Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Restore, Ckdsk, Defrag All Disabled & More


  • This topic is locked This topic is locked
2 replies to this topic

#1 midwestcreative

midwestcreative

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 16 May 2009 - 12:22 AM

I am not all that tech-savvy, but I learn fast and have almost always been able to solve my computer problems through hours of research and tinkering. This has me at a total loss.

I first noticed it a night ago when trying to download and install Internet Explorer 8. Whenever I would try to install from the downloaded file, it would says something along the lines of "this is not a valid win32 application" or something like that. I wasn't paying as close attention at the time, but I started getting a clue that I had some sort of malware. I was also having trouble with Firefox crashing(I was only installing IE to instruct a friend on how to do something and didnt have their version), and when I did try my version of IE(version 6) that was already installed I was having redirects to advertising sites like I've had before with malware. I was also having some popups and noticing subtle, but strange things happening with firefox.

I have since discovered that I cannot use system restore to create a restore point or go back to a restore point. When I click next, it just doesnt do anything. I try to use checkdisk or defrag and it tells me they are unable to start. I've had trouble getting into certain antivirus or malware removal sites, or downloading these programs, etc. After manipulating file names, and through various means, I've been able to download and use numerous spyware removal tools and have done multiple virus scans both with online scans and my Mcafee Total Security 2009. Ive tried spybot, adaware, superantispyware pro, and they have found a few things, but have not fixed the problems. I've tried various things in and out of safe mode, restarting, "last known good configuration", among other things of which I can't remember everything. I am able to install the IE 8 now and some things seem to happen less often, but still cant use restore, chkdsk, defrag, and starting some of the antispyware programs are still giving me problems without renaming files or using the runsas.exe for superantispyware.

EDITED THIS A FEW MINUTES AFTER POSTING - I also at one point tried logging onto a website and it told me(I'm going on memory here) that my computer was initiating a DOS attack(pretty sure it was DOS, but could be wrong) and that I had the troj/rustock-n virus or malware. After my various scans this problem is no longer occuring on that website(or any other, but never had a problem with others).

Here is my DDS log -


DDS (Ver_09-05-14.01) - NTFSx86
Run by Administrator at 23:59:32.56 on Fri 05/15/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.142 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\IEInspector\HTTPAnalyzerFullV3\InjectWinSockServiceV3.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} -

c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\6bb38db5-9aaf-4eee-a92c-ae35e384ccde.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [DVDTray] c:\program files\ahead\odd toolkit\DVDTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3B28142E-6D05-47AB-A263-0556C785EBB4} - {38C13A04-1317-4C7F-ADC6-4C565D650A44} -

c:\progra~1\ieinsp~1\httpan~1\IEHTTP~1.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\vm4mnt5b.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\administrator\application

data\mozilla\firefox\profiles\vm4mnt5b.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnecto

r.dll
FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-15 64160]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-4-11 214024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 HttpAnalyzerV3 DllInjectService;HttpAnalyzerV3 CodeHook service;c:\program

files\ieinspector\httpanalyzerfullv3\InjectWinSockServiceV3.exe [2009-4-13 532992]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-11 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-11 144704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-2

24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-5-15 15504]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-11 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-11 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-11 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-11 40552]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-5-15 179856]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-11 34216]

=============== Created Last 30 ================

2009-05-15 23:48 <DIR> --d----- c:\program files\Trend Micro
2009-05-15 17:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-15 16:49 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-15 16:49 <DIR> --d----- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2009-05-15 16:48 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-05-15 14:16 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-05-15 14:16 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-05-15 14:16 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-05-15 14:16 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-05-15 14:16 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-05-15 14:14 687,999 ac------ c:\windows\system32\dllcache\usrwdxjs.sys
2009-05-15 14:13 24,660 ac------ c:\windows\system32\dllcache\spxupchk.dll
2009-05-15 14:12 75,392 ac------ c:\windows\system32\dllcache\s3savmxm.sys
2009-05-15 14:11 27,296 ac------ c:\windows\system32\dllcache\perc2.sys
2009-05-15 14:10 22,016 ac------ c:\windows\system32\dllcache\msircomm.sys
2009-05-15 14:09 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll
2009-05-15 14:08 1,041,536 ac------ c:\windows\system32\dllcache\hsfdpsp2.sys
2009-05-15 14:07 22,090 ac------ c:\windows\system32\dllcache\fem556n5.sys
2009-05-15 14:06 110,592 ac------ c:\windows\system32\dllcache\dc260usd.dll
2009-05-15 14:05 18,944 ac------ c:\windows\system32\dllcache\bthusb.sys
2009-05-15 14:04 46,464 ac------ c:\windows\system32\dllcache\atibt829.sys
2009-05-15 14:03 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-05-15 12:37 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2009-05-15 12:20 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-15 12:20 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-15 12:20 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-15 12:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-15 11:46 <DIR> --d----- c:\documents and settings\administrator\.housecall6.6
2009-05-15 11:22 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-15 11:10 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-15 11:10 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-15 11:10 <DIR> --d----- c:\program files\Lavasoft
2009-05-15 09:48 <DIR> --d----- c:\windows\pss
2009-05-13 11:11 <DIR> --d----- c:\docume~1\admini~1\applic~1\Stamps.com Internet Postage
2009-05-13 11:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{E40FD160-D3F8-4151-96D1-7B73567D4FF3}
2009-05-13 11:09 36 a---h--- c:\windows\system32\f9t.dat
2009-05-13 11:09 <DIR> --d----- c:\program files\Stamps.com Internet Postage
2009-05-13 10:03 <DIR> --d----- c:\docume~1\admini~1\applic~1\UseNeXT
2009-05-13 10:03 <DIR> --d----- c:\program files\UseNeXT
2009-05-13 01:14 <DIR> --d----- c:\windows\ShellNew
2009-05-12 21:56 <DIR> --d----- c:\program files\Candleworks
2009-05-02 13:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2009-05-02 13:54 <DIR> --d----- c:\program files\Viewpoint
2009-05-02 13:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2009-05-02 13:54 <DIR> --d----- c:\program files\common files\AOL
2009-05-02 13:54 <DIR> --d----- c:\program files\AIM6
2009-05-02 13:54 462 a---h--- C:\IPH.PH
2009-05-02 13:31 <DIR> --d----- c:\program files\common files\Napster Shared
2009-05-02 13:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Napster
2009-05-02 13:30 <DIR> --d----- c:\program files\Napster
2009-05-02 02:04 163,840 a------- c:\windows\system32\igfxres.dll
2009-05-02 01:53 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-04-28 13:45 479,232 a------- c:\windows\ssndii.exe
2009-04-28 13:45 44,544 a------- c:\windows\system32\msxml4a.dll
2009-04-28 13:45 21,776 a------- c:\windows\system32\msxml2a.dll
2009-04-28 13:45 <DIR> --d----- c:\windows\Samsung
2009-04-28 13:44 22,663 a------- c:\windows\system32\sugo3LMK.DLL
2009-04-28 13:44 555 a------- c:\windows\system32\sugo3LMK.SMT
2009-04-28 13:44 151,552 a------- c:\windows\system32\SUGO3CI.exe
2009-04-28 13:44 57,344 a------- c:\windows\system32\SUGO3CI.dll
2009-04-28 13:44 11,502 -------- c:\windows\Dr. Printer Icon.ico
2009-04-28 13:43 <DIR> --d----- c:\windows\system32\drivers\Samsung
2009-04-28 13:43 41,984 -------- c:\windows\system32\drivers\DGIVECP.SYS
2009-04-28 13:43 <DIR> --d----- c:\program files\Samsung
2009-04-28 13:42 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-04-28 13:42 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-04-27 12:17 <DIR> --d----- c:\program files\Yahoo!
2009-04-26 13:42 <DIR> --d----- c:\program files\DSP-worx
2009-04-26 13:34 163,799 a------- c:\windows\Audio Converter Pro Uninstaller.exe
2009-04-26 13:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\River Past G5
2009-04-26 13:34 <DIR> --d----- c:\docume~1\admini~1\applic~1\River Past G5
2009-04-26 13:34 <DIR> --d----- c:\program files\common files\River Past
2009-04-26 13:34 <DIR> --d----- c:\program files\River Past
2009-04-19 17:20 <DIR> --d----- c:\program files\MSXML 4.0

==================== Find3M ====================

2009-04-13 13:51 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-11 11:15 44,378 a------- c:\windows\system32\drivers\kmxcfg.u2k0
2009-04-11 11:15 64 a------- c:\windows\system32\drivers\kmxcfg.u2k7
2009-04-11 11:15 64 a------- c:\windows\system32\drivers\kmxcfg.u2k6
2009-04-11 11:15 64 a------- c:\windows\system32\drivers\kmxcfg.u2k5
2009-04-11 11:15 64 a------- c:\windows\system32\drivers\kmxcfg.u2k4
2009-04-11 11:15 64 a------- c:\windows\system32\drivers\kmxcfg.u2k3
2009-04-11 11:15 64 a------- c:\windows\system32\drivers\kmxcfg.u2k2
2009-04-11 11:15 64 a------- c:\windows\system32\drivers\kmxcfg.u2k1
2009-04-11 01:06 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-11 00:10 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-03-25 11:06 40,552 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 11:06 214,024 a------- c:\windows\system32\drivers\mfehidk.sys
2009-03-25 11:06 79,880 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 11:06 35,272 a------- c:\windows\system32\drivers\mfebopk.sys
2009-03-25 11:05 34,216 a------- c:\windows\system32\drivers\mferkdk.sys
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-20 03:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 03:10 81,920 a------- c:\windows\system32\ieencode.dll

============= FINISH: 0:00:02.65 ===============

Attached Files


Edited by midwestcreative, 16 May 2009 - 12:29 AM.


BC AdBot (Login to Remove)

 


#2 midwestcreative

midwestcreative
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 28 May 2009 - 11:28 AM

This topic can be removed. I never received a response and did a full reinstall. Thank you.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:12:48 PM

Posted 28 May 2009 - 03:52 PM

Thanks for informing us.

Good luck.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users