Virus causing browser redirect and error 723 (12007, 0)

[serpntene]

Okay, if I have read the directions correctly I am supposed to post these logs in the thread. If not, please forgive me as I am half asleep now.

Following the directions found here I ran DeFogger but after clicking okay was NOT prompted to reboot the machine. Page says skip any steps that cannot be completed, so I moved along.

Mbam most recent log file-

Malwarebytes' Anti-Malware 1.44

Database version: 3622

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/29/2010 7:57:10 PM

mbam-log-2010-01-29 (19-57-10).txt

Scan type: Quick Scan

Objects scanned: 145617

Time elapsed: 7 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS

DDS (Ver_09-12-01.01) - NTFSx86

Run by Rebecca Cooper at 21:59:28.93 on Fri 01/29/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.189 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Rebecca Cooper\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

{d3f669eb-57ce-4f45-8fbd-e245cbb46366}

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [F5JMWNZTHI] c:\docume~1\rebecc~1\locals~1\temp\Njg.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Tnadecaguh] rundll32.exe "c:\windows\ureconisixe.dll",Startup

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

dRun: [asg984jgkfmgasi8ug98jgkfgfb] c:\windows\temp\drweb.exe

mPolicies-system: EnableLUA = 0 (0x0)

dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)

dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

dPolicies-explorer: NoFolderOptions = 1 (0x1)

dPolicies-system: DisableTaskMgr = 1 (0x1)

dPolicies-system: DisableRegistryTools = 1 (0x1)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://games.bigfishgames.com/en_dairy-dash-game/online/DairyDashWeb.1.0.0.15.cab

DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} - hxxp://games.bigfishgames.com/en_cooking-dash/online/CookingDashWeb.1.0.0.9.cab

DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} - hxxp://www.arcadetown.com/swf/tastyplanet.1.0.0.4.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8ADC4409-4FBF-4224-B73F-2392C721BCB4} - hxxp://games.bigfishgames.com/en_butterflyescape/online/GenimoWebGamesControl.cab

DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://games.bigfishgames.com/en_burger-shop/online/GoBitGamesPlayer_v4.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} - hxxp://zone.msn.com/bingame/wedd/default/WeddingDash.1.0.0.50.cab

TCP: NameServer = 93.188.162.14,93.188.166.53

TCP: {3AB791B3-C287-41A3-97A2-9590EC30B539} = 93.188.162.14,93.188.166.53

AppInit_DLLs: c:\windows\system32\kbdsock.dll c:\windows\system32\zomejuhe.dll,tuvikize.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: sumonapuj - {fd133537-5e84-4609-b87c-f7eb084b7b27} - c:\windows\system32\zomejuhe.dll

STS: kupuhivus: {fd133537-5e84-4609-b87c-f7eb084b7b27} - c:\windows\system32\zomejuhe.dll

LSA: Notification Packages = scecli tuneyevi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rebecc~1\applic~1\mozilla\firefox\profiles\im81q534.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: XULRunner: {CE436162-C178-4635-BFA4-F00E8FBFEF6C} - c:\documents and settings\rebecca cooper\local settings\application data\{CE436162-C178-4635-BFA4-F00E8FBFEF6C}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-4 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-4 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-4 185089]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-30 56816]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S0 tkqti;tkqti; [x]

S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

S3 UCharger;Energizer Usb Charger Driver;c:\windows\system32\drivers\UCharger.sys [2007-5-15 13765]

=============== Created Last 30 ================

2010-01-30 02:53:38 0 ----a-w- c:\documents and settings\rebecca cooper\defogger_reenable

2010-01-29 23:26:47 0 ----a-w- c:\windows\Jcufivolupufax.bin

2010-01-29 23:26:46 120 ----a-w- c:\windows\Tlasac.dat

2010-01-21 23:05:19 0 d-----w- c:\program files\Avenue Flo

2010-01-12 19:15:26 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

2010-01-12 03:33:29 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Hot Lava Games

2010-01-11 13:43:43 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Genimo

2010-01-05 20:07:53 1148 -c----w- c:\windows\system32\dllcache\snd.htm

2010-01-05 20:06:54 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll

2010-01-05 20:06:54 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll

2010-01-05 20:06:20 294912 -c----w- c:\windows\system32\dllcache\msaud32.acm

2010-01-05 20:06:15 97117 -c----w- c:\windows\system32\dllcache\mplayer2.hlp

2010-01-05 20:06:15 2778 -c----w- c:\windows\system32\dllcache\mplogoh.gif

2010-01-05 20:06:15 2545 -c----w- c:\windows\system32\dllcache\mplogo.gif

2010-01-05 20:06:15 1885 -c----w- c:\windows\system32\dllcache\mplayer2.cnt

2010-01-05 20:06:15 18286 -c----w- c:\windows\system32\dllcache\mplayer2.inf

2010-01-05 20:05:58 457607 -c----w- c:\windows\system32\dllcache\mdlib.wmv

2010-01-05 20:05:34 290816 -c----w- c:\windows\system32\dllcache\l3codeca.acm

2010-01-05 20:05:05 81920 ------w- c:\windows\system32\ieencode.dll

2010-01-05 20:04:31 5971 -c----w- c:\windows\system32\dllcache\events.js

2010-01-05 20:04:14 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe

2010-01-05 20:04:02 9585 -c----w- c:\windows\system32\dllcache\controls.css

2010-01-05 20:04:02 8298 -c----w- c:\windows\system32\dllcache\contents.htm

2010-01-05 20:04:02 6878 -c----w- c:\windows\system32\dllcache\controls.js

2010-01-05 20:04:02 381425 -c----w- c:\windows\system32\dllcache\copycd.wmv

2010-01-05 20:03:59 184959 -c----w- c:\windows\system32\dllcache\compact.wmz

2010-01-05 20:03:57 773 -c----w- c:\windows\system32\dllcache\cnth.gif

2010-01-05 20:03:57 773 -c----w- c:\windows\system32\dllcache\cnt.gif

2010-01-05 20:03:57 772 -c----w- c:\windows\system32\dllcache\cntd.gif

2010-01-05 20:03:56 760 -c----w- c:\windows\system32\dllcache\cloapph.gif

2010-01-05 20:03:56 717 -c----w- c:\windows\system32\dllcache\cloapp.gif

2010-01-05 20:03:43 999 -c----w- c:\windows\system32\dllcache\bktrh.gif

2010-01-04 17:38:54 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Avira

2010-01-03 04:25:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-01-03 04:25:18 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-01-03 03:38:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2010-01-03 03:34:57 284160 -c----w- c:\windows\system32\dllcache\pdh.dll

2010-01-03 03:34:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll

2010-01-03 03:34:55 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll

2010-01-03 03:34:55 110592 -c----w- c:\windows\system32\dllcache\services.exe

2010-01-03 03:34:54 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe

2010-01-03 03:34:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll

2010-01-03 03:34:52 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll

2010-01-03 03:34:51 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll

2010-01-03 03:34:50 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll

2010-01-03 03:33:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-01-03 03:33:07 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-01-03 03:33:06 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-01-03 03:33:06 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-01-03 03:32:56 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-01-03 03:32:31 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-01-03 03:30:47 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-01-03 03:28:22 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys

2010-01-03 03:28:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2010-01-03 03:28:19 333952 -c----w- c:\windows\system32\dllcache\srv.sys

2010-01-03 03:28:15 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2010-01-03 03:28:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll

2010-01-03 03:27:38 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2010-01-03 03:27:37 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2010-01-03 03:27:36 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2010-01-03 03:27:21 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll

2010-01-02 03:46:59 101376 -c--a-w- c:\windows\system32\dllcache\srusbusd.dll

2010-01-02 03:45:59 9216 -c--a-w- c:\windows\system32\dllcache\kbdnecat.dll

2010-01-02 03:44:59 82172 -c--a-w- c:\windows\system32\dllcache\bopomofo.nls

2010-01-02 03:44:59 66728 -c--a-w- c:\windows\system32\dllcache\big5.nls

2010-01-02 03:44:55 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll

2010-01-02 03:44:52 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll

2010-01-02 03:43:05 488 ---ha-r- c:\windows\system32\logonui.exe.manifest

2010-01-02 03:42:58 749 ---ha-r- c:\windows\WindowsShell.Manifest

2010-01-02 03:42:58 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest

2010-01-02 03:42:58 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest

2010-01-02 03:42:58 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest

2010-01-02 03:34:50 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys

2010-01-02 03:31:04 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll

2010-01-02 03:31:04 24661 ----a-w- c:\windows\system32\spxcoins.dll

2010-01-02 03:31:04 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll

2010-01-02 03:31:04 13312 ----a-w- c:\windows\system32\irclass.dll

2010-01-02 03:30:51 8574 -c--a-w- c:\windows\system32\dllcache\IASNT4.CAT

2010-01-02 03:30:51 7382 -c--a-w- c:\windows\system32\dllcache\OEMBIOS.CAT

2010-01-02 03:30:50 797189 -c--a-w- c:\windows\system32\dllcache\NT5IIS.CAT

2010-01-02 03:30:50 399645 -c--a-w- c:\windows\system32\dllcache\MAPIMIG.CAT

2010-01-02 03:30:50 37484 -c--a-w- c:\windows\system32\dllcache\MW770.CAT

2010-01-02 03:30:50 13472 -c--a-w- c:\windows\system32\dllcache\HPCRDP.CAT

2010-01-01 21:55:34 401096704 ----a-w- c:\windows\MEMORY.DMP

==================== Find3M ====================

2010-01-02 03:42:09 22720 ----a-w- c:\windows\system32\emptyregdb.dat

2009-12-30 06:36:54 992 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll

2009-12-08 11:00:43 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2007-06-01 09:37:40 774144 ----a-w- c:\program files\RngInterstitial.dll

============= FINISH: 22:00:11.48 ===============

ARK and Attach are zipped and attached to this post. If archived them right. If I didn't, I can always attach them separately.

Attach.zip

[serpntene]

Hi all. I thought I would also mention that the main .exe on this was labeled njg.exe. Can find only one known association which is with mhp.exe.

[JSntgRvr]

Sorry but you have been helped here:

http://www.geekstogo.com/forum/webpage-red...ml#entry1751632