1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

IE keeps redirecting me possible virus??

Discussion in 'Virus & Other Malware Removal' started by angelsmigelle, Jan 10, 2011.

Thread Status:
Not open for further replies.
  1. angelsmigelle

    angelsmigelle Thread Starter

    Joined:
    Jan 9, 2011
    Messages:
    33
    i need help IE keeps redirecting me to advertisements and so on. would be muchly appreciated. please. thanks


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:45:25, on 09/01/2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\PixArt\PAC207\Monitor.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.infinityuk.net/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
    O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [TQ566808] "D:\Setup.exe"
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.infinityuk.net/
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Terminal Services TermServicestisvc (TermServicestisvc) - Unknown owner - C:\WINDOWS\system32\amstreamc.exe (file missing)
    O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    --
    End of file - 8521 bytes

    ---------------------------------------------------------------------------------------------


    DDS (Ver_10-12-12.01) - NTFSx86
    Run by Owner at 21:52:40.54 on 09/01/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.510.139 [GMT 0:00]

    ============== Running Processes ===============
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\PixArt\PAC207\Monitor.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Local Settings\Temp\15.tmp\MBR.DAT
    C:\Documents and Settings\Owner\Desktop\dds2.pif
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://www.google.co.uk/
    uSearch Page = hxxp://www.google.com
    uInternet Connection Wizard,ShellNext = hxxp://www.infinityuk.net/
    uInternet Settings,ProxyServer = http=127.0.0.1:5577
    uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
    mURLSearchHooks: H - No File
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
    mRun: [TQ566808] "D:\Setup.exe"
    mRun: [SkyTel] SkyTel.EXE
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: igfxcui - igfxdev.dll
    ================= FIREFOX ===================
    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\5a1boyx9.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
    FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
    FF - prefs.js: browser.startup.homepage - www.google.co.uk
    FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={D50B77B7-D8D2-554D-078B-18CE8411669B}&q=
    FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\[email protected]\components\xpavgtbapi.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: My Web Tattoo (Fast Browser Search): {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\5a1boyx9.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
    FF - Extension: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
    FF - Extension: AVG Security Toolbar em:version=6.010.023.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: [email protected] - c:\program files\avg\avg10\toolbar\firefox\[email protected]
    FF - Extension: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    ============= SERVICES / DRIVERS ===============
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214664]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\linksys wireless-g usb wireless network monitor\WLService.exe [2009-5-23 41025]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-6 135664]
    S2 hdagiz;Universal Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
    S2 jokvf;Windows Server;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
    S2 kgjzq;Microsoft Monitor;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
    S2 TermServicestisvc;Terminal Services TermServicestisvc;c:\windows\system32\amstreamc.exe srv --> c:\windows\system32\amstreamc.exe srv [?]
    S2 zfjmpwzg;Center Image;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
    S2 zopdu;Manager Shell;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-13 517448]
    S3 FXDrv32;FXDrv32;\??\h:\fxdrv32.sys --> h:\FXDrv32.sys [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-23 79816]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-23 35272]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-23 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-23 40552]
    S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [2009-5-23 618112]
    =============== Created Last 30 ================
    2011-01-09 10:25:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
    2011-01-09 10:25:39 -------- d-----w- c:\program files\McAfee Security Scan
    2011-01-01 15:20:50 221184 ----a-w- c:\windows\system32\wmpns.dll
    ==================== Find3M ====================
    2011-01-09 20:17:50 20456 ----a-w- c:\windows\system32\jfhf.drv
    =================== ROOTKIT ====================
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD2500JS-00NCB1 rev.10.02E02 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e
    device: opened successfully
    user: MBR read successfully
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82CA0EC5]<<
    _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x81f90872; SUB DWORD [EBP-0x4], 0x81f9012e; PUSH EDI; CALL 0xffffffffffffdf33; }
    1 ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\Harddisk0\DR0[0x82D7EAB8]
    3 CLASSPNP[0xF852805B] -> ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\0000006f[0x82D099E8]
    5 ACPI[0xF83BE620] -> ntkrnlpa!IofCallDriver[0x804EEEB8] -> [0x82D81D98]
    [0x82D89200] -> IRP_MJ_CREATE -> 0x82CA0EC5
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskWDC_WD2500JS-00NCB1_____________________10.02E02#5&3641df5e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x82CA0AEA
    user & kernel MBR OK
    sectors 488397166 (+255): user != kernel
    Warning: possible TDL3 rootkit infection !
    ============= FINISH: 21:54:00.78 ===============

    --------------------------------------------------------------------------------------------------

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-09 22:04:28
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort1 WDC_WD2500JS-00NCB1 rev.10.02E02
    Running: y7l3fmo1.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pwaorfod.sys

    ---- System - GMER 1.0.15 ----
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xBAF926C0]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xBAF92770]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xBAF92810]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xBAF928B0]
    ---- Kernel code sections - GMER 1.0.15 ----
    .text ntkrnlpa.exe!ZwCallbackReturn + 2F39 80503B39 7 Bytes [27, F9, BA, 10, 28, F9, BA] {DAA ; STC ; MOV EDX, 0xbaf92810}
    .rsrc C:\WINDOWS\system32\drivers\pci.sys entry point in ".rsrc" section [0xF83B5994]
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF7AF5360, 0x3441C7, 0xE8000020]
    ? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
    ---- User code sections - GMER 1.0.15 ----
    .text C:\WINDOWS\Explorer.EXE[732] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 00C2000A
    .text C:\WINDOWS\Explorer.EXE[732] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00C3000A
    .text C:\WINDOWS\Explorer.EXE[732] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 00C1000C
    .text C:\WINDOWS\System32\svchost.exe[1540] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 00B2000A
    .text C:\WINDOWS\System32\svchost.exe[1540] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00B3000A
    .text C:\WINDOWS\System32\svchost.exe[1540] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 00B1000C
    .text C:\WINDOWS\System32\svchost.exe[1540] USER32.dll!GetCursorPos 77D4C566 5 Bytes JMP 00DC000A
    .text C:\WINDOWS\System32\svchost.exe[1540] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 00FC000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3576] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 01AE000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3576] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 01AF000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3576] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 00DB000C
    .text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!CallNextHookEx 77D4ED6E 5 Bytes JMP 010EDD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 010F4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 01019315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 0120DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 0120E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 0120DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 010EDBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 01051CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 0120DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 0120DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 0120E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 0120DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3576] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 010F488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3616] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 01D5000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3616] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 01D6000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[3616] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 01D4000C
    .text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 010F4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 01019315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 0120DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 0120E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 0120DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 0120DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 0120DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 0120E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 0120DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 82CA0AEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 82CA0AEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 82CA0AEA
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-3 82CA0AEA
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    Device \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskWDC_WD2500JS-00NCB1_____________________10.02E02#5&3641df5e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    ---- Services - GMER 1.0.15 ----
    Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] hdagiz <-- ROOTKIT !!!
    Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] jokvf <-- ROOTKIT !!!
    Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] kgjzq <-- ROOTKIT !!!
    Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] zfjmpwzg <-- ROOTKIT !!!
    Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] zopdu <-- ROOTKIT !!!
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] Universal Microsoft
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 32
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 2
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
    Reg HKLM\SYSTEM\ControlSet001\Services\hdagiz\Parameters (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\hdagiz\[email protected] C:\WINDOWS\system32\ouamcma.dll
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] Windows Server
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 32
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 2
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] This service filters e-mail messages on your computer
    Reg HKLM\SYSTEM\ControlSet001\Services\jokvf\Parameters (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\jokvf\[email protected] C:\WINDOWS\system32\ouamcma.dll
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] Microsoft Monitor
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 32
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 2
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    Reg HKLM\SYSTEM\ControlSet001\Services\kgjzq\Parameters (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\kgjzq\[email protected] C:\WINDOWS\system32\ouamcma.dll
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] Center Image
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 32
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 2
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    Reg HKLM\SYSTEM\ControlSet001\Services\zfjmpwzg\Parameters (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\zfjmpwzg\[email protected] C:\WINDOWS\system32\ouamcma.dll
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] Manager Shell
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 32
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 2
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] Provides automatic configuration for the 802.11 adapters
    Reg HKLM\SYSTEM\ControlSet001\Services\zopdu\Parameters (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\zopdu\[email protected] C:\WINDOWS\system32\ouamcma.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Universal Microsoft
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 32
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
    Reg HKLM\SYSTEM\CurrentControlSet\Services\hdagiz\Parameters
    Reg HKLM\SYSTEM\CurrentControlSet\Services\hdagiz\[email protected] C:\WINDOWS\system32\ouamcma.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Windows Server
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 32
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] This service filters e-mail messages on your computer
    Reg HKLM\SYSTEM\CurrentControlSet\Services\jokvf\Parameters
    Reg HKLM\SYSTEM\CurrentControlSet\Services\jokvf\[email protected] C:\WINDOWS\system32\ouamcma.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Microsoft Monitor
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 32
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    Reg HKLM\SYSTEM\CurrentControlSet\Services\kgjzq\Parameters
    Reg HKLM\SYSTEM\CurrentControlSet\Services\kgjzq\[email protected] C:\WINDOWS\system32\ouamcma.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Center Image
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 32
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    Reg HKLM\SYSTEM\CurrentControlSet\Services\zfjmpwzg\Parameters
    Reg HKLM\SYSTEM\CurrentControlSet\Services\zfjmpwzg\[email protected] C:\WINDOWS\system32\ouamcma.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Manager Shell
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 32
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Provides automatic configuration for the 802.11 adapters
    Reg HKLM\SYSTEM\CurrentControlSet\Services\zopdu\Parameters
    Reg HKLM\SYSTEM\CurrentControlSet\Services\zopdu\[email protected] C:\WINDOWS\system32\ouamcma.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] Universal Microsoft
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 32
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 2
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
    Reg HKLM\SYSTEM\ControlSet003\Services\hdagiz\Parameters (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\hdagiz\[email protected] C:\WINDOWS\system32\ouamcma.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] Windows Server
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 32
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 2
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] This service filters e-mail messages on your computer
    Reg HKLM\SYSTEM\ControlSet003\Services\jokvf\Parameters (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\jokvf\[email protected] C:\WINDOWS\system32\ouamcma.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] Microsoft Monitor
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 32
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 2
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
    Reg HKLM\SYSTEM\ControlSet003\Services\kgjzq\Parameters (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\kgjzq\[email protected] C:\WINDOWS\system32\ouamcma.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] Center Image
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 32
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 2
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
    Reg HKLM\SYSTEM\ControlSet003\Services\zfjmpwzg\Parameters (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\zfjmpwzg\[email protected] C:\WINDOWS\system32\ouamcma.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] Manager Shell
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 32
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 2
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] LocalSystem
    Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] Provides automatic configuration for the 802.11 adapters
    Reg HKLM\SYSTEM\ControlSet003\Services\zopdu\Parameters (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\zopdu\[email protected] C:\WINDOWS\system32\ouamcma.dll
    ---- Disk sectors - GMER 1.0.15 ----
    Disk \Device\Harddisk0\DR0 sectors 488396912 (+254): rootkit-like behavior;
    ---- Files - GMER 1.0.15 ----
    File C:\WINDOWS\system32\drivers\pci.sys suspicious modification; TDL3 <-- ROOTKIT !!!
    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - keeps redirecting possible
  1. wiz3
    Replies:
    0
    Views:
    506
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/973827

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice