Google Redirect and TCP/IP Command Error

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

cheder

Thread Starter
Joined
Dec 2, 2011
Messages
4
Hey guys, well first off Im having problems with my internet it started as a TCP/IP Command
Error and a dialog box would pop up and then click close and I could still go about my
business, that lasted for a day. Now, the internet is very intermittent, the icon is showing
Im connecting to my wireless signal constantly and never fully connects unless it a fresh
restart and then only stays connected a few minutes. Attached is a .jpeg of the TCP/IP Error
report. Then I have the Google Search re-direct thing going on. Search Google for something
click on it and it re-directs me to http//search.yellowise.com in Firefox and a different
site in Google Chrome. Also speed of start up and other functions have severely slowed down.

Hijackthis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:32:16 AM, on 12/2/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Belkin\F6D4050\v1\BelkinWCUI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - Startup: Seagate 2GEYWHCW Product Registration.lnk = C:\Documents and Settings\Owner\Application Data\Leadertech\PowerRegister\Seagate 2GEYWHCW Product Registration.exe
O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6215 bytes

DDS Log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Owner at 4:36:43 on 2011-12-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2324 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Belkin\F6D4050\v1\BelkinWCUI.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\seagat~1.lnk - c:\documents and settings\owner\application data\leadertech\powerregister\Seagate 2GEYWHCW Product Registration.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f6d4050\v1\BelkinWCUI.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 172.16.0.1
TCP: Interfaces\{58FF06C2-1CE9-41B8-B837-2D3E20205CC6} : DhcpNameServer = 172.16.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\432lzo2c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg2012\Firefox4
FF - Ext: ImageHost Grabber: {E4091D66-127C-11DB-903A-DE80D2EFDFE8} - %profile%\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
FF - Ext: Download Youtube Videos +: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\adobe\elements 10 organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-1 366152]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2011-8-5 91392]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-1 22216]
R3 rt2870;Belkin 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2011-7-18 644096]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-23 136176]
S2 SqlCSS;SQL Server EXPRESS;c:\windows\system32\svchost.exe -k Sqlses [2004-8-4 14336]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2011-8-5 6016]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-23 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-8-5 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2011-8-5 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2011-8-5 24960]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2011-8-5 23936]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2011-8-5 6656]
.
=============== Created Last 30 ================
.
2011-12-02 09:12:42 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-02 09:01:47 -------- d-----w- c:\documents and settings\owner\application data\Need for Speed World
2011-12-02 07:14:57 -------- d-----w- c:\documents and settings\owner\local settings\application data\Electronic_Arts_Inc
2011-12-02 06:03:04 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-12-02 06:03:04 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-12-02 06:03:03 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-12-02 06:03:03 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-12-02 06:03:02 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-12-02 06:03:02 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-12-02 06:03:02 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-12-02 06:03:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-12-02 06:03:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-12-02 06:03:01 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-12-02 06:03:00 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-12-02 06:03:00 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-12-02 05:52:22 -------- d-----w- c:\documents and settings\all users\application data\Electronic Arts
2011-12-02 02:15:17 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2011-12-02 02:15:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-02 02:15:08 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-02 02:15:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-30 10:18:51 -------- d-----w- c:\windows\system32\LogFiles
2011-11-28 16:45:41 -------- d-----w- c:\documents and settings\owner\local settings\application data\Stardock
2011-11-28 16:45:31 -------- d-----w- c:\program files\Thoosje
2011-11-26 10:16:54 -------- d-----w- c:\documents and settings\owner\application data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-11-26 04:55:48 -------- d-----w- c:\documents and settings\all users\application data\regid.1986-12.com.adobe
2011-11-20 02:57:04 -------- d-----w- c:\documents and settings\owner\local settings\application data\WinZip
2011-11-19 19:59:24 -------- d-----w- c:\documents and settings\owner\local settings\application data\ACD Systems
2011-11-19 19:59:22 -------- d-----w- c:\documents and settings\owner\application data\ACD Systems
2011-11-19 19:58:48 -------- d-----w- c:\documents and settings\all users\application data\ACD Systems
2011-11-19 19:58:39 -------- d-----w- c:\program files\common files\ACD Systems
2011-11-19 19:58:39 -------- d-----w- c:\program files\ACD Systems
2011-11-19 19:54:14 -------- d-----w- c:\documents and settings\owner\local settings\application data\Downloaded Installations
.
==================== Find3M ====================
.
2011-11-16 08:40:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 11:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 11:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-14 02:30:39 201728 ----a-w- c:\windows\system32\triumph-screensaver.scr
2011-09-13 11:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 4:37:00.82 ===============

ARK.TXT LOG

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-02 12:46:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 ST3160318AS rev.CC44
Running: ffcl5jvo.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\afxcykod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB62BCF3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB62BCFE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB62BD080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB62BD11C]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB96B9F80]
.text netbt.sys B7ED2000 7 Bytes [89, 01, 81, 7D, 10, 16, 00]
.text netbt.sys B7ED2008 67 Bytes [C0, 0F, 85, 36, FF, FF, FF, ...]
.text netbt.sys B7ED204D 60 Bytes [8B, 47, 18, 8B, 70, 0C, 85, ...]
.text netbt.sys B7ED208A 130 Bytes [15, 90, C0, EE, B7, 33, D2, ...]
.text netbt.sys B7ED210D 5 Bytes [47, 30, 8B, 1D, 20]
.text ...
? C:\WINDOWS\system32\DRIVERS\netbt.sys suspicious PE modification
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0220000A
.text C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0221000A
.text C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 01DC000C
.text C:\WINDOWS\System32\ping.exe[2984] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BB000A
.text C:\WINDOWS\System32\ping.exe[2984] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00BC000A
.text C:\WINDOWS\System32\ping.exe[2984] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A6000A
.text C:\WINDOWS\System32\ping.exe[2984] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A7000A
.text C:\WINDOWS\System32\ping.exe[2984] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A5000C
.text C:\WINDOWS\System32\ping.exe[2984] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00BF000A
.text C:\WINDOWS\System32\ping.exe[2984] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00C0000A
.text C:\WINDOWS\System32\ping.exe[2984] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00C1000A
.text C:\WINDOWS\System32\ping.exe[2984] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00BE000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) B7EF9000-B7F11000 (98304 bytes)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4DSH25HS\2002[1].js 1305 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4DSH25HS\togglemenu[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4DSH25HS\0[1].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5C93NJE1\paneltracking[1].gif 58 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BU9TK8SX\background_gradient[1] 453 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BU9TK8SX\json2.min[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F0Y5R0ZR\if[5].txt 526 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F0Y5R0ZR\p_21362_288_162[1].jpg 7882 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F0Y5R0ZR\p_21946_288_162[1].jpg 14224 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KZJFQUS6\ErrorPageTemplate[1] 2168 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KZJFQUS6\dref=http%253A%252F%252Fwww.survivingcollege[1].com%252F2011%252F12%252Fangry-girl-comics-what-i-actually-learned-in-college%252F 373 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KZJFQUS6\dynamic_companion_banner_iframe[1].htm 1019 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KZJFQUS6\httpErrorPagesScripts[1] 8601 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\M3PF748B\s[8].htm 415 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\M3PF748B\B5986497[1].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\M3PF748B\conversion[1].js 5712 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\M3PF748B\viewChannelModule[1].act 57617 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\M3PF748B\viewChannelModule[2].act 57617 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SHFGQ1HC\appetite[1].png 466 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SHFGQ1HC\ErrorPageTemplate[1] 2168 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SHFGQ1HC\fw-nonplayer-banner[4].htm 1301 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SHFGQ1HC\vj[1] 5290 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SHFGQ1HC\18635;227210;201;js;Undertone;WPUndertonePageGrabber1x1SNon[1] 685 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SHFGQ1HC\surly[5].js 1702 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SHFGQ1HC\homepage;pos=160a;exp=0;adnt=1;tile=4;sz=160x600;ord=419754069670859[1].htm 439 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SHFGQ1HC\hope_for_women_with_symptoms_of_alopecia_areata;contentid=d636068f;abr=!webtvs;tax=hair_health;pos=2;tile=4;sz=300x250,300x600;ord=411551675920995[1] 2560 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SHFGQ1HC\wf_bg[1].png 3213 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SHFGQ1HC\delicious[1].png 856 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SHFGQ1HC\likebox[2].php 12513 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SHFGQ1HC\backcookie[2].js 2347 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SHFGQ1HC\1630401055[1] 789 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U5EKOU8L\ros2[3].htm 2391 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U5EKOU8L\tid=34efc558;abr=!webtvs;camp=ls_food_articles;camp=food_articles;tax=healthy_diet;tax=sugar;tax=eating_habits;pos=2;tile=6;sz=728x90;ord=128787475821478[1] 6624 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U5EKOU8L\spriteThumbOverlay[1].png 2225 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U5EKOU8L\ebtvs;camp=ls_food_articles;camp=food_articles;tax=healthy_diet;tax=sugar;tax=eating_habits;pos=1;dcopt=ist;tile=3;sz=300x250,300x600;ord=128787475821478[1] 3424 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U5EKOU8L\getscript[1].jsp 68431 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V7IVEMPV\29487-2[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V7IVEMPV\crossdomain[4].xml 187 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V7IVEMPV\service[3].htm 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\V7IVEMPV\18820_spike_daveandbusters_ultimate_jpg_728x90_092011[1].jpg 44907 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YDULMZV2\01[1].htm 584 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YDULMZV2\viewChannelModule[2].act 61196 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YDULMZV2\e1f6bb56-668c-4a7e-b019-0dadfe791e46[1].gif 8277 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YDULMZV2\adservercontinuation[1].aspx 10626 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YDULMZV2\ros2[1].htm 1291 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YDULMZV2\crossdomainCATMEA4X.xml 244 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YDULMZV2\crossdomain[11].xml 244 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YDULMZV2\f1[1].png 4004 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YDULMZV2\runt-of-the-web_com[1].txt 29169 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YDULMZV2\abg[1].js 525 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YDULMZV2\d2cb056b-d08b-4273-a2c1-a1bcf82303d9[1].xml 305 bytes
File C:\WINDOWS\$NtUninstallKB49241$\1013316668 0 bytes
File C:\WINDOWS\$NtUninstallKB49241$\1013316668\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB49241$\1013316668\bckfg.tmp 803 bytes
File C:\WINDOWS\$NtUninstallKB49241$\1013316668\cfg.ini 208 bytes
File C:\WINDOWS\$NtUninstallKB49241$\1013316668\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB49241$\1013316668\keywords 263 bytes
File C:\WINDOWS\$NtUninstallKB49241$\1013316668\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB49241$\1013316668\L 0 bytes
File C:\WINDOWS\$NtUninstallKB49241$\1013316668\L\mxszeogg 162816 bytes
File C:\WINDOWS\$NtUninstallKB49241$\1013316668\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB49241$\1013316668\U 0 bytes
File C:\WINDOWS\$NtUninstallKB49241$\1013316668\U\[email protected] 1536 bytes
File C:\WINDOWS\$NtUninstallKB49241$\1013316668\U\[email protected] 224768 bytes
File C:\WINDOWS\$NtUninstallKB49241$\1013316668\U\[email protected] 1024 bytes
File C:\WINDOWS\$NtUninstallKB49241$\1013316668\U\[email protected] 1024 bytes
File C:\WINDOWS\$NtUninstallKB49241$\1013316668\U\[email protected] 12800 bytes
File C:\WINDOWS\$NtUninstallKB49241$\1013316668\U\[email protected] 98304 bytes
File C:\WINDOWS\$NtUninstallKB49241$\2921628920 0 bytes

---- EOF - GMER 1.0.15 ----


OK, I think thats everything. I have downloaded, ran, and saved DDS and GMER logs. Let me know if you need anything else.
Thanks a million for the help
 

Attachments

cheder

Thread Starter
Joined
Dec 2, 2011
Messages
4
Sorry I'm running Window's XP with SP3 and I'm running Malwarebytes and it keeps blocking random outgoing websites with different IP's.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top