.exe
2009-01-18 19:23 <DIR> --d----- C:\Brother
2009-01-18 19:23 6,224 -------- c:\windows\CVRPAGE.BMP
2009-01-18 19:23 0 a------- c:\windows\brdfxspd.dat
2009-01-18 19:23 126,976 -------- c:\windows\system32\BrfxD04a.dll

==================== Find3M ====================

2009-01-31 10:59 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-07 15:57 7,284 a------- c:\windows\rrm46.dat

============= FINISH: 14:17:38.25 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:36 AM

Posted 12 February 2009 - 04:18 PM

Hello neisha,

Posted Image

Sorry about the delay.:thumbup2: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:36 AM

Posted 21 February 2009 - 10:53 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users