Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Pop up and re-directs

  • This topic is locked This topic is locked
3 replies to this topic

#1 HealthyKitchenware


  • Members
  • 8 posts
  • Local time:12:05 PM

Posted 02 August 2010 - 12:13 AM

A couple of weeks ago, my computer was infected with Defense Center. I successfully followed your removal guide. After this experience, I decided to get rid of McAfee and currently have an AVG free trial.

However, currently the computer is slow, pop ups are frequent and re-directs to unwanted websites occur after a search engine search or almost any time (email, while online, etc). I have XP media center on my computer, which I do not use for gaming.

I followed the "ten steps" before posting, but was not successful with GMER. The computer would freeze and I would have to turn it off manually. On the last (3rd, I think) try I got a blue screen with the message:


I'll try the GMER again after posting this.

Here is the log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by HP_Administrator at 16:52:11.14 on Sun 08/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.152 [GMT -7:00]

AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
C:WINDOWSSystem32svchost.exe -k netsvcs
C:Program FilesAVGAVG9avgchsvx.exe
C:Program FilesAVGAVG9avgrsx.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:Program FilesAVGAVG9Identity ProtectionAgentBinAVGIDSAgent.exe
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
C:Program FilesAVGAVG9avgwdsvc.exe
C:Program FilesAVGAVG9avgfws9.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesAVGAVG9avgam.exe
C:Program FilesAVGAVG9avgnsx.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesLeapFrogLeapFrog ConnectCommandService.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesCommon FilesIntuitQuickBooksQBCFMonitorService.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesLexmark 2600 Serieslxdnmon.exe
C:Program FilesLexmark 2600 Seriesezprint.exe
C:Program FilesLeapFrogLeapFrog ConnectMonitor.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesOLYMPUSOLYMPUS Master 2MMonitor.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesCommon FilesIntuitQuickBooksQBUpdateqbupdate.exe
C:Program FilesAVGAVG9Identity Protectionagentbinavgidsmonitor.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesCobian Backup 10cbVSCService.exe
C:Program FilesCobian Backup 10Cobian.exe
C:Program FilesCobian Backup 10cbInterface.exe
C:Documents and SettingsHP_AdministratorDesktopdds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.healthykitchenware.com/
uInternet Settings,ProxyServer = http=
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg9toolbarIEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:program filesrealrealplayerrpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg9avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:program filesavgavg9toolbarIEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogle toolbarGoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.4.4525.1752swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:program filesgooglegoogle toolbarcomponentfastsearch_A8904FB862BD9564.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:program filesavgavg9toolbarIEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogle toolbarGoogleToolbar.dll
TB: {981FE6A8-260C-4930-960F-C3BC82746CB0} - No File
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [OM_Monitor] c:program filesolympusolympus masterMonitor.exe -NoStart
uRun: [OM2_Monitor] "c:program filesolympusolympus master 2MMonitor.exe"
uRun: [MSMSGS] "c:program filesmessengermsmsgs.exe" /background
uRun: [swg] "c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe"
mRun: [ehTray] c:windowsehomeehtray.exe
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [KBD] c:hpkbdKBD.EXE
mRun: [lxdnmon.exe] "c:program fileslexmark 2600 serieslxdnmon.exe"
mRun: [EzPrint] "c:program fileslexmark 2600 seriesezprint.exe"
mRun: [OM2_Monitor] "c:program filesolympusolympus master 2FirstStart.exe" /OM
mRun: [Monitor] "c:program filesleapfrogleapfrog connectMonitor.exe"
mRun: [TkBellExe] "c:program filescommon filesrealupdate_obrealsched.exe" -osboot
mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"
mRun: [AVG9_TRAY] c:progra~1avgavg9avgtray.exe
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
dRun: [swg] c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupquickb~1.lnk - c:program filescommon filesintuitquickbooksqbupdateqbupdate.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupmri_di~1exifla~1.lnk - c:program filesfinepixviewerQuickDCF2.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupmri_di~1hpdigi~1.lnk - c:program fileshpdigital imagingbinhpqtra08.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupmri_di~1quickb~1.lnk - c:program filescommon filesintuitquickbooksqbupdateqbupdate.exe
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:windowspchealthhelpctrvendorscn=hewlett-packard,l=cupertino,s=ca,c=usiebuttonsupport.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~4office11REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149125670109
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5150/mcfscan.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:program filesgooglegoogle toolbarcomponentfastsearch_A8904FB862BD9564.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:program filesavgavg9toolbarIEToolbar.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:program filesintuitquickbooks 2008HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg9avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:windowssystem32mscoree.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:windowssystem32driversAVGIDSxx.sys [2010-7-28 25168]
R0 AvgRkx86;avgrkx86.sys;c:windowssystem32driversavgrkx86.sys [2010-7-28 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2010-7-28 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:windowssystem32driversavgmfx86.sys [2010-7-28 29584]
R1 AvgTdiX;AVG Network Redirector;c:windowssystem32driversavgtdix.sys [2010-7-28 243024]
R2 avg9wd;AVG WatchDog;c:program filesavgavg9avgwdsvc.exe [2010-7-28 308136]
R2 avgfws9;AVG Firewall;c:program filesavgavg9avgfws9.exe [2010-7-28 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:program filesavgavg9identity protectionagentbinAVGIDSAgent.exe [2010-7-28 5897808]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:program filescobian backup 10cbVSCService.exe [2010-8-1 67584]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:windowssystem32driversLMIRfsDriver.sys [2008-10-14 47640]
R2 lxdn_device;lxdn_device;c:windowssystem32lxdncoms.exe -service --> c:windowssystem32lxdncoms.exe -service [?]
R2 McrdSvc;Media Center Extender Service;c:windowsehomemcrdsvc.exe [2005-8-5 99328]
R2 QuickBooksDB18;QuickBooksDB18;c:progra~1intuitquickb~2qbdbmgrn.exe -hvquickbooksdb18 --> c:progra~1intuitquickb~2QBDBMgrN.exe -hvQuickBooksDB18 [?]
R3 Avgfwdx;Avgfwdx;c:windowssystem32driversavgfwdx.sys [2010-7-28 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:program filesavgavg9identity protectionagentdriverplatform_xpAVGIDSDriver.sys [2010-7-28 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:program filesavgavg9identity protectionagentdriverplatform_xpAVGIDSFilter.sys [2010-7-28 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:program filesavgavg9identity protectionagentdriverplatform_xpAVGIDSShim.sys [2010-7-28 26192]
S2 LMIInfo;LogMeIn Kernel Information Provider;??c:program fileslogmeinx86rainfo.sys --> c:program fileslogmeinx86RaInfo.sys [?]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:windowssystem32spooldriversw32x863lxdnserv.exe [2009-7-3 98984]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:program filesavgavg9toolbarToolbarBroker.exe [2010-7-28 430152]
S3 Avgfwfd;AVG network filter service;c:windowssystem32driversavgfwdx.sys [2010-7-28 30104]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:windowssystem32driversNtpaSp50.sys [2010-4-14 17536]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:program filesgooglegoogle desktop searchGoogleDesktop.exe [2007-12-26 29744]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

==================== Find3M ====================

2010-07-11 00:48:42 50052 ---ha-w- c:windowssystem32mlfcache.dat
2010-05-18 23:35:16 91424 ----a-w- c:windowssystem32dnssd.dll
2010-05-18 23:35:16 75040 ----a-w- c:windowssystem32jdns_sd.dll
2010-05-18 23:35:16 197920 ----a-w- c:windowssystem32dnssdX.dll
2010-05-18 23:35:16 107808 ----a-w- c:windowssystem32dns-sd.exe
2010-05-05 13:30:57 173056 ----a-w- c:windowssystem32dllcacheie4uinit.exe
2009-10-15 13:24:30 245760 --sha-w- c:windowssystem32configsystemprofileietldcacheindex.dat

============= FINISH: 16:54:11.02 ===============

Situation unchanged. Please help. Hope this is not "bumping!"

Attached Files

Edited by Budapest, 08 August 2010 - 04:19 PM.
Posts merged ~BP

BC AdBot (Login to Remove)


#2 suebaby41


    W.A.M. (Women Against Malware)

  • Malware Response Team
  • 6,248 posts
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:05 PM

Posted 09 August 2010 - 12:55 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  1. Double click on RSIT.exe to run RSIT.
  2. Click Continue at the disclaimer screen.
  3. Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  1. Reply to this thread; do not start another!
  2. Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  3. Do not run any other tool until instructed to do so!
  4. Let me know if any of the links do not work or if any of the tools do not work.
  5. Tell me about problems or symptoms that occur during the fix.
  6. Do not run any other programs or open any other windows while doing a fix.
  7. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 HealthyKitchenware

  • Topic Starter

  • Members
  • 8 posts
  • Local time:12:05 PM

Posted 10 August 2010 - 09:03 AM


Thanks for your reply.

I have started working with someone at Malware Bytes. I hope that will solve the issue.

Thanks anyway.

#4 suebaby41


    W.A.M. (Women Against Malware)

  • Malware Response Team
  • 6,248 posts
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:05 PM

Posted 10 August 2010 - 01:56 PM

Thank you for letting me know.

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users