Jump to content

Browser Hijack


Recommended Posts

Any help would be greatly appreciated! Can't find or clean browser hijack. Open new browsers tabs to random sites.

Have used MBAM, Avira AntiVir Personal, tried to run GMER Rootkit Scanner but after about 5 minutes running it flashes a blue screen and reboots Windows.

Attach says there is a Hosts File Hijack, but I don't see anything wrong with my hosts file.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Main at 13:48:13.10 on Fri 06/25/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.593 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\System Control Manager\MSIService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Main\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: CAB Class: {c6a91056-83e0-4c6e-8dcc-43fc0dfe7a0a} - c:\windows\system32\8AedST5d.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

Notify: igfxcui - igfxdev.dll

Notify: puinsd - puinsd.dll

Hosts: 89.149.225.59 www.google.ua

Hosts: 89.149.225.59 www.google.th

Hosts: 89.149.225.59 www.google.tr

Hosts: 89.149.225.59 www.google.hu

Hosts: 89.149.225.59 www.google.cr

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-6-24 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-6-24 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-6-24 267432]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-6-24 60936]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-6 55136]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-20 303952]

R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2009-7-7 159744]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-20 20824]

R3 MSILiveVirtualCamera;MSI Live Virtual Camera;c:\windows\system32\drivers\MSILiveVirtualCamera.sys [2007-1-29 449408]

R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-7-6 156160]

S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2008-12-8 533344]

=============== Created Last 30 ================

2010-06-25 17:45:25 0 ----a-w- c:\documents and settings\main\defogger_reenable

2010-06-24 20:06:29 0 d-----w- c:\windows\system32\NtmsData

2010-06-24 20:01:17 0 d-----w- c:\docume~1\main\applic~1\Avira

2010-06-24 19:59:42 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-06-24 19:59:41 0 d-----w- c:\program files\Avira

2010-06-24 19:59:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira

2010-06-24 16:04:06 9728 ----a-w- c:\windows\system32\RtNicProp32.dll

2010-06-17 18:05:23 112 ----a-w- c:\docume~1\alluse~1\applic~1\3ulSX01.dat

2010-06-17 18:05:19 45056 ----a-w- c:\windows\system32\8AedST5d.dll

2010-06-17 14:39:59 0 d-----w- c:\windows\system32\wbem\Repository

2010-06-15 23:19:05 839680 ----a-w- c:\windows\system32\lameACM.acm

2010-06-15 23:19:05 414 ----a-w- c:\windows\system32\lame_acm.xml

2010-06-15 23:19:05 151552 ----a-w- c:\windows\system32\ac3acm.acm

2010-06-15 23:19:00 0 d-----w- c:\program files\K-Lite Codec Pack

2010-06-15 20:38:14 121984 -c--a-w- c:\windows\system32\dllcache\usbvideo.sys

2010-06-15 20:38:14 121984 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2010-06-15 20:38:13 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax

2010-06-15 20:38:13 20992 ----a-w- c:\windows\system32\dshowext.ax

2010-05-27 12:36:36 376 ----a-w- c:\windows\system32\.crusader

==================== Find3M ====================

2010-06-24 12:53:04 36352 ----a-w- c:\windows\system32\drivers\disk.sys

2010-05-27 12:39:36 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-03-31 01:58:04 133616 ------w- c:\windows\system32\pxafs.dll

2010-03-31 01:58:04 125424 ------w- c:\windows\system32\pxinsi64.exe

2010-03-31 01:58:04 123888 ------w- c:\windows\system32\pxcpyi64.exe

2009-07-06 16:59:00 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2009-07-07 21:13:24 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

2009-12-26 06:49:14 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009122520091226\index.dat

2009-07-06 16:58:56 16384 --sha-w- c:\windows\system32\config\systemprofile\privacie\index.dat

2009-12-26 06:52:34 16384 --sha-w- c:\windows\temp\cookies\index.dat

2009-12-26 06:52:34 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat

2009-12-26 06:52:34 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 13:50:01.62 ===============

Attach.zip

Link to post
Share on other sites

Hi and welcome to the Malwarebytes forums. ;)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.

NOTE: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.

=========================================================

TDSSKiller

  • Download the file TDSSKiller.zip and save it on your desktop
  • Extract the file tdskiller.zip, it will create a folder named tdsskiller on your desktop. (Zip/UnZip Tutorial)
  • Next double-click the tdsskiller Folder on your desktop.
  • Double click tdsskiller.exe to run the tool.
  • If malicious services or files have been detected, the utility may prompt to reboot the PC in order to complete the disinfection procedure. Please reboot if prompted.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.3.0.0_20.04.2010_15.31.43_log.txt.
  • Please post the contents in your next reply

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.