1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

IE opening at random times to random pages

Discussion in 'Virus & Other Malware Removal' started by sralbright, Apr 19, 2011.

Thread Status:
Not open for further replies.
  1. sralbright

    sralbright Thread Starter

    Joined:
    Apr 18, 2011
    Messages:
    1
    IE opens at random to random pages, most of them dealing with bettering my life, and going on a mission. If I open the IE page, the popup never occurs, it is only when IE is not active.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:03:47 PM, on 4/18/2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Albright\Local Settings\Temporary Internet Files\Content.IE5\1TRMIOVJ\HijackThis[1].exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTNavAssist.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1302484676123
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    --
    End of file - 6016 bytes



    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Albright at 21:06:03.00 on Mon 04/18/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1457 [GMT -7:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Albright\Local Settings\Temporary Internet Files\Content.IE5\1TRMIOVJ\dds[1].com
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page =
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    uSearchAssistant =
    uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn\YTNavAssist.dll
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ga311s~1.lnk - c:\program files\netgear ga311 adapter\GA311.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1302484676123
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-4-10 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-10 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-10 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-10 61960]
    R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [2003-9-17 8440]
    R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2003-8-15 11237]
    .
    =============== Created Last 30 ================
    .
    2011-04-19 04:03:17 -------- d-----w- c:\windows\system32\appmgmt
    2011-04-19 03:59:05 -------- d-----w- c:\docume~1\albright\locals~1\applic~1\Yahoo
    2011-04-19 03:36:40 -------- d-----w- c:\docume~1\albright\applic~1\Malwarebytes
    2011-04-19 03:36:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-04-19 02:48:35 -------- d-----w- c:\docume~1\albright\locals~1\applic~1\Sunbelt Software
    2011-04-19 02:48:34 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-04-19 02:33:02 25840 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
    2011-04-19 02:33:02 24816 ----a-w- c:\windows\system32\mdimon.dll
    2011-04-19 02:31:22 -------- d-----w- c:\program files\Microsoft ActiveSync
    2011-04-19 02:28:29 -------- d-----w- c:\windows\SHELLNEW
    2011-04-15 00:08:58 -------- d-----w- c:\program files\DVD Shrink
    2011-04-15 00:08:21 -------- d-----w- c:\docume~1\albright\applic~1\Avira
    2011-04-14 23:54:37 -------- d-----w- c:\windows\system32\NtmsData
    2011-04-12 23:41:00 -------- d-----w- c:\docume~1\albright\locals~1\applic~1\Temp
    2011-04-12 23:38:03 -------- d-----w- c:\docume~1\albright\locals~1\applic~1\Adobe
    2011-04-12 23:04:28 -------- dc-h--w- c:\windows\ie8
    2011-04-12 23:04:17 -------- d--h--w- c:\windows\msdownld.tmp
    2011-04-12 16:08:06 -------- d-sh--w- c:\documents and settings\albright\IECompatCache
    2011-04-11 04:40:26 -------- d-----w- c:\windows\system32\PreInstall
    2011-04-11 04:16:49 -------- d-----w- c:\docume~1\albright\applic~1\FrostWire
    2011-04-11 04:15:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-04-11 04:15:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-04-11 04:07:06 -------- d-----w- C:\dell
    2011-04-11 03:49:41 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys
    2011-04-11 03:49:41 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
    2011-04-11 03:40:27 6400 -c--a-w- c:\windows\system32\dllcache\splitter.sys
    2011-04-11 03:40:27 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
    2011-04-11 03:40:13 -------- d-----w- c:\windows\system32\Lang
    2011-04-11 03:38:40 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
    2011-04-11 03:38:39 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
    2011-04-11 03:38:38 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
    2011-04-11 03:38:27 49152 ----a-r- c:\windows\system32\ChCfg.exe
    2011-04-11 03:38:07 -------- d-----w- c:\windows\system32\RTCOM
    2011-04-11 03:38:05 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
    2011-04-11 03:38:05 4096 ----a-w- c:\windows\system32\ksuser.dll
    2011-04-11 03:38:05 130048 ----a-w- c:\windows\system32\ksproxy.ax
    2011-04-11 03:33:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
    2011-04-11 03:32:32 -------- d-----w- c:\program files\NVIDIA Corporation
    2011-04-11 03:32:16 -------- d-----w- C:\NVIDIA
    2011-04-11 03:30:25 81408 ----a-r- c:\windows\system32\drivers\Rtnicxp.sys
    2011-04-11 03:30:10 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
    2011-04-11 03:30:09 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
    2011-04-11 03:30:09 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
    2011-04-11 03:30:09 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
    2011-04-11 03:30:09 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
    2011-04-11 03:30:09 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
    2011-04-11 03:30:09 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
    2011-04-11 03:30:09 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
    2011-04-11 03:28:50 9216 ----a-r- c:\windows\system32\agrsmsvc.exe
    2011-04-11 03:28:36 -------- d-----w- c:\windows\Options
    2011-04-11 03:09:59 -------- d-----w- c:\program files\Realtek
    2011-04-11 02:42:50 -------- d-sh--w- c:\documents and settings\albright\PrivacIE
    2011-04-11 02:36:10 -------- d-sh--w- c:\documents and settings\albright\IETldCache
    2011-04-11 02:30:08 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-04-11 02:30:08 -------- d-----w- c:\program files\Avira
    2011-04-11 02:30:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2011-04-11 02:28:22 -------- d-----w- c:\windows\ie8updates
    2011-04-11 02:28:21 -------- d--h--w- c:\windows\$hf_mig$
    2011-04-11 02:25:37 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2011-04-11 02:25:37 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2011-04-11 02:25:37 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2011-04-11 02:25:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2011-04-11 02:25:36 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2011-04-11 02:25:36 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2011-04-11 02:25:34 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2011-04-11 02:22:20 -------- d-----w- c:\windows\system32\wbem\AutoRecover
    2011-04-11 02:22:03 -------- d-s---w- c:\windows\system32\Microsoft
    2011-04-11 02:17:53 -------- d-----w- c:\program files\LSI SoftModem
    2011-04-11 02:06:24 2897920 ------w- c:\windows\system32\xpsp2res.dll
    2011-04-11 02:05:43 19528 ----a-w- c:\windows\002352_.tmp
    2011-04-11 02:05:43 -------- d-----w- c:\windows\system32\ReinstallBackups
    2011-04-11 02:05:36 26144 ----a-w- c:\windows\system32\spupdsvc.exe
    2011-04-11 02:04:34 -------- d-----w- c:\windows\EHome
    2011-04-11 01:52:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
    2011-04-11 01:50:15 -------- d-----w- c:\windows\system32\CatRoot_bak
    2011-04-11 01:35:17 -------- dc-h--w- c:\windows\$MSI30UninstallMSI30-KB884016$
    2011-04-11 01:20:15 -------- d-----w- c:\program files\Yahoo!
    2011-04-11 01:19:36 -------- d-----w- c:\windows\system32\bits
    2011-04-11 01:19:22 8192 ------w- c:\windows\system32\bitsprx2.dll
    2011-04-11 01:19:22 7168 ------w- c:\windows\system32\bitsprx3.dll
    2011-04-11 01:19:22 438784 ------w- c:\windows\system32\xpob2res.dll
    2011-04-11 01:19:22 351232 ----a-w- c:\windows\system32\winhttp.dll
    2011-04-11 01:19:22 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
    2011-04-11 01:18:18 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
    2011-04-11 01:18:17 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
    2011-04-11 01:18:17 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2011-04-11 01:18:17 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2011-04-11 01:18:17 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
    2011-04-11 01:10:56 192000 ----a-w- c:\windows\system32\iuengine.dll
    2011-04-11 01:06:56 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
    2011-04-11 01:05:24 73728 -c--a-w- c:\windows\system32\dllcache\icwtutor.exe
    2011-04-11 01:05:24 73728 ----a-w- c:\program files\internet explorer\connection wizard\icwtutor.exe
    2011-04-11 01:05:24 61440 -c--a-w- c:\windows\system32\dllcache\icwres.dll
    2011-04-11 01:05:24 61440 ----a-w- c:\program files\internet explorer\connection wizard\icwres.dll
    2011-04-11 01:05:24 61440 ----a-w- c:\program files\internet explorer\connection wizard\icwconn.dll
    2011-04-11 01:05:24 49152 ----a-w- c:\program files\internet explorer\connection wizard\icwutil.dll
    2011-04-11 01:05:24 40960 -c--a-w- c:\windows\system32\dllcache\trialoc.dll
    2011-04-11 01:05:24 40960 ----a-w- c:\program files\internet explorer\connection wizard\trialoc.dll
    2011-04-11 01:05:24 24576 ----a-w- c:\program files\internet explorer\connection wizard\icwrmind.exe
    2011-04-11 01:05:24 172032 ----a-w- c:\program files\internet explorer\connection wizard\icwhelp.dll
    2011-04-11 01:03:21 20992 ----a-w- c:\windows\system32\drivers\rtl8139.sys
    2011-04-11 01:03:09 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-04-11 01:01:41 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
    2011-04-11 01:01:41 13312 ----a-w- c:\windows\system32\irclass.dll
    2011-04-11 01:01:40 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
    2011-04-11 01:01:40 24661 ----a-w- c:\windows\system32\spxcoins.dll
    2011-04-11 01:01:32 13608 ----a-r- c:\windows\SET21.tmp
    2011-04-11 01:01:30 1085913 ----a-r- c:\windows\SET15.tmp
    2011-04-11 00:33:00 -------- d-----w- c:\program files\NETGEAR GA311 Adapter
    2011-04-11 00:32:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\{B7A015B7-4802-4678-8CEC-700380BA9AFD}
    2011-04-11 00:27:09 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-04-11 00:27:09 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-04-11 00:10:14 -------- d-sh--w- c:\documents and settings\albright\UserData
    2011-04-11 00:09:29 -------- d-----w- C:\WUTemp
    .
    ==================== Find3M ====================
    .
    2011-04-11 03:37:35 315392 ----a-w- c:\windows\HideWin.exe
    .
    ============= FINISH: 21:06:42.93 ===============



    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit scan 2011-04-18 21:20:13
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 Hitachi_HDS721616PLA380 rev.P22OABEA
    Running: n4krikyx[1].exe; Driver: C:\DOCUME~1\Albright\LOCALS~1\Temp\afroqfow.sys

    ---- System - GMER 1.0.15 ----
    SSDT B8754356 ZwCreateKey
    SSDT B875434C ZwCreateThread
    SSDT B875435B ZwDeleteKey
    SSDT B8754365 ZwDeleteValueKey
    SSDT B875436A ZwLoadKey
    SSDT B8754338 ZwOpenProcess
    SSDT B875433D ZwOpenThread
    SSDT B8754374 ZwReplaceKey
    SSDT B875436F ZwRestoreKey
    SSDT B8754360 ZwSetValueKey
    ---- Kernel code sections - GMER 1.0.15 ----
    ? noia.sys The system cannot find the file specified. !
    .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB74373A0, 0x5FE082, 0xE8000020]
    ? C:\DOCUME~1\Albright\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
    ---- User code sections - GMER 1.0.15 ----
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2652] USER32.dll!CallNextHookEx 77D4ED6E 5 Bytes JMP 0121DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2652] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 01224832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2652] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 01149315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2652] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 0133DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2652] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 0133E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2652] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 0133DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2652] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 0121DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2652] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 01181CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2652] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 0133DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2652] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 0133DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2652] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 0133E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2652] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 0133DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2652] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 0122488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3092] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 01224832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3092] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 01149315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3092] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 0133DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3092] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 0133E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3092] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 0133DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3092] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 0133DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3092] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 0133DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3092] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 0133E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3092] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 0133DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3524] USER32.dll!CallNextHookEx 77D4ED6E 5 Bytes JMP 0121DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3524] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 01224832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3524] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 01149315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3524] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 0133DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3524] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 0133E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3524] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 0133DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3524] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 0121DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3524] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 01181CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3524] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 0133DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3524] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 0133DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3524] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 0133E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3524] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 0133DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3524] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 0122488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3572] USER32.dll!CallNextHookEx 77D4ED6E 5 Bytes JMP 0121DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3572] USER32.dll!CreateWindowExW 77D51AD5 5 Bytes JMP 01224832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3572] USER32.dll!DialogBoxParamW 77D56702 5 Bytes JMP 01149315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3572] USER32.dll!DialogBoxParamA 77D588E1 5 Bytes JMP 0133DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3572] USER32.dll!DialogBoxIndirectParamW 77D62598 5 Bytes JMP 0133E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3572] USER32.dll!MessageBoxIndirectA 77D6AEF1 5 Bytes JMP 0133DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3572] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 0121DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3572] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 01181CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3572] USER32.dll!MessageBoxExW 77D80559 5 Bytes JMP 0133DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3572] USER32.dll!MessageBoxExA 77D8057D 5 Bytes JMP 0133DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3572] USER32.dll!DialogBoxIndirectParamA 77D86CED 5 Bytes JMP 0133E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3572] USER32.dll!MessageBoxIndirectW 77D960B7 5 Bytes JMP 0133DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3572] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 0122488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    ---- User IAT/EAT - GMER 1.0.15 ----
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2652] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00C618FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3524] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00C618FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[3572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00C618FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/992230

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice