Tech Support Forum banner
Status
Not open for further replies.
1 - 3 of 3 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter · #1 ·
Internet Explorer started redirecting to multiple sites. Even when Internet Explorer was closed I could still hear audio from commercials. I performed Avg updates and scans. It came back with Trojan horse Generic 13.ATYY. I quarentined it. Now Internet Explorer only redirects when I try to update via Microsoft.com to google. Also when I try to use windows update in Vista I recieve an error code 80244019. Please Help.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Mateo at 9:12:10.72 on Sat 05/23/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.2230 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\ieuser.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mateo\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-22 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-22 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-22 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-22 298776]

=============== Created Last 30 ================

2009-05-23 01:43 <DIR> --d----- c:\programdata\WindowsSearch
2009-05-23 00:27 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-05-23 00:02 <DIR> --d----- c:\users\mateo\appdata\roaming\Malwarebytes
2009-05-23 00:02 <DIR> --d----- c:\programdata\Malwarebytes
2009-05-23 00:02 <DIR> --d----- c:\progra~2\Malwarebytes
2009-05-22 13:03 <DIR> --d----- c:\programdata\Google
2009-05-22 12:54 <DIR> --d----- c:\windows\system32\Adobe
2009-05-22 12:51 327,168 a------- c:\windows\IsUninst.exe
2009-05-22 12:41 <DIR> --d----- c:\programdata\Uninstall
2009-05-22 12:41 <DIR> --d----- c:\progra~2\Uninstall
2009-05-22 12:41 <DIR> --d----- c:\program files\common files\SureThing Shared
2009-05-22 12:39 <DIR> --d----- c:\programdata\Sonic
2009-05-22 12:39 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-05-22 12:39 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-05-22 12:37 <DIR> --d----- c:\programdata\InstallShield
2009-05-22 12:37 <DIR> --d----- c:\program files\Roxio
2009-05-22 12:35 <DIR> --d----- c:\windows\Panther
2009-05-22 12:35 8,192 a--s-r-- C:\BOOTSECT.BAK
2009-05-22 12:35 24 a---hr-- c:\windows\dell_version
2009-05-22 12:35 <DIR> --d----- c:\windows\system32\OEM
2009-05-22 12:26 <DIR> --d----- C:\Windows.old
2009-05-22 12:20 <DIR> --d----- c:\programdata\ATI
2009-05-22 12:18 0 a------- c:\windows\ativpsrm.bin
2009-05-22 12:13 <DIR> --d----- c:\program files\ATI Technologies
2009-05-22 12:13 <DIR> --d----- c:\program files\ATI
2009-05-22 12:12 1,904 -------- c:\windows\system32\SetupBD.din
2009-05-22 12:11 228,224 a------- c:\windows\system32\drivers\e1e6032.sys
2009-05-22 12:11 179,048 a------- c:\windows\system32\e1000msg.dll
2009-05-22 12:11 154,496 a------- c:\windows\system32\Prounstl.exe
2009-05-22 12:11 39,288 a------- c:\windows\system32\NicInE6.dll
2009-05-22 12:11 28,536 a------- c:\windows\system32\NicCo6.dll
2009-05-22 12:11 2,689 a------- c:\windows\system32\e1e6032.din
2009-05-22 12:10 <DIR> --d----- C:\Intel
2009-05-22 12:09 <DIR> --d----- c:\program files\Realtek
2009-05-22 12:08 520,192 a------- c:\windows\RtlExUpd.dll
2009-05-22 12:08 315,392 a------- c:\windows\HideWin.exe
2009-05-22 12:07 <DIR> --d----- c:\windows\system32\vmm32
2009-05-22 12:07 <DIR> --d----- c:\program files\Dell
2009-05-22 12:04 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-22 12:04 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-22 12:04 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-22 12:04 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-05-22 12:04 <DIR> --d----- c:\programdata\avg8
2009-05-22 12:04 <DIR> --d----- c:\program files\AVG
2009-05-22 12:04 <DIR> --d----- c:\progra~2\avg8
2009-05-22 12:03 <DIR> --dsh--- c:\windows\Installer
2009-05-22 11:51 <DIR> --d----- c:\users\Mateo
2009-05-22 11:43 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-05-21 23:30 263 ---shr-- C:\autorun.inf
2009-04-24 09:39 <DIR> --d----- C:\PSFONTS

==================== Find3M ====================

2009-05-22 12:14 51,200 a------- c:\windows\inf\infpub.dat
2009-05-22 12:14 86,016 a------- c:\windows\inf\infstrng.dat
2009-05-22 12:14 86,016 a------- c:\windows\inf\infstor.dat
2009-05-22 12:09 319,456 a------- c:\windows\DIFxAPI.dll
2008-01-20 19:43 174 a--sh--- c:\program files\desktop.ini
2008-01-20 19:32 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 9:12:26.84 ===============
 

Attachments

·
Premium Member
Joined
·
29,790 Posts
Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------
 

·
Premium Member
Joined
·
29,790 Posts
Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
 
1 - 3 of 3 Posts
Status
Not open for further replies.
Top