Tech Support Forum - View Single Post - Google Hijacked by virus....browser shuts down

dcogent1 · 11-15-2008, 08:57 PM

Here is my fresh dds log after Avira scan...

DDS (Version 1.0) - NTFSx86
Run by Josh at 19:53:36.01 on Sat 11/15/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.111.24 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Documents and Settings\Josh\Desktop\New Folder\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60327
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
mWinlogon: SFCDisable=4 (0x4)
BHO: {17D562A6-DA3D-4F87-B659-86CD06473AB5} - c:\windows\system32\dzhoil.dll
BHO: {2E3603DE-A5C8-4B8D-85AF-FA160D18B1CC} -
BHO: {8F912529-E236-4B9A-8EAB-BED43FF4C66C} -
BHO: {B7C234D8-1DE7-4414-B4B9-F9EF76A46FCA} -
BHO: {B7FA8E6E-64F9-3C58-DA58-3CE607870C9C} -
BHO: {d440c7f2-a7f4-4e14-a15f-b09850a25d08} -
BHO: {E7EE986D-504C-4429-E9AB-8AB1C653514B} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_03\bin\jusched.exe
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: jkkiihe - jkkiihe.dll
Notify: winlft32 - winlft32.dll
AppInit_DLLs: c:\windows\system32\ldcore.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\cbxut.dll

============= SERVICES / DRIVERS ===============

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys
S2 DomainService;DomainService;

============== File Associations ===============

inifile=NOTEDAD.EXE %1
regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2008-11-15 18:13 <DIR> --d----- c:\program files\Avira
2008-11-15 18:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2008-11-14 16:23 250 a------- c:\windows\gmer.ini
2008-11-14 05:23 141,312 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2008-11-14 05:23 <DIR> --d----- c:\docume~1\josh\applic~1\Spyware Terminator
2008-11-14 05:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-11-14 05:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2008-11-14 05:22 <DIR> --d----- c:\program files\Spyware Terminator
2008-11-14 05:21 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-11-14 05:21 <DIR> --d----- c:\docume~1\josh\applic~1\SUPERAntiSpyware.com
2008-11-14 05:19 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-11-13 17:18 61,440 a------- C:\ARKC.tmp
2008-11-13 16:30 <DIR> --d----- c:\windows\pss
2008-11-13 03:56 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-13 03:55 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-02 19:24 <DIR> --d----- c:\windows\system32\scripting
2008-11-02 19:24 <DIR> --d----- c:\windows\l2schemas
2008-11-02 19:24 <DIR> --d----- c:\windows\system32\en
2008-11-02 19:24 <DIR> --d----- c:\windows\system32\bits
2008-11-02 19:21 <DIR> --d----- c:\windows\ServicePackFiles
2008-11-02 19:17 <DIR> --d----- c:\windows\network diagnostic
2008-11-02 19:00 <DIR> --d----- c:\windows\EHome
2008-11-02 13:08 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2008-11-02 13:08 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-02 13:08 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2008-11-02 13:08 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2008-11-02 13:08 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2008-11-02 13:08 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2008-11-02 13:08 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2008-11-02 13:08 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-02 13:08 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2008-11-02 11:03 1,060,864 a------- c:\windows\system32\MFC71.dll
2008-11-02 08:54 999 -c------ c:\windows\system32\dllcache\bktrh.gif
2008-11-02 08:12 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2008-11-02 08:12 272,128 -------- c:\windows\system32\drivers\bthport.sys
2008-11-02 08:12 138,496 -c------ c:\windows\system32\dllcache\afd.sys
2008-11-02 08:12 333,824 -c------ c:\windows\system32\dllcache\srv.sys
2008-11-02 08:11 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2008-11-02 08:11 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2008-11-02 08:11 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2008-11-02 08:11 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-02 08:11 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-02 08:10 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-02 08:10 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-02 08:07 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll

==================== Find3M ====================

2008-11-15 18:58 <DIR> --d----- c:\program files\Messenger
2008-11-14 16:41 1,536 ac------ c:\windows\system32\TrueSoft.dat
2008-11-14 15:27 <DIR> --d----- c:\program files\BitTorrent
2008-11-14 15:26 <DIR> --d----- c:\program files\Image-Line
2008-11-14 15:26 <DIR> --d----- c:\program files\VstPlugins
2008-11-02 19:29 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-02 19:20 <DIR> --d----- c:\program files\Windows NT
2008-11-02 11:47 <DIR> --d----- c:\program files\Online Services
2008-11-02 11:42 <DIR> --d----- c:\program files\common files\??mantec
2008-11-02 11:06 80,730 ---sh--- c:\windows\system32\tuxbc.ini2
2008-09-15 04:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 17:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-09-04 09:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-08-25 23:24 826,368 a------- c:\windows\system32\wininet.dll
2007-12-09 19:36 <DIR> --d----- c:\docume~1\josh\applic~1\BitTorrent
2007-12-08 09:27 <DIR> --d----- c:\docume~1\josh\applic~1\Sunbelt Software
2007-12-05 20:23 <DIR> --d----- c:\docume~1\josh\applic~1\PC Tools
2007-08-22 19:50 <DIR> --d----- c:\docume~1\josh\applic~1\LimeWire
2007-05-27 09:16 <DIR> --d----- c:\docume~1\josh\applic~1\Inside Amok
2007-05-12 08:57 <DIR> --d----- c:\docume~1\josh\applic~1\HotSync
2007-12-03 22:57 69,593 ---sh--- c:\windows\system32\tuxbc.bak1
2008-03-09 11:48 233,805 ---sh--- c:\windows\system32\tuxbc.bak2

============= FINISH: 19:54:58.39 ===============

11-15-2008, 08:57 PM	#4 (permalink)
dcogent1 Registered User Join Date: Nov 2008 Posts: 10 OS: windows xp 2000	Re: Google Hijacked by virus....browser shuts down Here is my fresh dds log after Avira scan... DDS (Version 1.0) - NTFSx86 Run by Josh at 19:53:36.01 on Sat 11/15/2008 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.111.24 [GMT -8:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Documents and Settings\Josh\Desktop\New Folder\dds.scr ============== Psuedo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60327 mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60327 mWinlogon: SFCDisable=4 (0x4) BHO: {17D562A6-DA3D-4F87-B659-86CD06473AB5} - c:\windows\system32\dzhoil.dll BHO: {2E3603DE-A5C8-4B8D-85AF-FA160D18B1CC} - BHO: {8F912529-E236-4B9A-8EAB-BED43FF4C66C} - BHO: {B7C234D8-1DE7-4414-B4B9-F9EF76A46FCA} - BHO: {B7FA8E6E-64F9-3C58-DA58-3CE607870C9C} - BHO: {d440c7f2-a7f4-4e14-a15f-b09850a25d08} - BHO: {E7EE986D-504C-4429-E9AB-8AB1C653514B} - uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_03\bin\jusched.exe mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe" mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: jkkiihe - jkkiihe.dll Notify: winlft32 - winlft32.dll AppInit_DLLs: c:\windows\system32\ldcore.dll SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL LSA: Authentication Packages = msv1_0 c:\windows\system32\cbxut.dll ============= SERVICES / DRIVERS =============== R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\c:\windows\system32\drivers\sp_rsdrv2.sys S2 DomainService;DomainService; ============== File Associations =============== inifile=NOTEDAD.EXE %1 regfile="regedit.exe" "%1" =============== Created Last 30 ================ 2008-11-15 18:13 <DIR> --d----- c:\program files\Avira 2008-11-15 18:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira 2008-11-14 16:23 250 a------- c:\windows\gmer.ini 2008-11-14 05:23 141,312 a------- c:\windows\system32\drivers\sp_rsdrv2.sys 2008-11-14 05:23 <DIR> --d----- c:\docume~1\josh\applic~1\Spyware Terminator 2008-11-14 05:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2008-11-14 05:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spyware Terminator 2008-11-14 05:22 <DIR> --d----- c:\program files\Spyware Terminator 2008-11-14 05:21 <DIR> --d----- c:\program files\SUPERAntiSpyware 2008-11-14 05:21 <DIR> --d----- c:\docume~1\josh\applic~1\SUPERAntiSpyware.com 2008-11-14 05:19 <DIR> --d----- c:\program files\common files\Wise Installation Wizard 2008-11-13 17:18 61,440 a------- C:\ARKC.tmp 2008-11-13 16:30 <DIR> --d----- c:\windows\pss 2008-11-13 03:56 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll 2008-11-13 03:55 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys 2008-11-02 19:24 <DIR> --d----- c:\windows\system32\scripting 2008-11-02 19:24 <DIR> --d----- c:\windows\l2schemas 2008-11-02 19:24 <DIR> --d----- c:\windows\system32\en 2008-11-02 19:24 <DIR> --d----- c:\windows\system32\bits 2008-11-02 19:21 <DIR> --d----- c:\windows\ServicePackFiles 2008-11-02 19:17 <DIR> --d----- c:\windows\network diagnostic 2008-11-02 19:00 <DIR> --d----- c:\windows\EHome 2008-11-02 13:08 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll 2008-11-02 13:08 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll 2008-11-02 13:08 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll 2008-11-02 13:08 63,488 -c------ c:\windows\system32\dllcache\icardie.dll 2008-11-02 13:08 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe 2008-11-02 13:08 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll 2008-11-02 13:08 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat 2008-11-02 13:08 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui 2008-11-02 13:08 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll 2008-11-02 11:03 1,060,864 a------- c:\windows\system32\MFC71.dll 2008-11-02 08:54 999 -c------ c:\windows\system32\dllcache\bktrh.gif 2008-11-02 08:12 272,128 -c------ c:\windows\system32\dllcache\bthport.sys 2008-11-02 08:12 272,128 -------- c:\windows\system32\drivers\bthport.sys 2008-11-02 08:12 138,496 -c------ c:\windows\system32\dllcache\afd.sys 2008-11-02 08:12 333,824 -c------ c:\windows\system32\dllcache\srv.sys 2008-11-02 08:11 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys 2008-11-02 08:11 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys 2008-11-02 08:11 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll 2008-11-02 08:11 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe 2008-11-02 08:11 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe 2008-11-02 08:10 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe 2008-11-02 08:10 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe 2008-11-02 08:07 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll ==================== Find3M ==================== 2008-11-15 18:58 <DIR> --d----- c:\program files\Messenger 2008-11-14 16:41 1,536 ac------ c:\windows\system32\TrueSoft.dat 2008-11-14 15:27 <DIR> --d----- c:\program files\BitTorrent 2008-11-14 15:26 <DIR> --d----- c:\program files\Image-Line 2008-11-14 15:26 <DIR> --d----- c:\program files\VstPlugins 2008-11-02 19:29 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2008-11-02 19:20 <DIR> --d----- c:\program files\Windows NT 2008-11-02 11:47 <DIR> --d----- c:\program files\Online Services 2008-11-02 11:42 <DIR> --d----- c:\program files\common files\??mantec 2008-11-02 11:06 80,730 ---sh--- c:\windows\system32\tuxbc.ini2 2008-09-15 04:12 1,846,400 a------- c:\windows\system32\win32k.sys 2008-09-09 17:14 1,307,648 -------- c:\windows\system32\msxml6.dll 2008-09-04 09:15 1,106,944 a------- c:\windows\system32\msxml3.dll 2008-08-25 23:24 826,368 a------- c:\windows\system32\wininet.dll 2007-12-09 19:36 <DIR> --d----- c:\docume~1\josh\applic~1\BitTorrent 2007-12-08 09:27 <DIR> --d----- c:\docume~1\josh\applic~1\Sunbelt Software 2007-12-05 20:23 <DIR> --d----- c:\docume~1\josh\applic~1\PC Tools 2007-08-22 19:50 <DIR> --d----- c:\docume~1\josh\applic~1\LimeWire 2007-05-27 09:16 <DIR> --d----- c:\docume~1\josh\applic~1\Inside Amok 2007-05-12 08:57 <DIR> --d----- c:\docume~1\josh\applic~1\HotSync 2007-12-03 22:57 69,593 ---sh--- c:\windows\system32\tuxbc.bak1 2008-03-09 11:48 233,805 ---sh--- c:\windows\system32\tuxbc.bak2 ============= FINISH: 19:54:58.39 ===============