Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help analyize my Hijackthis/DDS log


  • This topic is locked This topic is locked
2 replies to this topic

#1 wingnut10

wingnut10

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 12 January 2010 - 09:59 AM

Attached File  DDS_log.zip   4.2KB   9 downloads

Hello,

I have been experiencing problems with my browsers in both Firefox and IE being redirected and in some cases landing on attack pages.

I have run AVG multiple times with some results, Malwarebytes also with good results, but the problem still persists and now I have run Hichjack this and DDS to hopefully get some expert help on determineing what files to delete from the scans.

Per instructions I have posted below and attached a zip file to assist.

Thank you very much for your help it is greatly appreciated!


DDS (Ver_09-12-01.01) - NTFSx86
Run by Robin at 8:35:44.90 on Tue 01/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.55 [GMT -6:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Micro Niche Finder\srvany.exe
C:\Program Files\Micro Niche Finder\bggoogle.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\Program Files\Sony\vaio media integrated server\VMISrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Sony\vaio media integrated server\Platform\SV_Httpd.exe
C:\Program Files\Sony\vaio media integrated server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\RegCure\RegCure.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IncrediMail\Bin\IncMail.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Documents and Settings\Robin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://esupport.sony.com/perl/swu-download.pl?upd_id=2191&SMB=YES&VU=YES&mdl=PCV-RS620G
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: link = 00000000
uPolicies-explorer: NoCommonGroups = 1 (0x1)
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
uPolicies-system: EnableProfileQuota = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260560667245
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli ltoatert.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-10-11 161800]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-27 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-27 28424]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-27 360584]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-22 285392]
R2 Micro Niche Finder Background Download Service;Micro Niche Finder Background Download Service;c:\program files\micro niche finder\srvany.exe [2009-12-27 8192]
R2 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;c:\program files\common files\sony shared\vaio entertainment\vzcdb\VzFw.exe [2009-9-27 86098]
S3 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;c:\program files\common files\sony shared\vaio entertainment\vcsw\vcsw.exe -runbyscm --> c:\program files\common files\sony shared\vaio entertainment\vcsw\VCSW.exe -RunBySCM [?]

=============== Created Last 30 ================

2010-01-12 13:48:47 0 d-----w- c:\program files\Trend Micro
2010-01-11 18:58:29 0 d-----w- c:\docume~1\robin\applic~1\Malwarebytes
2010-01-11 18:58:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-11 18:57:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-11 18:57:55 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-11 18:57:54 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-06 16:18:00 0 d-----w- c:\documents and settings\all users\The Ultimate PLR Article Collection
2010-01-06 16:13:52 0 d-----w- c:\program files\The Ultimate PLR Article Collection
2010-01-05 03:38:21 0 d-----w- c:\program files\Audacity
2010-01-04 15:38:34 0 d-sh--w- c:\docume~1\alluse~1\applic~1\WSVAXPJKD_APDM
2010-01-02 16:55:46 0 d-----w- c:\program files\Windows Media Connect 2
2010-01-02 16:51:47 0 d-----w- C:\05d16048228e6e4928437587b487
2010-01-02 16:50:22 0 d-----w- C:\e6bd8977f0e2aa7b7a22d42c46ed50
2010-01-02 04:03:47 0 d--h--w- c:\windows\PIF
2009-12-28 04:40:30 0 d-----w- c:\documents and settings\all users\Micro Niche Finder
2009-12-28 04:40:30 0 d-----w- c:\docume~1\alluse~1\applic~1\Micro Niche Finder
2009-12-28 04:40:29 0 d-----w- c:\documents and settings\all users\Micro Niche Finder Service
2009-12-28 04:39:57 0 d-----w- c:\program files\Micro Niche Finder
2009-12-26 17:53:29 14848 ----a-w- c:\documents and settings\robin\Copy of Forsyth_Dec_11-Dec_25.xls
2009-12-25 15:24:28 90112 ----a-w- c:\windows\unvise32.exe
2009-12-25 15:23:36 0 d-----w- c:\program files\The Logo Creator v5
2009-12-17 02:26:47 400 ----a-w- c:\windows\system32\xpsys.dll
2009-12-17 02:26:47 0 d-----w- c:\docume~1\alluse~1\applic~1\CoffeeCup Software
2009-12-14 19:33:47 0 d-----w- c:\program files\common files\SWF Studio

==================== Find3M ====================

2009-12-22 09:04:40 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-22 09:04:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-22 09:04:01 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-22 09:03:50 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-10 00:50:07 104229 ----a-w- c:\windows\hpoins04.dat
2009-11-04 21:03:09 40056 ----a-w- c:\windows\system32\NicInst.dll
2009-11-04 21:03:09 35424 ----a-w- c:\windows\system32\e100bmsg.dll
2009-11-04 21:03:09 28272 ----a-w- c:\windows\system32\NicCo2.dll
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-17 15:33:58 249856 ------w- c:\windows\Setup1.exe
2009-10-17 15:33:41 73216 ----a-w- c:\windows\ST6UNST.EXE

============= FINISH: 8:38:10.37 ===============


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:23 AM

Posted 17 January 2010 - 07:46 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please run RootRepeal and post the log

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.

    First Location
    Second Location
    Third Location

  • Open on your desktop.
  • Click the tab.
  • Click the button.
  • Check all seven boxes:
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:23 AM

Posted 24 January 2010 - 10:15 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users