Tech Support Forum banner
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
4 Posts
Discussion Starter · #1 ·
I believe I have a trojan...don't know for sure. I cannot use any search engines. Every time I try, I am redirected to an ad site. I tried Spy Bot and CCleaner. Neither one worked. I used AVG and did a full scan and that did not work either. I do not have Bit Torrent installed and I don't have a CD emulator either. Also, when I open a site by typing in the address directly, IE opens my home page (Yahoo) multiple times on top of the site. HELP...
:upset:

Here is the DDS.txt



DDS (Ver_09-12-01.01) - NTFSx86
Run by Marcy at 12:07:56.04 on Fri 12/04/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2046.844 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Marcy\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar =
uSearch Page =
uStart Page = hxxp://www.yahoo.com/
mSearchAssistant =
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\users\marcy\ypbrcci.exe \s
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5b9db241-d008-4eab-a38c-90de49507198} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
uRun: [Cricket Broadband] c:\program files\cricket\cricket broadband\Cricket Broadband.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: netzero.com
Trusted Zone: netzero.net
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: {91B65C92-14CA-47C1-BEFD-B5D5637F7E00} = 172.28.221.53 172.28.221.54
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-31 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-31 28424]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-31 360584]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\C2SCSI.SYS [2008-8-11 254320]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-11 285392]
R3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\drivers\ATMFBUS.sys [2009-8-10 38528]
R3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\drivers\ATMFCVsp.sys [2009-8-10 54656]
R3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\drivers\ATMFMdm.sys [2009-8-10 54528]
R3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\drivers\ATMFNET.sys [2009-8-10 103424]
R3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\drivers\ATMFNVsp.sys [2009-8-10 54656]
R3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\drivers\ATMFVsp.sys [2009-8-10 54656]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-8-10 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-8-10 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-8-10 72728]
R3 ndiszapu;IPortent LTD Zapu Service;c:\windows\system32\drivers\ndiszapu.sys [2009-11-17 26000]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\roxio creator 2009\digital home 11\RoxioUpnpService11.exe [2008-8-13 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxLiveShare11.exe [2008-8-13 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatch11.exe [2008-8-13 170480]
S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\drivers\ATMFFLT.sys [2009-8-10 11520]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-4-7 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-8-10 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-8-10 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-8-10 72728]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\roxio creator 2009\digital home 11\RoxioUPnPRenderer11.exe [2008-8-13 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2008-8-13 1124848]

=============== Created Last 30 ================

2009-12-03 22:01:42 261081552 ----a-w- c:\windows\MEMORY.DMP
2009-12-03 19:21:46 65536 --sha-w- c:\users\marcy\ntuser.dat{4302e1b3-e03f-11de-bb7e-ba89535d27f0}.TM.blf
2009-12-03 19:21:46 524288 --sha-w- c:\users\marcy\ntuser.dat{4302e1b3-e03f-11de-bb7e-ba89535d27f0}.TMContainer00000000000000000002.regtrans-ms
2009-12-03 19:21:46 524288 --sha-w- c:\users\marcy\ntuser.dat{4302e1b3-e03f-11de-bb7e-ba89535d27f0}.TMContainer00000000000000000001.regtrans-ms
2009-12-03 19:02:02 0 d-----w- c:\users\marcy\appdata\roaming\Malwarebytes
2009-11-27 19:18:49 86140 ----a-w- c:\windows\jowall_yellowsideborder.jpg
2009-11-27 16:34:25 160538 ----a-w- c:\windows\slattedJoWallTile.jpg
2009-11-25 15:38:15 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 14:02:00 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 14:01:59 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 01:25:45 0 d-----w- c:\program files\Canasta
2009-11-24 17:34:47 0 d-----w- c:\windows\pss
2009-11-24 17:24:13 0 d-----w- c:\program files\CCleaner
2009-11-24 16:30:09 524288 --sha-w- c:\users\marcy\ntuser.dat{800f2f6f-d916-11de-8817-d82ac0d630c1}.TMContainer00000000000000000002.regtrans-ms
2009-11-24 16:30:09 524288 --sha-w- c:\users\marcy\ntuser.dat{800f2f6f-d916-11de-8817-d82ac0d630c1}.TMContainer00000000000000000001.regtrans-ms
2009-11-24 16:30:08 65536 --sha-w- c:\users\marcy\ntuser.dat{800f2f6f-d916-11de-8817-d82ac0d630c1}.TM.blf
2009-11-19 00:14:57 0 d-----w- c:\program files\FontFrenzy
2009-11-17 07:05:23 0 d-----w- c:\program files\Conduit
2009-11-17 07:04:07 26000 ----a-w- c:\windows\system32\drivers\ndiszapu.sys
2009-11-16 20:52:57 173810 ----a-w- c:\windows\Never After.jpg
2009-11-12 02:52:59 0 d--h--w- C:\$AVG
2009-11-12 02:52:05 0 d-----w- c:\programdata\avg9
2009-11-11 08:41:42 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 08:41:38 355328 ----a-w- c:\windows\system32\WSDApi.dll

==================== Find3M ====================

2009-12-04 15:29:15 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-03 22:19:39 952 --sha-w- c:\programdata\KGyGaAvL.sys
2009-11-17 07:04:49 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-11-17 07:04:49 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-17 07:04:48 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-12 02:52:25 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-12 02:52:25 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-12 02:52:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-03 02:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-09-24 16:35:03 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-09-24 16:34:12 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-09-24 16:34:12 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-09-24 16:29:56 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 20:19:31 141165 ----a-w- c:\windows\hpoins14.dat
2009-08-17 02:25:53 174 --sha-w- c:\program files\desktop.ini
2009-06-19 09:16:23 13272 ----a-w- c:\program files\setuplog.txt
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2000-09-27 17:49:16 230454 ----a-w- c:\program files\Test.Bmp
1999-10-15 11:57:22 790 ----a-w- c:\program files\Snipets.db
2009-04-16 07:42:25 88 --sha-r- c:\windows\system32\9C78F7DDAF.sys
2009-07-09 06:37:08 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 12:08:23.20 ===============
 

Attachments

·
Premium Member
Joined
·
39,538 Posts
Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.




Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please read all the information carefully!

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

Please include the log C:\ComboFix.txt in your next reply for further review.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top