Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't turn on windows security center, Redirected web pages and MS Security Essentials Will Not Open


  • This topic is locked This topic is locked
2 replies to this topic

#1 voxmox

voxmox

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Fin
  • Local time:08:18 PM

Posted 26 April 2011 - 01:41 PM

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by kanne at 20:38:50,58 on ti 26.04.2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.358.1035.18.1015.301 [GMT 3:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\lxeecoms.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Windows\system32\rundll32.exe
C:\ProgramData\TVersity\Media Server\MediaServer.exe
C:\Program Files\Voddler\service\voddler.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lexmark Pro700 Series\lxeemon.exe
C:\Program Files\Lexmark Pro700 Series\ezprint.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\kanne\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.fi/
uURLSearchHooks: H - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {66BD2442-241B-44CD-8C7A-B51037053CDB} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TaskTray]
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [lxeemon.exe] "c:\program files\lexmark pro700 series\lxeemon.exe"
mRun: [EzPrint] "c:\program files\lexmark pro700 series\ezprint.exe"
mRun: [messenger.exe] c:\program files\common files\microsoft shared\web components\messenger.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kanne\appdata\roaming\mozilla\firefox\profiles\vzuxeor5.default\
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\voddler\plugin\npvoddler.dll
FF - plugin: c:\users\kanne\appdata\roaming\mozilla\firefox\profiles\vzuxeor5.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe -service --> c:\windows\system32\lxeecoms.exe -service [?]
R2 TivoBeacon2;TiVo Beacon;c:\program files\common files\tivo shared\beacon\TiVoBeacon.exe [2011-2-22 848896]
R2 VoddlerNet;VoddlerNet;c:\program files\voddler\service\voddler.exe [2011-2-15 1039640]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-2-26 228408]
S2 gupdate;Servicio Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-3 136176]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-3-18 8192]
S2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeeserv.exe [2011-4-21 193192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BthAvrcp;Bluetooth-AVRCP-profiili;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-13 22528]
S3 gupdatem;Google Päivitä-palvelu (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-3 136176]
S3 Media Center 15 Service;Media Center 15 Service;c:\program files\j river\media center 15\JRService.exe [2011-2-22 382464]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-2-23 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224]
S3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-15 1343400]
S3 WSDPrintDevice;WSD-tulostustuki UMB:n kautta;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
.
=============== Created Last 30 ================
.
2011-04-26 17:35:09 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-26 16:37:54 -------- d-----w- C:\deb97f0d9a8f6a08e0039dde0834d7
2011-04-24 22:46:57 574632 ----a-w- c:\windows\system32\msvcp50.dll
2011-04-24 22:45:34 -------- d-----w- c:\program files\F-Secure
2011-04-24 22:35:29 -------- d-----w- c:\progra~2\f-secure
2011-04-23 17:22:36 -------- d-----w- c:\users\kanne\appdata\roaming\Malwarebytes
2011-04-23 17:22:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-23 17:22:21 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-23 17:22:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-23 17:22:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-23 06:42:04 -------- d-----w- c:\users\kanne\appdata\local\CrashDumps
2011-04-23 06:19:19 -------- d-----w- c:\users\kanne\appdata\roaming\SUPERAntiSpyware.com
2011-04-23 06:19:19 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-04-23 06:18:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-22 17:24:53 -------- d-----w- c:\program files\common files\Macrovision Shared
2011-04-22 17:24:24 -------- d-----w- c:\program files\Rosetta Stone
2011-04-22 17:24:23 -------- d-----w- c:\progra~2\Rosetta Stone
2011-04-22 17:23:29 50318 ----a-w- c:\windows\system32\.exe
2011-04-22 17:23:17 110592 --sha-r- c:\windows\system32\McxDriv3.dll
2011-04-22 17:23:06 93759 ----a-w- c:\program files\common files\microsoft shared\web components\messenger.exe
2011-04-22 05:43:15 -------- d-----w- c:\progra~2\Ezprint
2011-04-21 17:51:39 -------- d-----w- c:\program files\Lexmark Tools For Office
2011-04-21 16:34:54 157696 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lxeedrpp.dll
2011-04-21 16:33:02 40960 ----a-w- c:\windows\system32\lxeevs.dll
2011-04-21 16:32:55 442368 ----a-w- c:\windows\system32\lxeecoin.dll
2011-04-21 16:32:47 983121 ----a-w- c:\windows\system32\lxk_gf.dll
2011-04-21 16:32:47 86016 ----a-w- c:\windows\system32\lxeegcfg.dll
2011-04-21 16:32:46 110592 ----a-w- c:\windows\system32\lxeecuir.dll
2011-04-21 16:32:45 294912 ----a-w- c:\windows\system32\lxeecui.dll
2011-04-21 16:31:27 372736 ----a-w- c:\windows\system32\LXEEwupd.dll
2011-04-21 16:31:27 213672 ----a-w- c:\windows\system32\LXEEwupd.exe
2011-04-21 16:30:07 7680 ----a-w- c:\windows\system32\NativeCall.dll
2011-04-21 16:30:07 -------- d-----w- c:\program files\Lexmark
2011-04-21 16:09:27 299008 ----a-w- c:\windows\system32\LXEEsm.dll
2011-04-21 16:09:27 23552 ----a-w- c:\windows\system32\LXEEsmr.dll
2011-04-21 16:09:27 -------- d-----w- c:\program files\Lexmark Pro700 Series
2011-04-13 07:37:18 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-13 07:37:17 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-13 07:37:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-13 07:37:06 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-04-13 07:37:04 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-13 07:37:03 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-13 07:37:03 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-13 07:37:01 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-13 07:37:01 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-13 07:36:58 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-13 07:36:44 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-13 07:36:44 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-13 07:36:43 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-13 07:36:43 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-13 07:36:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-13 07:36:39 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-13 07:04:48 -------- d-----w- c:\users\kanne\appdata\local\CutePDF Writer
2011-04-13 07:03:13 -------- d-----w- c:\program files\GPLGS
2011-04-13 07:02:35 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-04-13 07:02:33 -------- d-----w- c:\program files\Acro Software
2011-04-12 09:33:44 -------- d-----w- c:\users\kanne\appdata\roaming\com.polythink.ups.wda.03EBA0C726630DF115D9764F9B83F5185396D811.1
2011-04-12 09:33:26 -------- d-----w- c:\program files\UPS Widget
2011-04-11 06:15:08 93759 ----a-w- C:\messenger.exe
.
==================== Find3M ====================
.
2011-03-18 10:06:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-18 06:52:25 8192 ----a-w- c:\windows\system32\srvany.exe
2011-03-17 12:11:21 2 ----a-w- c:\users\kanne\appdata\roaming\lcd.dll
2011-02-26 13:55:18 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-02-26 13:55:16 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-02-26 13:55:15 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll
2011-02-26 13:55:15 3555328 ----a-w- c:\windows\system32\bcmihvui.dll
2011-02-23 10:54:32 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-12 17:17:02 77312 ----a-w- c:\windows\gmt.exe
.
============= FINISH: 20:39:45,03 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:18 AM

Posted 03 May 2011 - 07:51 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:18 AM

Posted 09 May 2011 - 07:36 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users