IE keeps redirecting me possible virus??

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

angelsmigelle

Thread Starter
Joined
Jan 9, 2011
Messages
33
i need help IE keeps redirecting me to advertisements and so on. would be muchly appreciated. please. thanks


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:45:25, on 09/01/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.infinityuk.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [TQ566808] "D:\Setup.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.infinityuk.net/
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Terminal Services TermServicestisvc (TermServicestisvc) - Unknown owner - C:\WINDOWS\system32\amstreamc.exe (file missing)
O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 8521 bytes

---------------------------------------------------------------------------------------------


DDS (Ver_10-12-12.01) - NTFSx86
Run by Owner at 21:52:40.54 on 09/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.510.139 [GMT 0:00]

============== Running Processes ===============
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temp\15.tmp\MBR.DAT
C:\Documents and Settings\Owner\Desktop\dds2.pif
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.infinityuk.net/
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
mURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
mRun: [TQ566808] "D:\Setup.exe"
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\5a1boyx9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={D50B77B7-D8D2-554D-078B-18CE8411669B}&q=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\[email protected]\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: My Web Tattoo (Fast Browser Search): {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\5a1boyx9.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
FF - Extension: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Extension: AVG Security Toolbar em:version=6.010.023.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: [email protected] - c:\program files\avg\avg10\toolbar\firefox\[email protected]
FF - Extension: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\linksys wireless-g usb wireless network monitor\WLService.exe [2009-5-23 41025]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-6 135664]
S2 hdagiz;Universal Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
S2 jokvf;Windows Server;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
S2 kgjzq;Microsoft Monitor;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
S2 TermServicestisvc;Terminal Services TermServicestisvc;c:\windows\system32\amstreamc.exe srv --> c:\windows\system32\amstreamc.exe srv [?]
S2 zfjmpwzg;Center Image;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
S2 zopdu;Manager Shell;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-13 517448]
S3 FXDrv32;FXDrv32;\??\h:\fxdrv32.sys --> h:\FXDrv32.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-23 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-23 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-23 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-23 40552]
S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [2009-5-23 618112]
=============== Created Last 30 ================
2011-01-09 10:25:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2011-01-09 10:25:39 -------- d-----w- c:\program files\McAfee Security Scan
2011-01-01 15:20:50 221184 ----a-w- c:\windows\system32\wmpns.dll
==================== Find3M ====================
2011-01-09 20:17:50 20456 ----a-w- c:\windows\system32\jfhf.drv
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500JS-00NCB1 rev.10.02E02 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82CA0EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x81f90872; SUB DWORD [EBP-0x4], 0x81f9012e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\Harddisk0\DR0[0x82D7EAB8]
3 CLASSPNP[0xF852805B] -> ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\0000006f[0x82D099E8]
5 ACPI[0xF83BE620] -> ntkrnlpa!IofCallDriver[0x804EEEB8] -> [0x82D81D98]
[0x82D89200] -> IRP_MJ_CREATE -> 0x82CA0EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskWDC_WD2500JS-00NCB1_____________________10.02E02#5&3641df5e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x82CA0AEA
user & kernel MBR OK
sectors 488397166 (+255): user != kernel
Warning: possible TDL3 rootkit infection !
============= FINISH: 21:54:00.78 ===============

--------------------------------------------------------------------------------------------------

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-09 22:04:28
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort1 WDC_WD2500JS-00NCB1 rev.10.02E02
Running: y7l3fmo1.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pwaorfod.sys

---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xBAF926C0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xBAF92770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xBAF92810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xBAF928B0]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2F39 80503B39 7 Bytes [27, F9, BA, 10, 28, F9, BA] {DAA ; STC ; MOV EDX, 0xbaf92810}
.rsrc C:\WINDOWS\system32\drivers\pci.sys entry point in ".rsrc" section [0xF83B5994]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF7AF5360, 0x3441C7, 0xE8000020]
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[732] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[732] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00C3000A
.text C:\WINDOWS\Explorer.EXE[732] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 00C1000C
.text C:\WINDOWS\System32\svchost.exe[1540] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 00B2000A
.text C:\WINDOWS\System32\svchost.exe[1540] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00B3000A
.text C:\WINDOWS\System32\svchost.exe[1540] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 00B1000C
.text C:\WINDOWS\System32\svchost.exe[1540] USER32.dll!GetCursorPos 77D4C566 5 Bytes JMP 00DC000A
.text C:\WINDOWS\System32\svchost.exe[1540] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 00FC000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3576] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 01AE000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3576] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 01AF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3576] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 00DB000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!CallNextHookEx 77D4ED6E 5 Bytes JMP 010EDD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 010F4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 01019315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 0120DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 0120E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 0120DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 010EDBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 01051CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 0120DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 0120DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 0120E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3576] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 0120DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3576] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 010F488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3616] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 01D5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3616] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 01D6000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3616] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 01D4000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 010F4832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 01019315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 0120DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 0120E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 0120DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 0120DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 0120DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 0120E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3616] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 0120DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 82CA0AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 82CA0AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 82CA0AEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-3 82CA0AEA
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskWDC_WD2500JS-00NCB1_____________________10.02E02#5&3641df5e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] hdagiz <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] jokvf <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] kgjzq <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] zfjmpwzg <-- ROOTKIT !!!
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] zopdu <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] Universal Microsoft
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 32
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 0
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] LocalSystem
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Reg HKLM\SYSTEM\ControlSet001\Services\hdagiz\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\hdagiz\[email protected] C:\WINDOWS\system32\ouamcma.dll
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] Windows Server
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 32
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 0
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] LocalSystem
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] This service filters e-mail messages on your computer
Reg HKLM\SYSTEM\ControlSet001\Services\jokvf\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\jokvf\[email protected] C:\WINDOWS\system32\ouamcma.dll
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] Microsoft Monitor
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 32
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 0
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] LocalSystem
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet001\Services\kgjzq\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kgjzq\[email protected] C:\WINDOWS\system32\ouamcma.dll
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] Center Image
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 32
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 0
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] LocalSystem
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet001\Services\zfjmpwzg\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\zfjmpwzg\[email protected] C:\WINDOWS\system32\ouamcma.dll
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] Manager Shell
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 32
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 0
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] LocalSystem
Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] Provides automatic configuration for the 802.11 adapters
Reg HKLM\SYSTEM\ControlSet001\Services\zopdu\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\zopdu\[email protected] C:\WINDOWS\system32\ouamcma.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Universal Microsoft
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Reg HKLM\SYSTEM\CurrentControlSet\Services\hdagiz\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\hdagiz\[email protected] C:\WINDOWS\system32\ouamcma.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Windows Server
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] This service filters e-mail messages on your computer
Reg HKLM\SYSTEM\CurrentControlSet\Services\jokvf\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\jokvf\[email protected] C:\WINDOWS\system32\ouamcma.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Microsoft Monitor
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\CurrentControlSet\Services\kgjzq\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\kgjzq\[email protected] C:\WINDOWS\system32\ouamcma.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Center Image
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\CurrentControlSet\Services\zfjmpwzg\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\zfjmpwzg\[email protected] C:\WINDOWS\system32\ouamcma.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Manager Shell
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] Provides automatic configuration for the 802.11 adapters
Reg HKLM\SYSTEM\CurrentControlSet\Services\zopdu\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\zopdu\[email protected] C:\WINDOWS\system32\ouamcma.dll
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] Universal Microsoft
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 32
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
Reg HKLM\SYSTEM\ControlSet003\Services\hdagiz\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hdagiz\[email protected] C:\WINDOWS\system32\ouamcma.dll
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] Windows Server
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 32
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] This service filters e-mail messages on your computer
Reg HKLM\SYSTEM\ControlSet003\Services\jokvf\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\jokvf\[email protected] C:\WINDOWS\system32\ouamcma.dll
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] Microsoft Monitor
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 32
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet003\Services\kgjzq\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kgjzq\[email protected] C:\WINDOWS\system32\ouamcma.dll
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] Center Image
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 32
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg HKLM\SYSTEM\ControlSet003\Services\zfjmpwzg\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\zfjmpwzg\[email protected] C:\WINDOWS\system32\ouamcma.dll
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] Manager Shell
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 32
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] Provides automatic configuration for the 802.11 adapters
Reg HKLM\SYSTEM\ControlSet003\Services\zopdu\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\zopdu\[email protected] C:\WINDOWS\system32\ouamcma.dll
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sectors 488396912 (+254): rootkit-like behavior;
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\pci.sys suspicious modification; TDL3 <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top