Hi, this is my first time posting so I hope I posted everything that is needed.
My problem is that my webpages are getting hijacked. After I do a search on Yahoo/Google, and click on one of the links from my search result, I get sent to some random website. I do notice at the bottom left of the Modzilla screen, it shows data transfering to
www.counter.fastclick.net. I get the same result if I use Modzilla or IE. I've purchased PC Tools Spyware Doctor and still can not get rid of the problem. I do use VUZE to download videos, I don't know if that's a problem or not.
Below is the DDS file that was requested and I've attached the other two files that was requested from the "new instructions" thread.
Let me know if more information is needed.
Thanks in advance for your help.
DDS (Ver_09-06-26.01) - NTFSx86
Run by byue at 23:42:21.45 on Fri 07/10/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1177 [GMT -7:00]
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\s3graphics\chrome3\Chrome3.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\samsung\SAMSUN~3\SUPNOT~1.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\byue\Desktop\tech support\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = about
:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [<NO NAME>]
mRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exe
mRun: [VTTimer] VTTimer.exe
mRun: [Chrome3] c:\program files\s3graphics\chrome3\Chrome3.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SUPBackGround] c:\program files\samsung\samsung update plus\SUPBackGround.exe
mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\byue\applic~1\mozilla\firefox\profiles\07zv4oxm.default\
FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-13 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-27 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-6-28 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-6-28 39200]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-6-27 159600]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-4-10 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-4-10 234888]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-1-8 4300]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-6-27 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-6-27 1095560]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-14 30208]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-6-27 64392]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [2009-1-8 534528]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-6-28 33056]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
R3 vcrdrx32;VIA MSP Cardreader Host Controller;c:\windows\system32\drivers\vcrdrx32.sys [2009-1-8 90752]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-1-8 238464]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
=============== Created Last 30 ================
2009-07-10 23:04 <DIR> --d----- c:\program files\Trend Micro
2009-07-09 18:54 <DIR> --d----- c:\program files\iPod
2009-07-09 18:53 <DIR> --d----- c:\program files\iTunes
2009-06-29 17:54 <DIR> --dsh--- c:\documents and settings\byue\PrivacIE
2009-06-28 13:52 51,488 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-06-28 13:52 39,200 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-06-28 13:52 33,056 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-06-28 13:52 12,576 a------- c:\windows\system32\drivers\TfKbMon.sys
2009-06-28 03:06 <DIR> --dsh--- c:\documents and settings\byue\IETldCache
2009-06-27 23:28 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-27 23:28 <DIR> --d----- c:\windows\ie8updates
2009-06-27 23:28 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-27 23:28 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-27 23:25 <DIR> -cd-h--- c:\windows\ie8
2009-06-27 18:13 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-06-27 18:12 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-06-27 18:12 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-27 18:12 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-06-27 18:12 <DIR> --d----- c:\program files\common files\PC Tools
2009-06-27 18:12 <DIR> --d----- c:\program files\Spyware Doctor
2009-06-27 18:12 <DIR> --d----- c:\docume~1\byue\applic~1\PC Tools
2009-06-27 18:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-06-27 18:09 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-06-27 18:09 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-06-27 18:09 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-06-15 19:19 <DIR> --d----- c:\program files\REFN
2009-06-15 19:18 <DIR> --d----- c:\windows\Downloaded Installations
2009-06-13 20:08 14 a------- c:\windows\ASSE.dat
2009-06-13 19:21 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-13 19:21 <DIR> --d----- c:\program files\Lavasoft
2009-06-13 14:19 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-13 14:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
==================== Find3M ====================
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-16 00:56 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-04-16 00:56 499,712 a------- c:\windows\system32\msvcp71.dll
2009-04-16 00:56 348,160 a------- c:\windows\system32\msvcr71.dll
2009-04-15 23:25 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
============= FINISH: 23:42:49.26 ===============