Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pop ups, google link hijacked, AVG Disabled


  • Please log in to reply
3 replies to this topic

#1 jas24

jas24

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 05 December 2009 - 01:46 AM

I get pop ups like every 5 minutes, when i search on google the links redirect me to a different site. My security center is unavailable. AVG has been disabled. I can't get HJT to install and spyware doctor doesnt update and MBAM wont update either. I dont know what to do, i really need help.


DDS (Ver_09-12-01.01) - NTFSx86
Run by jas at 0:55:53.03 on Sat 12/05/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.72 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\jas\Local Settings\Temporary Internet Files\Content.IE5\WTWED0YC\dds[1].scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://twitter.com/home
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: {f0626a63-410b-45e2-99a1-3f2475b2d695} - Search Assistant
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\xdzWWx5JO.exe" /runcleanupscript
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [yaduhihof] Rundll32.exe "c:\windows\system32\dutuhabe.dll",a
dRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 6\PcSync2.exe" /NoDialog
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
TCP: {145CCE74-320A-43DF-AE18-878504DCAF8C} = 193.104.110.38,4.2.2.1
TCP: {9D2B88F7-1287-446D-B936-69056593F881} = 193.104.110.38,4.2.2.1,65.32.5.111 65.32.5.112
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: guzuyavu.dll c:\windows\system32\rulufutu.dll c:\windows\system32\dutuhabe.dll c:\windows\system32\viriteda.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: zesivukip - {042dc51a-5957-47e5-91af-5d1bbe01f870} - c:\windows\system32\dutuhabe.dll
SSODL: negejoyin - {0c48aa17-9a36-4628-a813-42eaf1390475} - c:\windows\system32\dutuhabe.dll
SSODL: fotuzatob - {4dcc3337-0d3b-4f95-b487-80b14e6ef9dd} - c:\windows\system32\viriteda.dll
SSODL: jomemowav - {a1ca5fee-4c6e-4f41-bb52-4a24ae94183d} - c:\windows\system32\dutuhabe.dll
STS: mujuzedij: {042dc51a-5957-47e5-91af-5d1bbe01f870} - c:\windows\system32\dutuhabe.dll
STS: mujuzedij: {0c48aa17-9a36-4628-a813-42eaf1390475} - c:\windows\system32\dutuhabe.dll
STS: jugezatag: {4dcc3337-0d3b-4f95-b487-80b14e6ef9dd} - c:\windows\system32\viriteda.dll
STS: jugezatag: {a1ca5fee-4c6e-4f41-bb52-4a24ae94183d} - c:\windows\system32\dutuhabe.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli vagivoho.dll
Hosts: 209.44.111.62 antispy.microsoft.com
Hosts: 209.44.111.62 antiaware-pro.com
Hosts: 209.44.111.62 www.antiaware-pro.com

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-4 207792]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-2 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-2 26824]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-12-4 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-12-4 359624]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-12-4 1141712]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
S1 2892o0P7;2892o0P7;c:\windows\system32\drivers\2892o0P7.sys [2009-12-1 80384]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-12-2 231704]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 wnamjovtnb;wnamjovtnb;\??\c:\windows\system32\drivers\jiccljefwd.sys --> c:\windows\system32\drivers\jiccljefwd.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-2 19160]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-2-8 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-2-8 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2009-2-8 23680]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-12-2 77312]

=============== Created Last 30 ================

2009-12-05 04:55:04 120 ----a-w- c:\windows\system32\srcr.dat
2009-12-05 03:16:30 0 ----a-w- c:\documents and settings\jas\cd
2009-12-04 23:34:04 882 ----a-w- c:\windows\RegSDImport.xml
2009-12-04 23:34:04 880 ----a-w- c:\windows\RegISSImport.xml
2009-12-04 23:34:04 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-04 23:34:04 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-04 23:34:04 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-04 23:34:04 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-04 23:34:04 131 ----a-w- c:\windows\IDB.zip
2009-12-04 23:34:04 1152444 ----a-w- c:\windows\UDB.zip
2009-12-04 23:33:43 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-12-04 23:33:43 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-04 23:33:20 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-04 23:33:20 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-12-04 23:33:20 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-12-04 23:33:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-04 23:32:55 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-12-04 23:32:54 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-04 23:32:37 0 d-----w- c:\program files\Spyware Doctor
2009-12-04 23:32:37 0 d-----w- c:\program files\common files\PC Tools
2009-12-04 23:32:37 0 d-----w- c:\docume~1\jas\applic~1\PC Tools
2009-12-04 23:32:37 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-12-04 23:02:18 93184 ------w- c:\windows\system32\viriteda.dll
2009-12-02 23:40:18 0 d-----w- c:\program files\common files\ParetoLogic
2009-12-02 23:40:18 0 d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-12-02 22:42:45 10520 ------w- c:\windows\system32\avgrsstx.dll
2009-12-02 20:30:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-02 20:30:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-02 20:30:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-02 20:30:05 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-02 19:33:02 98440 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-02 19:32:40 0 d-----w- c:\windows\system32\drivers\Avg
2009-12-02 19:32:27 90632 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-02 19:32:23 0 d-----w- c:\docume~1\alluse~1\applic~1\avg8
2009-12-02 18:27:36 0 d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop
2009-12-01 22:42:22 0 d-sh--w- c:\windows\system32\lowsec
2009-12-01 22:42:18 80384 ----a-w- c:\windows\system32\drivers\2892o0P7.sys
2009-11-28 14:58:00 0 d-----w- c:\program files\uTorrent
2009-11-28 14:57:03 0 d-----w- c:\docume~1\jas\applic~1\uTorrent
2009-11-13 00:32:47 0 d-----w- c:\program files\VSO

==================== Find3M ====================

2009-11-13 00:33:24 87608 ----a-w- c:\docume~1\jas\applic~1\inst.exe
2009-11-13 00:33:24 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-13 00:33:24 47360 ----a-w- c:\docume~1\jas\applic~1\pcouffin.sys
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-20 13:04:35 6588 ----a-w- c:\docume~1\jas\applic~1\wklnhst.dat
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2007-08-20 20:09:48 88 -csh--r- c:\windows\system32\9CCEB17CDB.sys
2009-09-02 18:10:21 53760 --sha-w- c:\windows\system32\begimepo.dll
2009-09-04 23:08:08 39424 --sha-w- c:\windows\system32\hinilezo.dll
2007-08-20 20:09:55 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-04 23:08:07 90112 --sha-w- c:\windows\system32\lavevumu.dll
2009-09-03 20:13:38 39424 --sha-w- c:\windows\system32\magagovi.dll
2009-09-02 18:09:46 39424 --sha-w- c:\windows\system32\namiviko.dll
2009-09-02 18:09:43 45568 --sha-w- c:\windows\system32\pehuraba.dll
2009-09-02 01:49:25 39424 --sha-w- c:\windows\system32\pipidesa.dll
2009-09-03 20:13:38 45568 --sha-w- c:\windows\system32\pohuzowo.dll
2009-09-02 01:49:25 1909 --sha-w- c:\windows\system32\puvutabo.exe
2009-09-03 20:13:36 92160 --sha-w- c:\windows\system32\rulufutu.dll
2009-09-02 18:10:21 53760 --sha-w- c:\windows\system32\vagivoho.dll
2008-08-27 18:15:47 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat

============= FINISH: 0:57:53.39 ===============



Thank you for taking the time.

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:31 PM

Posted 13 December 2009 - 06:55 PM

hi jas24,

Your log is a few days old. If you still need help simply reply to my post.

How Can I Reduce My Risk to Malware?


#3 jas24

jas24
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 16 December 2009 - 10:30 AM

Thanks Shelf life for ur reply, at the time i am receiving help from Malwareremoval.com

#4 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:31 PM

Posted 16 December 2009 - 06:21 PM

ok thanks for letting me know. happy safe surfing

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users