Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

virus problem cant run anything

This is a discussion on virus problem cant run anything within the Resolved HJT Threads forums, part of the Tech Support Forum category. I am not able to run any spyware removal apps superantispyware spybot hijackthis.... nothing will run. I also use firefox


 
 
Thread Tools Search this Thread
Old 08-17-2009, 06:03 PM   #1
Guest
 
Join Date: Aug 2009
Posts: 2
OS:



I am not able to run any spyware removal apps superantispyware spybot hijackthis.... nothing will run. I also use firefox and that has stopped working. IE works somewhat just get a error every now and then when trying to open a new window asks me to debug but if i dont the page loads just fine. I am getting some pop ups but not a bunch. I run AntiVir for a antivirus which lets me run and update that but and not finding anything. Here are my logs please help me.....

Thanks

DDS (Ver_09-07-30.01) - NTFSx86
Run by Norman at 19:44:18.68 on Mon 08/17/2009
Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.255.69 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Norman\Local Settings\Temporary Internet Files\Content.IE5\O1WRGTCJ\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page =
uSearch Bar =
mSearchAssistant =
BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.2.0.750\ssd.dll
BHO: &Research: {d263fa6d-84cc-48a8-9af6-c664362b7a5b} - c:\windows\system32\winconfig.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [F8516A0E6BBBA317110341FEB9DBCC3E] c:\program files\a360\av360.exe
mRun: [Lexmark X74-X75] "c:\program files\lexmark x74-x75\lxbbbmgr.exe"
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [system tool] c:\program files\eumnfh\jhgwsysguard.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\lsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0000000A-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/8/B/E/8BE028EC-F134-4AA0-84AB-64F76D6B9842/wmsp9dmo.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: NameServer = 85.255.112.23,85.255.112.126
TCP: {A28C4BC6-3D97-42FA-80DF-E530CF2231DF} = 85.255.112.23,85.255.112.126
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\norman\applic~1\mozilla\firefox\profiles\8v40jqpb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
FF - component: c:\program files\media access startup\1.5.0.850\ff\components\HPFFAddOn.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2008-3-10 22360]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2008-3-10 45400]
R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-3-10 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-3-10 151297]
S2 Seekeen Service;Seekeen Service;"c:\documents and settings\all users\application data\seekeen\seekeen140.exe" "c:\program files\seekeen\seekeen.dll" service --> c:\documents and settings\all users\application data\seekeen\seekeen140.exe [?]

=============== Created Last 30 ================

2009-08-17 19:35 <DIR> --d----- c:\documents and settings\norman\.housecall6.6
2009-08-17 19:34 411,368 a------- c:\windows\system32\REN27.tmp
2009-08-17 19:34 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-17 19:24 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-08-17 19:24 <DIR> --d----- c:\docume~1\norman\applic~1\SUPERAntiSpyware.com
2009-08-17 17:36 <DIR> --d----- c:\program files\Trend Micro
2009-08-17 17:25 <DIR> --d----- c:\program files\Lavasoft
2009-08-10 17:36 <DIR> --ds---- c:\documents and settings\norman\UserData
2009-07-24 19:17 180,224 a------- c:\windows\system32\lsp.dll
2009-07-24 19:17 222,208 a------- c:\windows\syssvc.exe
2009-07-24 18:57 12,032 a------- c:\windows\system32\iehelper.dll
2009-07-24 18:47 <DIR> --d----- c:\program files\eumnfh
2009-07-24 18:45 277,248 a------- C:\ccu.exe

==================== Find3M ====================


============= FINISH: 19:44:31.76 ===============
Attached Files
File Type: zip ark.zip (2.8 KB, 23 views)
jrichber is offline  
Sponsored Links
Advertisement
 
Old 08-20-2009, 09:17 PM   #2
TSF Security Team
Emeritus
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 26,363
OS: N/A



Please visit this webpage for instructions for downloading and running ComboFix:

https://www.bleepingcomputer.com/comb...o-use-combofix

Rename ComboFix.exe to Svchost.exe. If that fails, rename it to ComboFix.com

Post the log from ComboFix when you've accomplished that.
sUBs is offline  
Old 08-24-2009, 07:47 PM   #3
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread with fresh logs, and provide a link to this topic.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 05:57 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts