Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

jake with problem


  • This topic is locked This topic is locked
2 replies to this topic

#1 jakewhite

jakewhite

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:07 PM

Posted 25 December 2009 - 10:28 AM

My broswer keeps changing when i click on site then i hit back a couple of times and it may go there. Then when i boot up it may take a half an hour then cant go nowhere fast it just freezes up and stays there for a long time. This is my first time need help please my hijack file is. not very good at explaining please bear with me please. i hope i did this right thank you


DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by Adam at 9:43:40.12 on Fri 12/25/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.478 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! antivirus 4.8.1169 [VPS 091225-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Adam\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Cobian Backup 9\Cobian.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Documents and Settings\Adam\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Mediafour XPlay Explorer notifications: {4907c0ad-874d-44d9-b13e-7b0a4d8b9d3e} - c:\program files\mediafour\xplay 3\XPBHO.DLL
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5835/mcfscan.cab
TCP: {42C7291D-E3D3-4FFD-86B5-B8C3F869B0C7} = 192.168.0.1,192.168.0.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {61E3FE32-07B9-4563-A3E0-2DE2D620FE10} - c:\program files\pixiepack codec pack\InstallerHelper.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\adam\applic~1\mozilla\firefox\profiles\6fjvey77.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\adam\application data\mozilla\firefox\profiles\6fjvey77.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\adam\application data\mozilla\firefox\profiles\6fjvey77.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\adam\application data\mozilla\firefox\profiles\6fjvey77.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\adam\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Internal security: No Registry Reference - c:\program files\mozilla firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-2 207280]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-18 360584]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
S0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2009-4-30 284416]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-12-9 28552]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-14 75856]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-18 333192]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-18 28424]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2009-9-11 136744]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-11-16 1858144]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-14 20560]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-11-14 144760]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-18 285392]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-15 135664]
S2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
S2 lxba_device;lxba_device;c:\windows\system32\lxbacoms.exe -service --> c:\windows\system32\lxbacoms.exe -service [?]
S2 M4iPodWPDService;M4iPodWPDService;c:\program files\common files\mediafour\ipod\M4iPodWPDService.exe [2009-7-6 208896]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-11-14 247160]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-11-14 345464]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2009-10-8 14424]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\sasenum.sys --> c:\program files\superantispyware\SASENUM.SYS [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-12-2 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-12-2 1141712]

=============== Created Last 30 ================

2009-12-25 14:21:54 0 d-----w- c:\program files\Cobian Backup 9
2009-12-19 14:23:46 0 d-sh--w- C:\found.000
2009-12-19 01:50:55 0 d--h--w- C:\$AVG
2009-12-19 01:38:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-19 01:38:51 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-19 01:38:49 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-19 01:38:47 0 d-----w- c:\windows\system32\drivers\Avg
2009-12-19 01:38:41 0 d-----w- c:\program files\AVG
2009-12-19 01:38:41 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-12-18 11:13:59 0 d-----w- c:\windows\McAfee.com
2009-12-18 00:23:24 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-12-11 03:34:01 0 d-----w- c:\program files\trend micro
2009-12-10 08:48:51 0 d-----w- c:\documents and settings\adam\Pavark
2009-12-10 02:57:48 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-12-10 02:55:39 0 d-----w- c:\program files\Panda Security
2009-12-10 02:42:31 0 d-----w- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2009-12-10 01:02:31 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-12-10 01:02:31 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-12-10 01:02:31 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-12-10 01:02:31 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-12-10 01:02:31 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-12-10 01:02:29 0 d-----w- c:\program files\Trojan Remover
2009-12-10 01:02:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-12-10 01:02:29 0 d-----w- c:\docume~1\adam\applic~1\Simply Super Software
2009-12-04 21:05:04 0 d-----w- c:\program files\Enigma Software Group
2009-12-04 02:31:18 0 d-----w- c:\program files\home plan software
2009-12-03 14:09:16 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2009-12-02 11:03:48 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-12-02 11:03:48 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-02 11:03:37 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-02 11:03:37 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-12-02 11:03:37 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-12-02 11:03:37 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-02 11:03:30 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-12-02 11:03:30 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-02 11:03:22 0 d-----w- c:\program files\common files\PC Tools
2009-12-02 11:03:21 0 d-----w- c:\program files\Spyware Doctor
2009-12-02 11:03:21 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-12-02 11:03:21 0 d-----w- c:\docume~1\adam\applic~1\PC Tools
2009-12-02 06:59:14 0 d-----w- c:\docume~1\adam\applic~1\QuickScan
2009-12-02 04:35:00 0 d-----w- c:\documents and settings\adam\TotalMovieConverter
2009-12-01 19:18:30 0 d-----w- c:\docume~1\adam\applic~1\Red Kawa
2009-12-01 19:07:41 0 d-----w- c:\program files\AviSynth 2.5
2009-12-01 18:00:56 0 d-----w- c:\docume~1\adam\applic~1\Softplicity
2009-12-01 10:03:29 0 d-----w- C:\ComboFix
2009-11-28 22:06:40 0 d-----w- c:\program files\OLYMPUS
2009-11-28 14:20:42 77312 ----a-w- c:\windows\MBR.exe
2009-11-28 14:20:42 260608 ----a-w- c:\windows\PEV.exe
2009-11-28 14:20:41 98816 ----a-w- c:\windows\sed.exe
2009-11-28 14:20:41 161792 ----a-w- c:\windows\SWREG.exe
2009-11-28 14:18:03 389120 ----a-w- c:\windows\system32\CF17123.exe

==================== Find3M ====================

2009-12-18 00:16:55 4534 ----a-w- c:\windows\system32\tmp.reg
2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-11 09:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 19:57:02 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 19:57:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 19:56:56 20480 ----a-w- c:\windows\system32\oleaccrc.dll

============= FINISH: 9:43:49.75 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:07 PM

Posted 05 January 2010 - 07:33 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:07 PM

Posted 11 January 2010 - 05:16 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users