Jump to content

IP Browser Redirect Infection


Recommended Posts

Hello,

Thanks in advance for your help, I really appreciate it. I have run Malwarebyte's and numerous other scans and have not been able to get rid of this problem. Whenever I am browsing the internet, the website will change to spam related site. The Malwarebyte scanner protects most of the unauthorized redirects but sometimes the redirects still happen.

Here is my Malwarebyte log:

00:01:03 Administrator IP-BLOCK 62.45.251.14 (Type: outgoing)

00:01:22 Administrator IP-BLOCK 98.142.248.252 (Type: outgoing)

00:02:36 Administrator IP-BLOCK 188.72.213.80 (Type: outgoing)

00:10:13 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

00:10:16 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

00:10:22 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

00:10:40 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

00:10:43 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

00:10:49 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

00:11:01 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

00:11:04 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

00:11:10 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

00:11:23 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

00:11:26 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

00:11:32 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

00:15:58 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:16:01 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:16:07 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:16:23 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:16:26 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:16:32 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:16:44 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:16:47 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:16:53 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:17:05 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:17:08 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:17:14 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:21:19 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:21:22 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:21:28 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:21:46 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:21:49 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:21:55 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:22:07 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:22:10 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:22:16 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:22:31 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:22:34 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:22:40 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:27:45 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:27:48 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:27:54 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:28:11 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:28:14 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:28:20 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:28:33 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:28:36 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:28:42 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:28:55 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:28:58 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:29:04 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:33:17 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:33:20 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:33:26 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:33:46 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:33:49 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:33:55 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:34:08 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:34:11 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:34:17 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:34:29 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:34:32 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:34:38 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:40:46 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:40:49 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:40:55 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:40:58 Administrator IP-BLOCK 67.29.139.153 (Type: outgoing)

00:41:01 Administrator IP-BLOCK 67.29.139.153 (Type: outgoing)

00:41:12 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:41:14 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:41:21 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:41:32 Administrator IP-BLOCK 67.29.139.153 (Type: outgoing)

00:41:35 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:41:36 Administrator IP-BLOCK 67.29.139.153 (Type: outgoing)

00:41:38 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:41:44 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:41:45 Administrator IP-BLOCK 67.29.139.153 (Type: outgoing)

00:41:56 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:41:59 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:42:05 Administrator IP-BLOCK 95.168.173.225 (Type: outgoing)

00:42:36 Administrator IP-BLOCK 208.73.210.125 (Type: outgoing)

00:42:39 Administrator IP-BLOCK 208.73.210.125 (Type: outgoing)

00:43:33 Administrator IP-BLOCK 67.29.139.153 (Type: outgoing)

00:43:36 Administrator IP-BLOCK 67.29.139.153 (Type: outgoing)

00:43:42 Administrator IP-BLOCK 67.29.139.153 (Type: outgoing)

00:45:00 Administrator IP-BLOCK 67.29.139.153 (Type: outgoing)

00:45:03 Administrator IP-BLOCK 67.29.139.153 (Type: outgoing)

00:45:09 Administrator IP-BLOCK 67.29.139.153 (Type: outgoing)

00:46:58 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

00:47:01 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

00:47:07 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

00:47:25 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

00:47:28 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

00:47:34 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

00:47:47 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

00:47:50 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

00:47:56 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

00:48:11 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

00:48:14 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

00:48:20 Administrator IP-BLOCK 95.168.173.224 (Type: outgoing)

DDS:

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Run by Administrator at 1:10:47 on 2011-08-01

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.343 [GMT -5:00]

.

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Panasonic\HotKey Appendix\HKEYAPP.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Panasonic\CHGBMODE\ChgBmode.exe

C:\Program Files\Panasonic\OPDOFF\opdoff.exe

C:\Program Files\Panasonic\TouchPad\Touchpad.exe

C:\Program Files\Panasonic\WLANSW\WLANSW.EXE

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\LxrSII1s.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Panasonic\OPDOFF\opdoffsv.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k termvvc

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Vuze\Azureus.exe

C:\WINDOWS\system32\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

mSearch Bar = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe

uRun: [LxrAutorun] c:\documents and settings\administrator\local settings\application data\lexar media\LxrAutorun.exe

uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_9

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_ActiveX.exe -update activex

mRun: [Hotkey] c:\windows\system32\hkeyman.exe

mRun: [PCTVOICE] pctspk.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [PRunOnce] c:\util\prunonce\PRunOnce.exe

mRun: [PCinfo] c:\program files\panasonic\pcinfo\SetDiag.exe /FirstLogin

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Panasonic HotKey Manager] "c:\program files\panasonic\hotkey appendix\HKEYAPP.EXE"

mRun: [intelZeroConfig] c:\program files\intel\wireless\bin\ZCfgSvc.exe

mRun: [<NO NAME>]

mRun: [intelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Xsofanohidimenip] rundll32.exe "c:\windows\uresefacocuwus.dll",Startup

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\econom~1.lnk - c:\program files\panasonic\chgbmode\ChgBmode.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\optica~1.lnk - c:\program files\panasonic\opdoff\opdoff.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\touchp~1.lnk - c:\program files\panasonic\touchpad\Touchpad.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\panasonic\wlansw\WLANSW.EXE

IE: &Search

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://northtexas.clio.medcity.net/dana-cached/sc/JuniperSetupClient.cab

TCP: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62

TCP: Interfaces\{B648244D-CFE5-4E0E-BE56-6B0755F1487F} : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: igfxcui - igfxsrvc.dll

Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

Notify: temlvw32 - temlvw32.dll

Notify: termssvces - temlvw32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\nn9nb41r.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=13&q=

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\tvuplayer\npTVUAx.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\DotNetAssistantExtension

FF - Ext: XULRunner: {72593FC7-C962-41A3-90AD-CDB8841E5880} - c:\documents and settings\administrator\local settings\application data\{72593FC7-C962-41A3-90AD-CDB8841E5880}

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.10);user_pref(general.useragent.extra.zencast,

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2006-4-26 10624]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-8-1 11608]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

R1 chgbmode;Panasonic Charge Mode Changer Driver;c:\program files\panasonic\chgbmode\ChgBmode.sys [2006-4-25 7680]

R1 MiscOPD;Panasonic Opdoff Utility;c:\program files\panasonic\opdoff\miscOPD.sys [2006-4-25 6144]

R1 NEOFLTR_650_15507;Juniper Networks TDI Filter Driver (NEOFLTR_650_15507);c:\windows\system32\drivers\NEOFLTR_650_15507.SYS [2010-7-23 85360]

R1 WLANSW;Panasonic PC Wireless LAN Switch Driver;c:\program files\panasonic\wlansw\WLANSW.sys [2006-4-25 7680]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-8-1 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-8-1 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-8-1 61960]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 brecal;Panasonic Battery Recalibration Driver;c:\program files\panasonic\brecal\Brecal.sys [2006-4-25 7168]

R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2007-12-10 72672]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-25 366640]

R2 OPDOFFSV;Panasonic Opdoff Utility;c:\program files\panasonic\opdoff\opdoffsv.exe [2006-4-25 147456]

R2 pcinfo;Panasonic PC Info. Viewer Driver;c:\program files\panasonic\pcinfo\PCINFO.sys [2006-4-25 7168]

R2 SDKEY;Panasonic SD Misc. Function Driver;c:\program files\panasonic\sdkey\SDKEY.sys [2006-4-25 8192]

R2 TermServices;Remote Desktop Service;c:\windows\system32\svchost.exe -k termvvc [2006-4-25 14336]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-25 22712]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-20 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-20 136176]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-25 41272]

S3 OMNUSB;Omnikey AG CardMan 2020 USB Smart Card Reader;c:\windows\system32\drivers\sccmusbm.sys [2009-4-5 23936]

.

=============== Created Last 30 ================

.

2011-08-01 06:00:05 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-08-01 05:59:58 -------- d-----w- c:\program files\Avira

2011-08-01 05:59:58 -------- d-----w- c:\documents and settings\all users\application data\Avira

2011-08-01 03:09:48 35840 ----a-w- c:\windows\system32\temlvw32.dll

2011-08-01 03:09:48 218624 ----a-w- c:\windows\system32\termvw32.dll

2011-07-25 13:52:26 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-25 13:52:21 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-25 13:52:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-25 13:22:16 -------- d-----w- c:\windows\pss

2011-07-25 13:05:02 -------- d-----w- c:\documents and settings\all users\application data\QueryScan

2011-07-25 13:05:01 -------- d-----w- c:\program files\QueryScan

2011-07-25 13:04:48 -------- d-----w- c:\program files\MPAccess

2011-07-25 12:46:36 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes

2011-07-25 12:46:30 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-07-25 06:52:13 -------- d--h--w- C:\$AVG

2011-07-25 06:51:09 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2011-07-25 06:50:39 -------- d-----w- c:\documents and settings\administrator\application data\AVG10

2011-07-25 06:49:54 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar

2011-07-25 06:47:43 -------- d-----w- c:\windows\system32\drivers\AVG

2011-07-25 06:47:43 -------- d-----w- c:\documents and settings\all users\application data\AVG10

2011-07-25 06:46:39 -------- d-----w- c:\program files\AVG

2011-07-25 06:42:19 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-07-25 06:11:16 -------- d-----w- c:\documents and settings\all users\application data\iN01602KpGnB01602

2011-07-25 06:01:03 0 ----a-w- c:\windows\Kgesafupeyeg.bin

2011-07-25 06:00:58 -------- d-----w- c:\documents and settings\administrator\local settings\application data\{72593FC7-C962-41A3-90AD-CDB8841E5880}

2011-07-25 05:59:17 66048 --sha-r- c:\windows\system32\vss_pst.dll

2011-07-25 05:59:17 66048 --sha-r- c:\windows\system32\rsmui8.dll

2011-07-25 05:59:17 66048 --sha-r- c:\windows\system32\avicapl.dll

2011-07-25 05:59:03 173568 ----a-w- c:\windows\Psetoa.exe

.

==================== Find3M ====================

.

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 1:12:31.56 ===============

ATTACH:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2/19/2007 1:42:02 PM

System Uptime: 7/31/2011 11:55:06 PM (2 hours ago)

.

Motherboard: Matsushita Electric Industrial Co.,Ltd. | | CFY4W-2

Processor: Intel® Pentium® M processor 1.60GHz | IC1 | 1595/400mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 56 GiB total, 12.795 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1: 7/25/2011 1:23:41 AM - System Checkpoint

RP2: 7/25/2011 9:47:42 AM - Installed AVG 2011

RP3: 7/25/2011 9:47:51 AM - Removed AVG 2011

RP4: 7/26/2011 9:56:44 AM - System Checkpoint

RP5: 7/27/2011 10:00:41 AM - System Checkpoint

RP6: 7/29/2011 11:44:49 AM - System Checkpoint

RP7: 8/1/2011 12:18:01 AM - System Checkpoint

.

==== Installed Programs ======================

.

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Media Player

Adobe Reader 9.3

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Avira AntiVir Personal - Free Antivirus

Battery Recalibration

Bonjour

Burn4Free CD and DVD

Cheetah DVD Burner

Cisco Connect

Critical Update for Windows Media Player 11 (KB959772)

Economy Mode(ECO) Setting Utility

Google Earth Plug-in

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HotKey Appendix

Hotkey Driver for Panasonic PC

Hotkey Settings

Icon Enlarger

Intel® Graphics Media Accelerator Driver for Mobile

Intel® PROSet/Wireless Software

InterVideo WinDVD

iTunes

Java Auto Updater

Java 6 Update 20

Java 6 Update 4

Juniper Networks Host Checker

Juniper Networks Network Connect 5.3.0

Juniper Networks Network Connect 6.5.0

Juniper Networks Secure Application Manager

Juniper Networks Setup Client

Malwarebytes' Anti-Malware version 1.51.1.1800

mCore

mDriver

mDrWiFi

mHelp

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

mIWA

mIWCA

mLogView

mMHouse

Mozilla Firefox (3.6.7)

mPfMgr

mPfWiz

mProSafe

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

mWlsSafe

mXML

mZConfig

OpenOffice.org 2.4

Optical Disc Drive Letter-Setting Utility

Optical Disc Drive Power-Saving Utility

Panasonic V.92 MDC Modem Drivers

PC Information Viewer

Picasa 2

QuickTime

SD Utility

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2509488)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office 2007 System (KB2541012)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2541007)

Security Update for Microsoft Office Groove 2007 (KB2494047)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Synaptics Pointing Device Driver

Touch Pad Utility

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 (KB2509470)

Update for Outlook 2007 Junk Email Filter (KB2553975)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VLC media player 1.1.5

Vuze

WebFldrs XP

Winamp

Winamp Detector Plug-in

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 10 Hotfix - KB895316

Windows Media Player 10 Hotfix [see KB887626 for more information]

Windows Media Player 11

Windows XP Service Pack 3

WinZip 14.5

Wireless LAN Switch

.

==== Event Viewer Messages From Past Week ========

.

7/31/2011 11:57:08 PM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.

7/31/2011 10:25:00 PM, error: Service Control Manager [7023] - The 6to4 service terminated with the following error: The specified procedure could not be found.

7/29/2011 9:41:03 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

7/26/2011 8:55:47 AM, error: Dhcp [1002] - The IP address lease 10.65.9.204 for the Network Card with network address 00FF18C29B86 has been denied by the DHCP server 10.200.200.200 (The DHCP Server sent a DHCPNACK message).

7/26/2011 5:42:15 PM, error: Service Control Manager [7034] - The Fast User Switching Compatibility service terminated unexpectedly. It has done this 1 time(s).

7/26/2011 5:42:15 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).

7/26/2011 5:42:15 PM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

7/25/2011 9:44:56 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.

7/25/2011 9:43:59 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

7/25/2011 9:42:31 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/25/2011 8:39:22 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

7/25/2011 8:36:52 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 chgbmode Fips intelppm MiscOPD WLANSW

7/25/2011 12:39:09 AM, error: Dhcp [1002] - The IP address lease 10.65.152.105 for the Network Card with network address 00FFC8048C86 has been denied by the DHCP server 10.200.200.200 (The DHCP Server sent a DHCPNACK message).

7/25/2011 11:08:24 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

7/25/2011 11:07:38 PM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).

7/25/2011 1:45:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

7/25/2011 1:43:05 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: chgbmode Fips intelppm MiscOPD WLANSW

7/25/2011 1:33:48 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.

7/25/2011 1:33:48 AM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/25/2011 1:32:48 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/25/2011 1:31:48 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/25/2011 1:30:48 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/25/2011 1:29:47 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/25/2011 1:28:47 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/25/2011 1:28:17 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Juniper Network Connect Service service to connect.

7/25/2011 1:28:17 AM, error: Service Control Manager [7000] - The Juniper Network Connect Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/25/2011 1:27:47 AM, error: Service Control Manager [7034] - The Spectrum24 Event Monitor service terminated unexpectedly. It has done this 1 time(s).

7/25/2011 1:27:47 AM, error: Service Control Manager [7034] - The Smart Card service terminated unexpectedly. It has done this 1 time(s).

7/25/2011 1:27:47 AM, error: Service Control Manager [7034] - The RegSrvc service terminated unexpectedly. It has done this 1 time(s).

7/25/2011 1:27:47 AM, error: Service Control Manager [7034] - The Panasonic Opdoff Utility service terminated unexpectedly. It has done this 1 time(s).

7/25/2011 1:27:47 AM, error: Service Control Manager [7034] - The Lexar Secure II service terminated unexpectedly. It has done this 1 time(s).

7/25/2011 1:27:47 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

7/25/2011 1:27:47 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

7/25/2011 1:27:47 AM, error: Service Control Manager [7034] - The EvtEng service terminated unexpectedly. It has done this 1 time(s).

7/25/2011 1:27:47 AM, error: Service Control Manager [7031] - The Juniper Network Connect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

7/25/2011 1:27:47 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

.

==== End Of File ===========================

Link to post
Share on other sites

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-08-01 08:46:06

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK6034GAX rev.AC102F

Running: nin3n252.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kfaoqpow.sys

---- System - GMER 1.0.15 ----

SSDT F7C27796 ZwCreateKey

SSDT F7C2778C ZwCreateThread

SSDT F7C2779B ZwDeleteKey

SSDT F7C277A5 ZwDeleteValueKey

SSDT F7C277AA ZwLoadKey

SSDT F7C27778 ZwOpenProcess

SSDT F7C2777D ZwOpenThread

SSDT F7C277B4 ZwReplaceKey

SSDT F7C277AF ZwRestoreKey

SSDT F7C277A0 ZwSetValueKey

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF784D7DC]

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF784D878]

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF784D914]

---- Kernel code sections - GMER 1.0.15 ----

.text KDCOM.DLL!KdSendPacket F798C345 1 Byte [48]

.text KDCOM.DLL!KdSendPacket F798C345 3 Bytes [48, 00, 02] {DEC EAX; ADD [EDX], AL}

.text KDCOM.DLL!KdSendPacket F798C34B 10 Bytes [8B, C7, 83, E0, 0C, 83, F8, ...] {MOV EAX, EDI; AND EAX, 0xc; CMP EAX, 0x4; JZ 0x1f}

.text KDCOM.DLL!KdSendPacket F798C368 55 Bytes [EB, 05, BE, F0, BB, 59, 00, ...]

.text KDCOM.DLL!KdD0Transition + 1A F798C3A0 5 Bytes [A4, 0F, 84, 97, 00]

.text KDCOM.DLL!KdDebuggerInitialize0 F798C3A6 3 Bytes [00, 64, A1]

.text KDCOM.DLL!KdDebuggerInitialize0 + 4 F798C3AA 32 Bytes [01, 00, 00, 8B, F0, FF, 8E, ...]

.text KDCOM.DLL!KdDebuggerInitialize0 + 25 F798C3CB 3 Bytes [EB, 4B, 8A]

.text KDCOM.DLL!KdDebuggerInitialize0 + 29 F798C3CF 27 Bytes [7B, 01, 00, 00, F6, DB, 1B, ...]

.text KDCOM.DLL!KdDebuggerInitialize0 + 47 F798C3ED 77 Bytes [C9, 74, 1A, 80, 3D, 48, 98, ...]

.text ...

.text KDCOM.DLL!KdSave + 4 F798C45A 5 Bytes [8B, F0, FF, 8E, D4]

.text KDCOM.DLL!KdRestore F798C460 13 Bytes [00, 00, 8B, 45, 08, FF, 70, ...]

.text KDCOM.DLL!KdRestore + B3 F798C513 10 Bytes [FF, 75, 08, 8B, F0, FF, 8E, ...]

.text KDCOM.DLL!KdRestore + BE F798C51E 6 Bytes [FF, 35, 60, 33, 48, 00] {PUSH DWORD [0x483360]}

.text KDCOM.DLL!KdRestore + C9 F798C529 206 Bytes [8B, D8, 85, DB, C7, 45, 08, ...]

.text KDCOM.DLL!KdRestore + 198 F798C5F8 52 Bytes [00, 00, 75, 13, 8D, 46, 34, ...]

.text ...

PAGEKD KDCOM.DLL!KdReceivePacket + 6C F798CFB8 124 Bytes CALL F79078E4 \SystemRoot\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation)

PAGEKD KDCOM.DLL!KdReceivePacket + E9 F798D035 57 Bytes [00, 00, 00, 00, 00, 00, 00, ...]

PAGEKD KDCOM.DLL!KdReceivePacket + 124 F798D070 15 Bytes [FB, 17, 00, 00, 07, 18, 00, ...]

PAGEKD KDCOM.DLL!KdReceivePacket + 134 F798D080 18 Bytes [31, 18, 00, 00, 49, 18, 00, ...]

PAGEKD KDCOM.DLL!KdReceivePacket + 148 F798D094 27 Bytes [F6, 10, 00, 00, 0C, 11, 00, ...]

PAGEKD ...

PAGEKD KDCOM.DLL!KdSendPacket + 8 F798D1BA 134 Bytes [F4, 85, C0, 74, 4C, 8B, 45, ...]

PAGEKD KDCOM.DLL!KdSendPacket + 8F F798D241 30 Bytes [89, 45, F8, FF, 15, 00, D0, ...]

? wxmx.sys The system cannot find the file specified. !

.text PCIIDEX.SYS!PciIdeXSetBusData + B29 F77FD45D 4 Bytes JMP 85F009CC

.text PCIIDEX.SYS!PciIdeXSetBusData + D72 F77FD6A6 4 Bytes JMP 86B45F64

.text PCIIDEX.SYS!PciIdeXDebugPrint + 23 F77FD6DD 4 Bytes JMP 85F009CC

.text PCIIDEX.SYS!PciIdeXDebugPrint + 173 F77FD82D 4 Bytes JMP 86B45F64

.text PCIIDEX.SYS!PciIdeXDebugPrint + 1A8 F77FD862 4 Bytes JMP 86B45F64

PAGE PCIIDEX.SYS!PciIdeXDebugPrint + 7CB F77FDE85 4 Bytes JMP 85F009CC

PAGE PCIIDEX.SYS!PciIdeXDebugPrint + 19B8 F77FF072 4 Bytes JMP 85F009CC

PAGE ...

PAGE PCIIDEX.SYS!PciIdeXInitialize + 288 F7800C64 4 Bytes JMP 85F009CC

.text atapi.sys F73C4EC5 4 Bytes JMP 86AAB114

.text atapi.sys F73C5119 4 Bytes JMP 86AAB114

.text atapi.sys F73C55BB 4 Bytes JMP 86AAB114

.text atapi.sys F73C576C 4 Bytes JMP 86AAB114

.text atapi.sys F73C583B 4 Bytes JMP 86AAB114

.text ...

.text CLASSPNP.SYS!ClassReleaseRemoveLock + 193 F75CC553 4 Bytes JMP 86CF3794

.text CLASSPNP.SYS!ClassCompleteRequest + D F75CCBF0 4 Bytes JMP 86AB9ACC

.text CLASSPNP.SYS!ClassCompleteRequest + 3F6 F75CCFD9 4 Bytes JMP 86CF3794

.text CLASSPNP.SYS!ClassSendSrbSynchronous + EE F75CD18C 4 Bytes JMP 86CF3794

.text CLASSPNP.SYS!ClassDeviceControl + BD F75CD591 4 Bytes JMP 86AB9ACC

.text CLASSPNP.SYS!ClassReleaseQueue + EA F75CE372 4 Bytes JMP 86CF3794

.text CLASSPNP.SYS!ClassReleaseChildLock + 66 F75CE9C6 4 Bytes JMP 86CF3794

.text CLASSPNP.SYS!ClassSendIrpSynchronous + 3A F75CEB90 4 Bytes JMP 86CF3794

.text CLASSPNP.SYS!ClassGetDriverExtension + 15D F75CF131 4 Bytes JMP 86CF3794

.text CLASSPNP.SYS!ClassFindModePage + 1D3 F75CF775 4 Bytes JMP 86CF3794

.text CLASSPNP.SYS!ClassFindModePage + 77F F75CFD21 4 Bytes JMP 86CF3794

.text CLASSPNP.SYS!ClassFindModePage + 9A6 F75CFF48 4 Bytes JMP 86CE9A74

.text CLASSPNP.SYS!ClassFindModePage + ADC F75D007E 4 Bytes JMP 85A98BEC

.text CLASSPNP.SYS!ClassFindModePage + B06 F75D00A8 4 Bytes JMP 86CF3794

.text ...

.text CLASSPNP.SYS!ClassInternalIoControl + 87 F75D0FAF 4 Bytes JMP 86CF3794

.text CLASSPNP.SYS!ClassGetVpb + 167 F75D11AB 4 Bytes JMP 86CF3794

.text CLASSPNP.SYS!ClassSendStartUnit + C9 F75D1421 4 Bytes JMP 86CF3794

.text CLASSPNP.SYS!ClassSendSrbAsynchronous + 10D F75D156C 4 Bytes JMP 86CF3794

.text CLASSPNP.SYS!ClassWmiFireEvent + 3A9 F75D1A16 4 Bytes JMP 86CF3794

.text CLASSPNP.SYS!ClassWmiFireEvent + 843 F75D1EB0 4 Bytes JMP 86CF3794

.text CLASSPNP.SYS!ClassIoCompleteAssociated + 18B F75D24E9 4 Bytes JMP 86CE9A74

PAGE CLASSPNP.SYS!ClassDebugPrint + 59B F75D2B33 4 Bytes JMP 86CF3794

PAGE CLASSPNP.SYS!ClassDebugPrint + 7B5 F75D2D4D 4 Bytes JMP 86CF3794

PAGE CLASSPNP.SYS!ClassModeSense + 57D F75D5B68 4 Bytes JMP 86CF3794

? system32\drivers\12571152.sys The system cannot find the path specified. !

? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 00A3D349

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!DrawTextW 7E42D7E2 5 Bytes JMP 00A3D187

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 00A3CDFD

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!DrawTextA 7E43C702 5 Bytes JMP 00A3D0AC

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!DrawTextExA 7E43C739 5 Bytes JMP 00A3D262

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 00A3CFE0

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 00A3D514

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 00A3CF14

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 00A3D430

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 00A3D8D4

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 00A3D9A1

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00A3BD87

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00A3CD56

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A3C8CB

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00A3CAF2

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00A3BCC6

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00A3C970

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00A3CA1E

.text C:\Program Files\Internet Explorer\iexplore.exe[1036] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 00A3C15D

? C:\WINDOWS\System32\svchost.exe[1224] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: oleaut32.dllunknown module: oleaut32.dllunknown module: comctl32.dllunknown module: oleaut32.dllunknown module: oleaut32.dll

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 019DD349

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DrawTextW 7E42D7E2 5 Bytes JMP 019DD187

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 019DCDFD

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DrawTextA 7E43C702 5 Bytes JMP 019DD0AC

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DrawTextExA 7E43C739 5 Bytes JMP 019DD262

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 019DCFE0

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 019DD514

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 019DCF14

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 019DD430

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 019DD8D4

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 019DD9A1

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 019DBD87

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 019DCD56

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] ws2_32.dll!send 71AB4C27 5 Bytes JMP 019DC8CB

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 019DCAF2

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] ws2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 019DBCC6

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] ws2_32.dll!recv 71AB676F 5 Bytes JMP 019DC970

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 019DCA1E

.text C:\Program Files\Internet Explorer\iexplore.exe[3004] ws2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 019DC15D

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 02BAC23C

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 02BAD349

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!DrawTextW 7E42D7E2 5 Bytes JMP 02BAD187

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 02BACDFD

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!DrawTextA 7E43C702 5 Bytes JMP 02BAD0AC

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!DrawTextExA 7E43C739 5 Bytes JMP 02BAD262

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 02BACFE0

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 02BAD514

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 02BACF14

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 02BAD430

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 02BAD8D4

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 02BAD9A1

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 02BABD87

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02BACD56

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] ws2_32.dll!send 71AB4C27 5 Bytes JMP 02BAC8CB

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02BACAF2

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] ws2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 02BABCC6

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] ws2_32.dll!recv 71AB676F 5 Bytes JMP 02BAC970

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 02BACA1E

.text C:\Program Files\Internet Explorer\iexplore.exe[4048] ws2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 02BAC15D

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_650_15507.SYS (NetBIOS Redirector/Juniper Networks)

Device \Driver\14731448 \Device\KLMD29072011_206030 12571152.sys

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_650_15507.SYS (NetBIOS Redirector/Juniper Networks)

AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_650_15507.SYS (NetBIOS Redirector/Juniper Networks)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{448DE0ED-BC03-11E0-B92E-00166FB1E080}.dat 34304 bytes

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.