Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Web search redirected, pop-ups and CPU usage at 100%


  • This topic is locked This topic is locked
2 replies to this topic

#1 biscuit_1314

biscuit_1314

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 29 November 2009 - 11:01 PM

For the last couple of days I have had my CPU usage maxed out at 100% even if there are no programs running. When I open Google Chrome, Firefox, or IE I have several pop-ups, most of which AVG catches and I am able to close. When I do a search on any search engine I am redirected to a different site when trying to open any results. I can enter an address directly into the address bar with no problem. Please help me!!!
Here are the results from the searches so far:



DDS (Ver_09-11-29.01) - NTFSx86
Run by me at 18:48:06.76 on Sun 11/29/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1370 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\CSHelper.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\me\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\me\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Google Update] "c:\documents and settings\me\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\mb\mbam.exe" /runcleanupscript
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v44/scrabblecubes/scrabblecubes.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.militarylife.com/ScriptX/smsx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v46/shared/FunGamesLoader.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v45/bejeweled/bejeweled.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v40/hangman/hangman.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\me\applic~1\mozilla\firefox\profiles\itk1vnvd.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-29 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-29 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-29 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-29 285392]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-2-22 266240]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]

=============== Created Last 30 ================

2009-11-30 00:23:42 6656 --sha-w- c:\windows\system32\Thumbs.db
2009-11-30 00:23:11 3072 --sha-w- C:\Thumbs.db
2009-11-30 00:23:10 54272 --sha-w- c:\windows\Thumbs.db
2009-11-30 00:18:26 0 d-----w- c:\program files\Yahoo!
2009-11-30 00:16:02 0 d-----w- c:\program files\a-squared HiJackFree
2009-11-30 00:13:11 0 d--h--w- C:\$AVG
2009-11-30 00:12:58 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-30 00:12:57 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-30 00:12:50 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-30 00:12:39 0 d-----w- c:\windows\system32\drivers\Avg
2009-11-30 00:12:36 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-11-30 00:12:12 0 d-----w- c:\program files\AVG
2009-11-30 00:12:11 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-11-29 21:57:46 0 d-sha-r- C:\cmdcons
2009-11-29 21:55:28 98816 ----a-w- c:\windows\sed.exe
2009-11-29 21:55:28 77312 ----a-w- c:\windows\MBR.exe
2009-11-29 21:55:28 260608 ----a-w- c:\windows\PEV.exe
2009-11-29 21:55:28 161792 ----a-w- c:\windows\SWREG.exe
2009-11-29 05:52:33 122567 ----a-w- C:\MGlogs.zip
2009-11-29 05:51:55 0 d-----w- C:\MGtools
2009-11-29 05:47:42 0 ----a-w- c:\documents and settings\me\settings.dat
2009-11-29 05:40:49 0 d-----w- c:\docume~1\me\applic~1\Malwarebytes
2009-11-29 05:40:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 05:40:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-29 05:40:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-29 05:40:23 0 d-----w- c:\program files\MB
2009-11-29 05:37:03 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-29 05:35:28 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-29 05:35:27 0 d-----w- c:\docume~1\me\applic~1\SUPERAntiSpyware.com
2009-11-29 05:33:43 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-29 05:32:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-29 03:46:38 0 d-----w- c:\windows\pss
2009-11-29 03:28:28 0 d-----w- c:\docume~1\me\applic~1\IObit
2009-11-29 03:28:20 0 d-----w- c:\program files\IObit
2009-11-29 03:22:39 0 d-----w- c:\program files\CCleaner
2009-11-28 19:36:49 0 d-----w- c:\program files\Enigma Software Group
2009-11-28 17:14:31 0 d-----w- c:\program files\common files\Hypnotizer
2009-11-27 18:25:58 0 d-----w- c:\docume~1\alluse~1\applic~1\PopCap
2009-11-19 23:55:51 67072 ----a-w- c:\windows\system32\escwiad.dll
2009-11-13 22:51:21 0 d-----w- c:\program files\common files\Macrovision Shared
2009-11-13 21:28:44 0 d-----w- C:\Adobe CS4
2009-11-12 22:18:30 0 d-----w- c:\program files\PartyGaming
2009-11-12 22:16:57 0 d-----w- c:\documents and settings\me\PARTYPokerDir
2009-11-12 22:12:29 0 d-----w- c:\program files\PokerStars
2009-11-09 23:07:42 0 d-----w- c:\program files\uTorrent
2009-11-09 23:06:56 0 d-----w- c:\docume~1\me\applic~1\uTorrent
2009-11-09 22:49:51 0 d-----w- c:\program files\New Folder
2009-11-07 18:51:17 0 d-----w- c:\program files\XaoS
2009-11-04 05:17:35 0 d-----w- C:\Quicken Backups

==================== Find3M ====================

2009-11-29 05:31:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-24 07:57:04 4558 ----a-w- c:\docume~1\me\applic~1\wklnhst.dat
2009-10-22 09:19:04 5939712 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2006-11-09 15:49:42 104 -csh--r- c:\windows\system32\CBFD65A945.sys
2006-11-09 15:49:43 7100 -csha-w- c:\windows\system32\KGyGaAvL.sys
2008-09-14 03:48:33 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091320080914\index.dat

============= FINISH: 18:50:17.35 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:16 PM

Posted 12 December 2009 - 01:38 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:16 PM

Posted 17 December 2009 - 06:05 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users