Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser redirects

Unread postby justin234 » July 22nd, 2010, 2:27 am

Hello, I have Windows XP and IE redirects to unintended sites. Mcafee found Generic Dropper.va. Can you help me? Attached are my HJT log and uninstall list. Thank you for your help.

-Justin

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:12:22 PM, on 7/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Secure Online Account Numbers\SOAN.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\RCrawler\RCrawler.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\mstbsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: C:\WINDOWS\system32\m5qflyk.dll - {C3BA40A2-75F1-52BD-F413-04B15A2C8953} - C:\WINDOWS\system32\m5qflyk.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SecureOnlineAccountNumbers] C:\Program Files\Secure Online Account Numbers\SOAN.exe /dontopenmycards
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Registry Crawler] C:\PROGRA~1\RCrawler\RCrawler.exe -TRAYONLY
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [jwcwugpk] C:\Documents and Settings\Ron\Local Settings\Application Data\jvvdycmjo\moebobntssd.exe
O4 - HKLM\..\Run: [Jmatoj] rundll32.exe "C:\WINDOWS\ijenubesidacibi.dll",Startup
O4 - HKLM\..\Run: [ewrgetuj] C:\DOCUME~1\Ron\LOCALS~1\Temp\geurge.exe
O4 - HKLM\..\Run: [bdeqvkps] C:\Documents and Settings\Ron\Local Settings\Application Data\qjqfvnrwj\olilxmwtssd.exe
O4 - HKLM\..\Run: [ulrubhfm] C:\Documents and Settings\NetworkService\Local Settings\Application Data\cagqiseoa\qforlrltssd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [jwcwugpk] C:\Documents and Settings\Ron\Local Settings\Application Data\jvvdycmjo\moebobntssd.exe
O4 - HKCU\..\Run: [Trehumofutoc] rundll32.exe "C:\WINDOWS\KBDPRFI.dll",Startup
O4 - HKCU\..\Run: [sdr8gdrgdrgke49orkgsjkjfjhsd] C:\DOCUME~1\Ron\LOCALS~1\Temp\cmd.exe
O4 - HKCU\..\Run: [bdeqvkps] C:\Documents and Settings\Ron\Local Settings\Application Data\qjqfvnrwj\olilxmwtssd.exe
O4 - HKCU\..\Run: [mcexecwin] rundll32.exe C:\DOCUME~1\Ron\LOCALS~1\Temp\gk812c0.dll, RestoreWindows
O4 - HKCU\..\Run: [hsef87ehf3jishfs87fhuishfsgggfdgs4g] C:\DOCUME~1\Ron\LOCALS~1\Temp\op7qy.exe
O4 - HKCU\..\Run: [hsehf98u34i9tjioaugy987iuegdsg] C:\DOCUME~1\Ron\LOCALS~1\Temp\smss.exe
O4 - HKUS\S-1-5-18\..\Run: [ulrubhfm] C:\Documents and Settings\NetworkService\Local Settings\Application Data\cagqiseoa\qforlrltssd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ulrubhfm] C:\Documents and Settings\NetworkService\Local Settings\Application Data\cagqiseoa\qforlrltssd.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCo ... taller.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886} (InstallShield Setup Player 2K2) - http://host1.telechart.tv/tcrepair/setup.exe
O16 - DPF: {3CA15C82-6297-11D6-B8FA-00C04F5E375A} (BridgeChannel v3) - http://channel.bridge.com/bc/java/bc3_bridge_i.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {A0777FF1-23AC-11D5-BA9B-00C04F753F09} (BridgeChannel) - http://channel.bridge.com/bc24/java/bc_bridge_i.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://prod1.centra.com/SiteRoots/main/ ... loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://optionsxpressevents.webex.com/c ... eatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: jahs8973fioafnh98fasfw3gadfgjdsdf - {C3BA40A2-75F1-52BD-F413-04B15A2C8953} - C:\WINDOWS\system32\m5qflyk.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
O23 - Service: Google Update Service (gupdate1ca3e0754473069) (gupdate1ca3e0754473069) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 13251 bytes

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
uninstall_list

Adobe Download Manager 2.2 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.9
Advertisement Service
Apple Software Update
Britannica Ready Reference
Centra Client
CentraOne
Classic PhoneTools
Conexant SmartHSFi V92 56K Speakerphone PCI Modem
Critical Update for Windows Media Player 11 (KB959772)
DAO
Dell Digital Jukebox Driver
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support Center (Support Software)
DellSupport
Digital Line Detect
DVDSentry
Earthlink Installer - uninstall 'Earthlink 5.0' entry first if present
Easy CD Creator 5 Basic
Google Chrome
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HTML Executable IERuntime
InstallMgr
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
Java(TM) 6 Update 20
McAfee SecurityCenter
Medved QuoteTracker
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft PowerPoint Viewer 97
Microsoft Search Enhancement Pack
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Helper
MSN Toolbar
MSN Toolbar
MSN Toolbar Setup
MSXML 6 Service Pack 2 (KB954459)
Musicmatch® Jukebox
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
Option Master® Deluxe (Demo)
Option Master® Deluxe (Demo) (C:\Program Files\Option Master\)
Paint Shop Pro 7
PowerDVD
Quicken 2002 New User Edition
QuickTime
RealPlayer
Registry Crawler
Rhapsody Player Engine
Secure Conference Components 1.3.3
Secure Online Account Numbers
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Sound Blaster Live!
TeleChart
TeleChart 2005
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USDA-HealtheTech Search SR-19
Verizon High Speed Internet
Viewpoint Media Player (Remove Only)
WebEx
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 2002
WordPerfect Office 2002
justin234
Active Member
 
Posts: 12
Joined: July 22nd, 2010, 12:18 am
Advertisement
Register to Remove

Re: Browser redirects

Unread postby deltalima » July 26th, 2010, 5:38 am

Hi justin234,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Browser redirects

Unread postby justin234 » July 27th, 2010, 1:03 am

Thank you for getting back to me deltalima. If you cut and pasted your instructions I have an edit for your master file.

Please note the following:
* I will working be on your Malware issues,


It should read "I will be working..."

Sorry, I feel like the student that corrected the teacher and now I'm an arse. Anyway, I'll run those programs.

Thank you for your help.
Justin
justin234
Active Member
 
Posts: 12
Joined: July 22nd, 2010, 12:18 am

Re: Browser redirects

Unread postby deltalima » July 27th, 2010, 3:50 am

Hi justin234,

It should read "I will be working..."


Well spotted! Thank you for pointing that out, I have amended the master copy now.

If you have problems wit the GMER scan then please run the following alternative scan.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Browser redirects

Unread postby justin234 » July 28th, 2010, 2:58 am

Hello again deltalima,

Old Timer results:
OTL logfile created on: 7/27/2010 11:26:13 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Ron\My Documents\fix-justin
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 99.00 Mb Available Physical Memory | 13.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 22.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.86 Gb Total Space | 39.61 Gb Free Space | 70.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D7QWJM21
Current User Name: Ron
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ron\My Documents\fix-justin\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee\VirusScan\mcvsshld.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\MSN\Toolbar\3.0.1125.0\mstbsvc.exe (Microsoft Corp.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (Musicmatch, Inc.)
PRC - C:\Program Files\Secure Online Account Numbers\SOAN.exe (Orbiscom Ltd. All rights reserved.)
PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
PRC - C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
PRC - C:\Program Files\RCrawler\rcrawler.exe (4Developers LLC)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Ron\My Documents\fix-justin\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll (RealPlayer)
MOD - C:\WINDOWS\SYSTEM32\msvcr71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\msvcp71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation)
MOD - C:\WINDOWS\ijenubesidacibi.dll ()
MOD - C:\WINDOWS\KBDPRFI.dll ()
MOD - C:\WINDOWS\SYSTEM32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\SERWVDRV.DLL (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\UMDMXFRM.DLL (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (mstbsvc) -- C:\Program Files\MSN\Toolbar\3.0.1125.0\mstbsvc.exe (Microsoft Corp.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (NMSSvc) Intel(R) -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (iAimTV2) -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys File not found
DRV - (MPFP) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel(R) Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel(R) Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel(R) Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel(R) Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel(R) Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel(R) Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel(R) Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel(R) Corporation)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (P16X) Creative SB Live! Series (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (NMSCFG) -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS (Intel Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys (Conexant Systems)
DRV - (HSF_DP) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys (Conexant Systems)
DRV - (winachsf) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys (Conexant Systems)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (bvrp_pci) -- C:\WINDOWS\System32\drivers\bvrp_pci.sys ()
DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)
DRV - (PfModNT) -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost;

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost;

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2617571402-3943365155-446356517-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKU\S-1-5-21-2617571402-3943365155-446356517-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2617571402-3943365155-446356517-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2617571402-3943365155-446356517-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-2617571402-3943365155-446356517-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-2617571402-3943365155-446356517-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
IE - HKU\S-1-5-21-2617571402-3943365155-446356517-1006\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2617571402-3943365155-446356517-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2617571402-3943365155-446356517-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://localhost;

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/28 06:13:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0C8DCCF0-6850-49C1-88C2-9B880C86CD53}: C:\Documents and Settings\Ron\Local Settings\Application Data\{0C8DCCF0-6850-49C1-88C2-9B880C86CD53} [2010/07/08 22:34:49 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/07/09 16:12:58 | 000,872,547 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 25278 more lines...
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (C:\WINDOWS\system32\m5qflyk.dll) - {C3BA40A2-75F1-52BD-F413-04B15A2C8953} - C:\WINDOWS\System32\m5qflyk.dll File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [bdeqvkps] C:\Documents and Settings\Ron\Local Settings\Application Data\qjqfvnrwj\olilxmwtssd.exe File not found
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [ewrgetuj] C:\DOCUME~1\Ron\LOCALS~1\Temp\geurge.exe File not found
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [hetgklfl] C:\Documents and Settings\NetworkService\Local Settings\Application Data\dhmsqsnoo\ibbqojvtssd.exe File not found
O4 - HKLM..\Run: [Jmatoj] C:\WINDOWS\ijenubesidacibi.DLL ()
O4 - HKLM..\Run: [jwcwugpk] C:\Documents and Settings\Ron\Local Settings\Application Data\jvvdycmjo\moebobntssd.exe File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [Registry Crawler] C:\Program Files\RCrawler\rcrawler.exe (4Developers LLC)
O4 - HKLM..\Run: [SecureOnlineAccountNumbers] C:\Program Files\Secure Online Account Numbers\SOAN.exe (Orbiscom Ltd. All rights reserved.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ulrubhfm] C:\Documents and Settings\NetworkService\Local Settings\Application Data\cagqiseoa\qforlrltssd.exe File not found
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\.DEFAULT..\Run: [hetgklfl] C:\Documents and Settings\NetworkService\Local Settings\Application Data\dhmsqsnoo\ibbqojvtssd.exe File not found
O4 - HKU\.DEFAULT..\Run: [NetworkControl] C:\NetworkControl\nc.exe (Integrio Systems)
O4 - HKU\.DEFAULT..\Run: [ulrubhfm] C:\Documents and Settings\NetworkService\Local Settings\Application Data\cagqiseoa\qforlrltssd.exe File not found
O4 - HKU\S-1-5-18..\Run: [hetgklfl] C:\Documents and Settings\NetworkService\Local Settings\Application Data\dhmsqsnoo\ibbqojvtssd.exe File not found
O4 - HKU\S-1-5-18..\Run: [NetworkControl] C:\NetworkControl\nc.exe (Integrio Systems)
O4 - HKU\S-1-5-18..\Run: [ulrubhfm] C:\Documents and Settings\NetworkService\Local Settings\Application Data\cagqiseoa\qforlrltssd.exe File not found
O4 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006..\Run: [bdeqvkps] C:\Documents and Settings\Ron\Local Settings\Application Data\qjqfvnrwj\olilxmwtssd.exe File not found
O4 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006..\Run: [hsef87ehf3jishfs87fhuishfsgggfdgs4g] C:\DOCUME~1\Ron\LOCALS~1\Temp\op7qy.exe File not found
O4 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006..\Run: [hsehf98u34i9tjioaugy987iuegdsg] C:\DOCUME~1\Ron\LOCALS~1\Temp\smss.exe File not found
O4 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006..\Run: [jwcwugpk] C:\Documents and Settings\Ron\Local Settings\Application Data\jvvdycmjo\moebobntssd.exe File not found
O4 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006..\Run: [mcexecwin] C:\DOCUME~1\Ron\LOCALS~1\Temp\gk812c0.DLL File not found
O4 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006..\Run: [sdr8gdrgdrgke49orkgsjkjfjhsd] C:\DOCUME~1\Ron\LOCALS~1\Temp\cmd.exe File not found
O4 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006..\Run: [Trehumofutoc] C:\WINDOWS\KBDPRFI.DLL ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O12 - Plugin for: .mid - C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll (Apple Inc.)
O12 - Plugin for: .mov - C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006\..Trusted Domains: ameritrade.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006\..Trusted Domains: ameritrade.com ([wwws] https in Trusted sites)
O15 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006\..Trusted Domains: tdameritrade.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCo ... taller.cab (Support.com Configuration Class)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab (Yahoo! Audio Conferencing)
O16 - DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886} http://host1.telechart.tv/tcrepair/setup.exe (InstallShield Setup Player 2K2)
O16 - DPF: {3CA15C82-6297-11D6-B8FA-00C04F5E375A} http://channel.bridge.com/bc/java/bc3_bridge_i.cab (BridgeChannel v3)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {A0777FF1-23AC-11D5-BA9B-00C04F753F09} http://channel.bridge.com/bc24/java/bc_bridge_i.cab (BridgeChannel)
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} http://prod1.centra.com/SiteRoots/main/ ... loader.cab (CentraDownloaderCtl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://optionsxpressevents.webex.com/c ... eatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.128.12
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O22 - SharedTaskScheduler: {C3BA40A2-75F1-52BD-F413-04B15A2C8953} - jahs8973fioafnh98fasfw3gadfgjdsdf - C:\WINDOWS\System32\m5qflyk.dll File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 07:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/27 13:01:37 | 000,000,000 | ---D | C] -- C:\NetworkControl
[2010/07/26 10:59:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\dhmsqsnoo
[2010/07/22 20:37:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\Application Data\Malwarebytes
[2010/07/22 20:37:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/22 20:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/22 20:37:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/22 20:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/21 23:11:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/21 13:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\Desktop\photos
[2010/07/20 06:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2010/07/20 06:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/07/19 17:37:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/07/19 17:33:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/07/19 06:42:05 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/18 00:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\cagqiseoa
[2010/07/17 09:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/17 09:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/17 09:52:03 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/17 09:52:03 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/17 09:52:02 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/07/17 09:52:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/07/17 09:52:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/07/16 09:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/07/10 10:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\My Documents\fix-justin
[2010/07/09 09:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/09 09:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/09 08:05:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/07/09 07:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\Application Data\HTML Executable
[2010/07/09 07:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HTML Executable Viewer
[2010/07/08 22:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/08 22:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/08 22:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\Local Settings\Application Data\qjqfvnrwj
[2010/07/08 22:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\Local Settings\Application Data\{0C8DCCF0-6850-49C1-88C2-9B880C86CD53}
[2010/07/08 22:31:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\Local Settings\Application Data\jvvdycmjo
[2010/07/08 13:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\Desktop\backup
[2002/04/11 00:41:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/27 23:33:07 | 000,767,488 | ---- | M] () -- C:\WINDOWS\System32\drivers\azbgv.sys
[2010/07/27 23:19:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/27 22:44:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/27 22:24:05 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/07/27 22:01:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\apugedekosubuk.dll
[2010/07/27 21:58:31 | 000,019,033 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/07/27 21:55:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/27 21:54:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/27 21:54:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/07/27 21:54:37 | 804,331,520 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/27 14:31:49 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Ron\NTUSER.DAT
[2010/07/27 14:31:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Ron\NTUSER.INI
[2010/07/27 14:31:04 | 007,471,404 | -H-- | M] () -- C:\Documents and Settings\Ron\Local Settings\Application Data\IconCache.db
[2010/07/27 13:21:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Dkekonafaz.dat
[2010/07/27 13:02:09 | 000,000,122 | ---- | M] () -- C:\WINDOWS\System32\a.bat
[2010/07/27 12:27:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\okalufujuf.dll
[2010/07/27 10:24:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\okomutivolubu.dll
[2010/07/27 08:23:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ebicohuv.dll
[2010/07/26 23:35:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\arefepuxek.dll
[2010/07/26 21:33:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\oteqiqur.dll
[2010/07/26 14:54:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\alifanivagoxoyi.dll
[2010/07/26 12:52:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ivofepux.dll
[2010/07/26 10:50:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\apatukixuyoy.dll
[2010/07/26 08:48:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\abuhemof.dll
[2010/07/25 21:36:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\urinucijenonu.dll
[2010/07/25 19:34:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\adodoyadomipu.dll
[2010/07/25 10:26:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\oreweqoharus.dll
[2010/07/25 08:24:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\imefadujuge.dll
[2010/07/24 09:59:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ijesexasuxomodor.dll
[2010/07/24 07:57:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\upuwiroz.dll
[2010/07/23 22:43:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\emusatoxolibugid.dll
[2010/07/23 20:44:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ibaninozumahohew.dll
[2010/07/23 15:16:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/23 14:04:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\akopagid.dll
[2010/07/23 12:01:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\utexoyiv.dll
[2010/07/23 11:41:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\utekupug.dll
[2010/07/23 09:39:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\uniyucegaqabiheb.dll
[2010/07/23 07:40:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ujuraxijuma.dll
[2010/07/23 06:58:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ihicucafuv.dll
[2010/07/22 22:49:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\uheganisapam.dll
[2010/07/22 20:48:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ifekoqat.dll
[2010/07/22 20:37:24 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/22 18:46:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\utiwupom.dll
[2010/07/22 17:10:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ubadupapoxu.dll
[2010/07/22 12:55:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\anexixoyen.dll
[2010/07/22 10:54:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\oyaxanimifi.dll
[2010/07/22 08:51:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\efalohawurovi.dll
[2010/07/22 06:50:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\atisumocare.dll
[2010/07/22 06:46:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\itepevubeqo.dll
[2010/07/21 23:10:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\oxutubetogu.dll
[2010/07/21 21:58:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ejunemer.dll
[2010/07/21 19:56:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\odaqubef.dll
[2010/07/21 17:54:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\obocetuw.dll
[2010/07/21 13:51:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\irebenuw.dll
[2010/07/21 11:49:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ewojugabor.dll
[2010/07/21 09:46:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\exevoqububukuk.dll
[2010/07/21 07:45:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\izojozap.dll
[2010/07/20 12:18:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\imapubik.dll
[2010/07/20 10:17:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\acaliyojoqoziyi.dll
[2010/07/20 10:02:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\uzeveraxif.dll
[2010/07/20 08:00:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\oteyitejedab.dll
[2010/07/19 17:38:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/19 17:36:58 | 000,000,315 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/19 14:40:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\iwufiwuzozawufi.dll
[2010/07/19 12:39:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\efepojuyibox.dll
[2010/07/19 10:37:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\egogabobituyi.dll
[2010/07/19 08:35:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ifupeyamo.dll
[2010/07/19 06:35:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\iputelaguzeyaweb.dll
[2010/07/18 21:30:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\izeqodihod.dll
[2010/07/18 19:28:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ituzijuqumofut.dll
[2010/07/17 23:42:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\avezugiti.dll
[2010/07/17 23:41:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\owiqicac.dll
[2010/07/17 09:26:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ecoquxojaponaduq.dll
[2010/07/16 23:16:14 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ayasawegu.dll
[2010/07/16 12:47:28 | 000,001,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/07/16 12:32:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\anukiqaq.dll
[2010/07/16 11:50:40 | 000,000,000 | ---- | M] () -- C:\WINDOWS\imafetah.dll
[2010/07/16 10:17:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\uleminopafebo.dll
[2010/07/16 08:15:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\afokakadikuji.dll
[2010/07/15 23:15:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ocadelujol.dll
[2010/07/15 23:09:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\afowuqewidumuhi.dll
[2010/07/15 21:07:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ufezepufi.dll
[2010/07/15 15:18:22 | 000,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2010/07/15 12:30:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ogexesak.dll
[2010/07/15 08:27:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\otaqeluwe.dll
[2010/07/14 23:14:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\atumodeta.dll
[2010/07/14 21:12:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ivasuvub.dll
[2010/07/14 12:51:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\udowuhuropi.dll
[2010/07/14 10:50:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\etocanuveruqapiw.dll
[2010/07/14 08:47:56 | 000,000,000 | ---- | M] () -- C:\WINDOWS\epenopafebo.dll
[2010/07/14 06:46:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\azidafugahopi.dll
[2010/07/13 22:54:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\emeruwuy.dll
[2010/07/13 22:52:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ovupefoqe.dll
[2010/07/13 12:56:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\acatamuxudipota.dll
[2010/07/13 10:54:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ahuyibewereco.dll
[2010/07/13 08:52:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\orodezen.dll
[2010/07/12 22:52:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\isevazomopaj.dll
[2010/07/12 12:37:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\uyediwoxew.dll
[2010/07/12 10:35:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\isegumaj.dll
[2010/07/12 08:33:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ekewuhuropifatu.dll
[2010/07/12 06:31:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\abowajur.dll
[2010/07/11 12:11:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ibuqimezocijezow.dll
[2010/07/11 10:09:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\oyofoqiwuhuropi.dll
[2010/07/10 14:30:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ebisiwojiyerez.dll
[2010/07/10 10:02:32 | 094,160,714 | ---- | M] () -- C:\Documents and Settings\Ron\My Documents\regbackup.reg
[2010/07/10 09:36:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\isofesujoxumu.dll
[2010/07/09 23:13:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ozixuqux.dll
[2010/07/09 21:11:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\uvayuhax.dll
[2010/07/09 16:42:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ojuyeyogomusige.dll
[2010/07/09 16:12:58 | 000,872,547 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010/07/09 08:10:45 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Ron\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/09 05:58:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Pvumadazad.bin
[2010/07/08 13:08:01 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/07/08 13:05:33 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Ron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/07 22:34:43 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/27 22:01:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\apugedekosubuk.dll
[2010/07/27 13:02:09 | 000,000,122 | ---- | C] () -- C:\WINDOWS\System32\a.bat
[2010/07/27 12:27:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\okalufujuf.dll
[2010/07/27 10:24:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\okomutivolubu.dll
[2010/07/27 08:23:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ebicohuv.dll
[2010/07/26 23:35:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\arefepuxek.dll
[2010/07/26 21:33:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oteqiqur.dll
[2010/07/26 14:54:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\alifanivagoxoyi.dll
[2010/07/26 12:52:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ivofepux.dll
[2010/07/26 10:50:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\apatukixuyoy.dll
[2010/07/26 08:48:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\abuhemof.dll
[2010/07/25 21:36:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\urinucijenonu.dll
[2010/07/25 19:34:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\adodoyadomipu.dll
[2010/07/25 10:26:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oreweqoharus.dll
[2010/07/25 08:24:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imefadujuge.dll
[2010/07/24 09:59:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ijesexasuxomodor.dll
[2010/07/24 07:57:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\upuwiroz.dll
[2010/07/23 22:43:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\emusatoxolibugid.dll
[2010/07/23 20:44:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ibaninozumahohew.dll
[2010/07/23 14:04:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\akopagid.dll
[2010/07/23 12:01:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\utexoyiv.dll
[2010/07/23 11:41:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\utekupug.dll
[2010/07/23 09:39:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uniyucegaqabiheb.dll
[2010/07/23 07:40:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ujuraxijuma.dll
[2010/07/23 06:57:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ihicucafuv.dll
[2010/07/22 22:49:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uheganisapam.dll
[2010/07/22 20:48:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ifekoqat.dll
[2010/07/22 20:37:24 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/22 18:46:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\utiwupom.dll
[2010/07/22 17:10:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ubadupapoxu.dll
[2010/07/22 12:55:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\anexixoyen.dll
[2010/07/22 10:54:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oyaxanimifi.dll
[2010/07/22 08:51:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\efalohawurovi.dll
[2010/07/22 06:50:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atisumocare.dll
[2010/07/22 06:45:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\itepevubeqo.dll
[2010/07/21 23:10:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oxutubetogu.dll
[2010/07/21 21:58:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ejunemer.dll
[2010/07/21 19:56:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\odaqubef.dll
[2010/07/21 17:54:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\obocetuw.dll
[2010/07/21 13:51:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\irebenuw.dll
[2010/07/21 11:49:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ewojugabor.dll
[2010/07/21 09:46:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\exevoqububukuk.dll
[2010/07/21 07:45:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\izojozap.dll
[2010/07/20 12:18:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imapubik.dll
[2010/07/20 10:17:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acaliyojoqoziyi.dll
[2010/07/20 10:02:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uzeveraxif.dll
[2010/07/20 08:00:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oteyitejedab.dll
[2010/07/19 17:36:58 | 000,000,315 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/19 14:40:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iwufiwuzozawufi.dll
[2010/07/19 12:38:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\efepojuyibox.dll
[2010/07/19 10:37:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\egogabobituyi.dll
[2010/07/19 08:34:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ifupeyamo.dll
[2010/07/19 06:35:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iputelaguzeyaweb.dll
[2010/07/18 21:30:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\izeqodihod.dll
[2010/07/18 19:28:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ituzijuqumofut.dll
[2010/07/17 23:42:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\avezugiti.dll
[2010/07/17 23:41:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\owiqicac.dll
[2010/07/17 09:26:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ecoquxojaponaduq.dll
[2010/07/16 23:16:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ayasawegu.dll
[2010/07/16 12:32:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\anukiqaq.dll
[2010/07/16 11:50:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imafetah.dll
[2010/07/16 10:17:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uleminopafebo.dll
[2010/07/16 08:15:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\afokakadikuji.dll
[2010/07/15 23:15:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ocadelujol.dll
[2010/07/15 23:09:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\afowuqewidumuhi.dll
[2010/07/15 21:07:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ufezepufi.dll
[2010/07/15 12:30:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ogexesak.dll
[2010/07/15 08:27:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\otaqeluwe.dll
[2010/07/14 23:14:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atumodeta.dll
[2010/07/14 21:12:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ivasuvub.dll
[2010/07/14 12:51:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\udowuhuropi.dll
[2010/07/14 10:50:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\etocanuveruqapiw.dll
[2010/07/14 08:47:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\epenopafebo.dll
[2010/07/14 06:46:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\azidafugahopi.dll
[2010/07/13 22:54:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\emeruwuy.dll
[2010/07/13 22:52:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ovupefoqe.dll
[2010/07/13 12:56:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\acatamuxudipota.dll
[2010/07/13 10:54:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ahuyibewereco.dll
[2010/07/13 08:52:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\orodezen.dll
[2010/07/12 22:52:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\isevazomopaj.dll
[2010/07/12 12:37:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uyediwoxew.dll
[2010/07/12 10:35:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\isegumaj.dll
[2010/07/12 08:33:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ekewuhuropifatu.dll
[2010/07/12 06:31:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\abowajur.dll
[2010/07/11 12:11:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ibuqimezocijezow.dll
[2010/07/11 10:09:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oyofoqiwuhuropi.dll
[2010/07/10 14:30:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ebisiwojiyerez.dll
[2010/07/10 10:01:31 | 094,160,714 | ---- | C] () -- C:\Documents and Settings\Ron\My Documents\regbackup.reg
[2010/07/10 09:36:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\isofesujoxumu.dll
[2010/07/09 23:13:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ozixuqux.dll
[2010/07/09 21:11:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uvayuhax.dll
[2010/07/09 16:42:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ojuyeyogomusige.dll
[2010/07/09 16:37:00 | 804,331,520 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/08 22:49:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/08 22:43:40 | 000,767,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\azbgv.sys
[2010/07/08 22:34:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pvumadazad.bin
[2010/07/08 22:34:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dkekonafaz.dat
[2010/07/07 22:34:43 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/07/07 22:34:43 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2006/09/12 15:13:55 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/07/31 16:26:49 | 000,001,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/07/08 13:41:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2003/04/18 18:21:21 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2003/04/17 14:44:30 | 000,000,643 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2003/04/17 14:44:28 | 000,328,704 | ---- | C] () -- C:\WINDOWS\System32\dosfnt32.dll
[2003/04/17 14:44:28 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\ldepcl32.dll
[2003/04/03 17:33:33 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/04/03 17:33:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/03/27 22:35:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/03/27 22:23:18 | 000,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/03/27 22:23:18 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/03/27 22:20:57 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/03/27 22:20:41 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2003/03/27 22:20:41 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/03/27 22:20:40 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2003/03/27 22:20:40 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2003/03/27 22:20:40 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2003/03/27 22:20:09 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/03/27 22:16:43 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/03/27 21:55:44 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/12/10 01:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[2002/12/10 01:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2002/12/10 01:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[2002/12/10 01:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2002/08/29 04:00:00 | 000,183,296 | ---- | C] () -- C:\WINDOWS\ijenubesidacibi.dll
[2002/08/29 04:00:00 | 000,064,000 | ---- | C] () -- C:\WINDOWS\KBDPRFI.dll
[2002/02/06 08:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 13:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
< End of report >


OTL Extras logfile created on: 7/27/2010 11:26:13 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Ron\My Documents\fix-justin
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 99.00 Mb Available Physical Memory | 13.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 22.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.86 Gb Total Space | 39.61 Gb Free Space | 70.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D7QWJM21
Current User Name: Ron
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel(R) PROSet II
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{29D88826-2AB9-11D5-8854-00902761A46D}" = WordPerfect Office 2002
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45893FEB-30FD-4034-8661-3BA4238FE67A}" = Britannica Ready Reference
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{64116298-93C5-401D-B06C-39D8E3338508}" = DAO
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{8F899627-1EA1-484D-91EA-7B22C05358DB}" = TeleChart 2005
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9D98F245-3010-43C6-B3B0-67A464DA298E}" = ELNKInst
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1DEC338-BB8F-439C-960E-6007ECB20CE3}" = USDA-HealtheTech Search SR-19
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB5142E6-7759-4A61-B52E-136686FF19FE}" = MSN Toolbar Setup
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AdobeESD" = Adobe Download Manager 2.2 (Remove Only)
"CentraClient" = Centra Client
"CentraOneClient" = CentraOne
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V92 56K Speakerphone PCI Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"HTMLExecutableIERuntimeSetup44" = HTML Executable IERuntime
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{9D98F245-3010-43C6-B3B0-67A464DA298E}" = Earthlink Installer - uninstall 'Earthlink 5.0' entry first if present
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Medved QuoteTracker_is1" = Medved QuoteTracker
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"net" = Advertisement Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Display Driver" = NVIDIA Display Driver
"PPTView97" = Microsoft PowerPoint Viewer 97
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"Quicken 2002 New User Edition" = Quicken 2002 New User Edition
"RealPlayer 12.0" = RealPlayer
"Registry Crawler" = Registry Crawler
"Secure Conference Components_is1" = Secure Conference Components 1.3.3
"Secure Online Account Numbers" = Secure Online Account Numbers
"ST6UNST #1" = Option Master® Deluxe (Demo)
"ST6UNST #2" = Option Master® Deluxe (Demo) (C:\Program Files\Option Master\)
"TeleChart" = TeleChart
"Verizon High Speed Internet_is1" = Verizon High Speed Internet
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordPerfect Office 2002" = WordPerfect Office 2002
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2617571402-3943365155-446356517-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/25/2010 12:12:24 PM | Computer Name = D7QWJM21 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.5730.13, faulting module
ieframe.dll, version 7.0.5730.13, fault address 0x000f6f83.

Error - 7/25/2010 10:22:36 PM | Computer Name = D7QWJM21 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ijenubesidacibi.dll, version 0.0.0.0, fault address 0x000119aa.

Error - 7/25/2010 10:22:57 PM | Computer Name = D7QWJM21 | Source = Application Error | ID = 1000
Description = Faulting application DRWTSN32.EXE, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 7/25/2010 10:35:13 PM | Computer Name = D7QWJM21 | Source = MsiInstaller | ID = 1013
Description = Product: InstallMgr -- AlreadyInstalled

Error - 7/26/2010 10:03:17 AM | Computer Name = D7QWJM21 | Source = MsiInstaller | ID = 1013
Description = Product: InstallMgr -- AlreadyInstalled

Error - 7/27/2010 12:34:13 AM | Computer Name = D7QWJM21 | Source = MsiInstaller | ID = 1013
Description = Product: InstallMgr -- AlreadyInstalled

Error - 7/27/2010 9:19:13 AM | Computer Name = D7QWJM21 | Source = Google Update | ID = 20
Description =

Error - 7/27/2010 9:39:19 AM | Computer Name = D7QWJM21 | Source = MsiInstaller | ID = 1013
Description = Product: InstallMgr -- AlreadyInstalled

Error - 7/28/2010 12:58:11 AM | Computer Name = D7QWJM21 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ijenubesidacibi.dll, version 0.0.0.0, fault address 0x000119aa.

Error - 7/28/2010 1:03:50 AM | Computer Name = D7QWJM21 | Source = MsiInstaller | ID = 1013
Description = Product: InstallMgr -- AlreadyInstalled

[ System Events ]
Error - 7/27/2010 9:16:42 AM | Computer Name = D7QWJM21 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/27/2010 9:16:42 AM | Computer Name = D7QWJM21 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/27/2010 9:32:44 AM | Computer Name = D7QWJM21 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 0007E9F06931 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/27/2010 9:33:21 AM | Computer Name = D7QWJM21 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 7/27/2010 9:34:09 AM | Computer Name = D7QWJM21 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 7/28/2010 12:55:07 AM | Computer Name = D7QWJM21 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 7/28/2010 12:55:07 AM | Computer Name = D7QWJM21 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 7/28/2010 12:58:11 AM | Computer Name = D7QWJM21 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.64 for the Network Card with network
address 0007E9F06931 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/28/2010 12:58:48 AM | Computer Name = D7QWJM21 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 7/28/2010 12:59:34 AM | Computer Name = D7QWJM21 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.


< End of report >
justin234
Active Member
 
Posts: 12
Joined: July 22nd, 2010, 12:18 am

Re: Browser redirects

Unread postby deltalima » July 28th, 2010, 4:35 am

Hi justin234,

Please post the GMER or RKUnHooker log when ready.

Please confirm that you have installed and run Malwarebytes since posting the initial log and if so post the log of infections detected.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    MOD - C:\WINDOWS\ijenubesidacibi.dll ()
    MOD - C:\WINDOWS\KBDPRFI.dll ()
    O2 - BHO: (C:\WINDOWS\system32\m5qflyk.dll) - {C3BA40A2-75F1-52BD-F413-04B15A2C8953} - C:\WINDOWS\System32\m5qflyk.dll File not found
    O4 - HKLM..\Run: [bdeqvkps] C:\Documents and Settings\Ron\Local Settings\Application Data\qjqfvnrwj\olilxmwtssd.exe File not found
    O4 - HKLM..\Run: [ewrgetuj] C:\DOCUME~1\Ron\LOCALS~1\Temp\geurge.exe File not found
    O4 - HKLM..\Run: [hetgklfl] C:\Documents and Settings\NetworkService\Local Settings\Application Data\dhmsqsnoo\ibbqojvtssd.exe File not found
    O4 - HKLM..\Run: [Jmatoj] C:\WINDOWS\ijenubesidacibi.DLL ()
    O4 - HKLM..\Run: [jwcwugpk] C:\Documents and Settings\Ron\Local Settings\Application Data\jvvdycmjo\moebobntssd.exe File not found
    O4 - HKLM..\Run: [ulrubhfm] C:\Documents and Settings\NetworkService\Local Settings\Application Data\cagqiseoa\qforlrltssd.exe File not found
    O4 - HKU\.DEFAULT..\Run: [hetgklfl] C:\Documents and Settings\NetworkService\Local Settings\Application Data\dhmsqsnoo\ibbqojvtssd.exe File not found
    O4 - HKU\.DEFAULT..\Run: [ulrubhfm] C:\Documents and Settings\NetworkService\Local Settings\Application Data\cagqiseoa\qforlrltssd.exe File not found
    O4 - HKU\S-1-5-18..\Run: [hetgklfl] C:\Documents and Settings\NetworkService\Local Settings\Application Data\dhmsqsnoo\ibbqojvtssd.exe File not found
    O4 - HKU\S-1-5-18..\Run: [ulrubhfm] C:\Documents and Settings\NetworkService\Local Settings\Application Data\cagqiseoa\qforlrltssd.exe File not found
    O4 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006..\Run: [bdeqvkps] C:\Documents and Settings\Ron\Local Settings\Application Data\qjqfvnrwj\olilxmwtssd.exe File not found
    O4 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006..\Run: [hsef87ehf3jishfs87fhuishfsgggfdgs4g] C:\DOCUME~1\Ron\LOCALS~1\Temp\op7qy.exe File not found
    O4 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006..\Run: [hsehf98u34i9tjioaugy987iuegdsg] C:\DOCUME~1\Ron\LOCALS~1\Temp\smss.exe File not found
    O4 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006..\Run: [jwcwugpk] C:\Documents and Settings\Ron\Local Settings\Application Data\jvvdycmjo\moebobntssd.exe File not found
    O4 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006..\Run: [mcexecwin] C:\DOCUME~1\Ron\LOCALS~1\Temp\gk812c0.DLL File not found
    O4 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006..\Run: [sdr8gdrgdrgke49orkgsjkjfjhsd] C:\DOCUME~1\Ron\LOCALS~1\Temp\cmd.exe File not found
    O4 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006..\Run: [Trehumofutoc] C:\WINDOWS\KBDPRFI.DLL ()
    O7 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O7 - HKU\S-1-5-21-2617571402-3943365155-446356517-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O16 - DPF: {35B7E48B-9D81-4C6C-9578-5FD4F620D886} http://host1.telechart.tv/tcrepair/setup.exe (InstallShield Setup Player 2K2)
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} Reg Error: Key error. (Reg Error: Key error.)
    O22 - SharedTaskScheduler: {C3BA40A2-75F1-52BD-F413-04B15A2C8953} - jahs8973fioafnh98fasfw3gadfgjdsdf - C:\WINDOWS\System32\m5qflyk.dll File not found
    :commands
    [EMPTYTEMP]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a new HijackThis log and also let me know how your computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Browser redirects

Unread postby justin234 » July 28th, 2010, 10:12 am

Hello deltalima, I installed and ran MalwareBytes a few days ago.

Here are the RkU and MalwareBytes results:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4247552 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 52.16 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6282000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 1466368 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 52.16 )
0xF5F47000 C:\WINDOWS\system32\drivers\P16X.sys 1331200 bytes (Creative Technology Ltd., WDM Audio Miniport)
0xF6118000 C:\WINDOWS\System32\DRIVERS\HSF_DP.sys 1093632 bytes (Conexant Systems, HSF_DP driver)
0xF74CD000 azbgv.sys 794624 bytes
0xF73D2000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF608C000 C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys 573440 bytes (Conexant Systems, WinACHSF driver)
0xEBCD5000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF58A7000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF732F000 mfehidk.sys 376832 bytes (McAfee, Inc., McAfee Link Driver)
0xEBDE1000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB8C68000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB7F2A000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xEBEA4000 C:\WINDOWS\System32\Drivers\cdudf_xp.SYS 241664 bytes (Roxio, CD-UDF NT Filesystem Driver)
0xEBE5F000 C:\WINDOWS\System32\Drivers\UdfReadr_xp.SYS 208896 bytes (Roxio, CD-UDF NT Filesystem Reader Driver)
0xF75A0000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB8E92000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF73A5000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF5ED4000 C:\WINDOWS\System32\DRIVERS\ctoss2k.sys 180224 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xB5AF5000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEBD45000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEBD92000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF6223000 C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys 159744 bytes (Conexant Systems, HSF_HWB2 WDM driver)
0xEBDBA000 C:\WINDOWS\System32\Drivers\Mpfp.sys 159744 bytes (McAfee, Inc., McAfee Personal Firewall Plus Driver)
0xEBCAF000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF5F00000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF624A000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF5E91000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 143360 bytes (Intel Corporation, NDIS 5 driver)
0xF5F24000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEBD70000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF5EB4000 C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys 131072 bytes (Creative Technology Ltd, SoundFont(R) Manager (WDM))
0xF7476000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74AE000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF5E5E000 C:\WINDOWS\System32\Drivers\pwd_2k.SYS 126976 bytes (Roxio, Win2000 Framework for Packet Write Driver)
0xF738B000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7496000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF745F000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF59B6000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB8E55000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF5E7D000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF626E000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEBE3A000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB86DE000 C:\WINDOWS\system32\drivers\mfeavfk.sys 73728 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0xF758F000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF59A5000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xEBF37000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF76CF000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76BF000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF769F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF76DF000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF784F000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF3210000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF762F000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76AF000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF77BF000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF760F000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF77DF000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF764F000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xEC68B000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF76EF000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF75FF000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF77CF000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF75EF000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF780F000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF77FF000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF761F000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF768F000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xEC6CB000 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xF77AF000 C:\WINDOWS\system32\drivers\mfesmfk.sys 36864 bytes (McAfee, Inc., System Monitor Filter Driver)
0xF77EF000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xEC6BB000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB6833000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF763F000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xEC66B000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF78DF000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xECAFE000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF78CF000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF78EF000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7917000 C:\WINDOWS\system32\drivers\mfebopk.sys 28672 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0xF786F000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF78F7000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7967000 C:\WINDOWS\System32\Drivers\mmc_2K.SYS 24576 bytes (Roxio, CD-R/RW AddOn MMC Driver (W2K))
0xF78FF000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF78C7000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xECB0E000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF4047000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xECB06000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF795F000 C:\WINDOWS\System32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF7877000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF794F000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7957000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7947000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xEC034000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF72EA000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF7AA3000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEDA0C000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7A8B000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF79FF000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF0B12000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7A7F000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF72DA000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB8C50000 C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7A9B000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xED0FA000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xED0EE000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7B61000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B9F000 C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 8192 bytes (Gteko Ltd., Process Trigger Driver)
0xF7B73000 C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
0xF7B5F000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7AEF000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B63000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B67000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7BA9000 C:\WINDOWS\System32\PfModNT.sys 8192 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
0xF7B65000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B2B000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B75000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7AF1000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7CC4000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xECDC5000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
0xECDC2000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
0xF7C31000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xECDC1000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BB7000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x83AE3AEA ?_empty_? 1302 bytes
0x83AE3EC5 unknown_irp_handler 315 bytes
0x83BD9FE0 unknown_irp_handler 32 bytes
!!!!!!!!!!!Hidden driver: 0x83BD9960 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF7496000 WARNING: suspicious driver modification [atapi.sys::0x83AE3AEA]
0x03C80000 Hidden Image-->SupportSoft.Agent.Sprocket.dll [ EPROCESS 0x83085938 ] PID: 2124, 28672 bytes
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\azbgv.sys]
0x03DA0000 Hidden Image-->SupportSoft.Agent.Sprocket.SupportMessage.dll [ EPROCESS 0x83085938 ] PID: 2124, 45056 bytes
0x03130000 Hidden Image-->sprtmessage.dll [ EPROCESS 0x83085938 ] PID: 2124, 77824 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da71c0121f33c0.bup
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\setup\config.ini::$DATA
!-->[Hidden] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\P8KLH0R0\jump2[4].htm
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb::$DATA
!-->[Hidden] C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log::$DATA
==============================================
>Hooks
==============================================
Key object-->ParseProcedure, Type: Kernel Object [unknown_code_page]
ntfs.sys+0x00025E55, Type: Inline - RelativeJump 0xF73F7E55-->F73F7DE9 [Ntfs.sys]
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe-->NtCreateFile, Type: Inline - RelativeJump 0x8056CF98-->F7361CA6 [mfehidk.sys]
ntoskrnl.exe-->NtCreateKey, Type: Inline - RelativeJump 0x80570833-->F7361D3D [mfehidk.sys]
ntoskrnl.exe-->NtCreateProcess, Type: Inline - RelativeJump 0x805B14AC-->F7361C7C [mfehidk.sys]
ntoskrnl.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x8057FE4C-->F7361C90 [mfehidk.sys]
ntoskrnl.exe-->NtDeleteKey, Type: Inline - RelativeJump 0x80595316-->F7361D51 [mfehidk.sys]
ntoskrnl.exe-->NtDeleteValueKey, Type: Inline - RelativeJump 0x80592D64-->F7361D7D [mfehidk.sys]
ntoskrnl.exe-->NtEnumerateKey, Type: Inline - RelativeJump 0x80570F41-->F7361DEB [mfehidk.sys]
ntoskrnl.exe-->NtEnumerateValueKey, Type: Inline - RelativeJump 0x80589A67-->F7361DD5 [mfehidk.sys]
ntoskrnl.exe-->NtLoadKey2, Type: Inline - RelativeJump 0x805AECB8-->F7361E01 [mfehidk.sys]
ntoskrnl.exe-->NtMapViewOfSection, Type: Inline - RelativeJump 0x80573D41-->F7361CE6 [mfehidk.sys]
ntoskrnl.exe-->NtOpenKey, Type: Inline - RelativeJump 0x80568D48-->F7361D29 [mfehidk.sys]
ntoskrnl.exe-->NtOpenProcess, Type: Inline - RelativeJump 0x805719AC-->F7361C18 [mfehidk.sys]
ntoskrnl.exe-->NtOpenThread, Type: Inline - RelativeJump 0x8058E5C4-->F7361C2C [mfehidk.sys]
ntoskrnl.exe-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x80571E96-->F7361CBA [mfehidk.sys]
ntoskrnl.exe-->NtQueryKey, Type: Inline - RelativeJump 0x80570C4A-->F7361E55 [mfehidk.sys]
ntoskrnl.exe-->NtQueryMultipleValueKey, Type: Inline - RelativeJump 0x8064E66B-->F7361DBF [mfehidk.sys]
ntoskrnl.exe-->NtQueryValueKey, Type: Inline - RelativeJump 0x8056A1F9-->F7361DA9 [mfehidk.sys]
ntoskrnl.exe-->NtRenameKey, Type: Inline - RelativeJump 0x8064EAEA-->F7361D67 [mfehidk.sys]
ntoskrnl.exe-->NtReplaceKey, Type: Inline - RelativeJump 0x8064F446-->F7361E41 [mfehidk.sys]
ntoskrnl.exe-->NtRestoreKey, Type: Inline - RelativeJump 0x8064EFDD-->F7361E2D [mfehidk.sys]
ntoskrnl.exe-->NtSetContextThread, Type: Inline - RelativeJump 0x8062E057-->F7361C68 [mfehidk.sys]
ntoskrnl.exe-->NtSetInformationProcess, Type: Inline - RelativeJump 0x8056DDD9-->F7361C54 [mfehidk.sys]
ntoskrnl.exe-->NtSetValueKey, Type: Inline - RelativeJump 0x80572A6E-->F7361D93 [mfehidk.sys]
ntoskrnl.exe-->NtTerminateProcess, Type: Inline - RelativeJump 0x805824CC-->F7361D15 [mfehidk.sys]
ntoskrnl.exe-->NtUnloadKey, Type: Inline - RelativeJump 0x8064DD32-->F7361E17 [mfehidk.sys]
ntoskrnl.exe-->NtUnmapViewOfSection, Type: Inline - RelativeJump 0x805738C6-->F7361CFC [mfehidk.sys]
ntoskrnl.exe-->NtYieldExecution, Type: Inline - RelativeJump 0x804F0EB6-->F7361CD0 [mfehidk.sys]
[1008]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1008]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1008]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1008]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1008]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1008]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1008]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1008]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1008]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1008]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[1008]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x771CA6DD-->00000000 [unknown_code_page]
[1008]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x771CC8BD-->00000000 [unknown_code_page]
[1008]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x77215A51-->00000000 [unknown_code_page]
[1008]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x771CAFC2-->00000000 [unknown_code_page]
[1008]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1080]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1080]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1080]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1080]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1080]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1080]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1080]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1080]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1080]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1080]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x771CA6DD-->00000000 [unknown_code_page]
[1080]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x771CC8BD-->00000000 [unknown_code_page]
[1080]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x77215A51-->00000000 [unknown_code_page]
[1080]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x771CAFC2-->00000000 [unknown_code_page]
[1080]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1244]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1244]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1244]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1244]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1244]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1244]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1244]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1244]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1244]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1244]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x771CA6DD-->00000000 [unknown_code_page]
[1244]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x771CC8BD-->00000000 [unknown_code_page]
[1244]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x77215A51-->00000000 [unknown_code_page]
[1244]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x771CAFC2-->00000000 [unknown_code_page]
[1244]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[1664]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[1664]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[1664]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[1664]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[1664]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[1664]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[1664]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[1664]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[1664]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[1664]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[1664]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[1664]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[1664]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[1664]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[1664]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[1664]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[1664]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[1664]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[1664]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[1664]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[1664]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[1664]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[1664]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[1664]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[1664]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[1664]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x771CA6DD-->00000000 [unknown_code_page]
[1664]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x771CC8BD-->00000000 [unknown_code_page]
[1664]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x77215A51-->00000000 [unknown_code_page]
[1664]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x771CAFC2-->00000000 [unknown_code_page]
[1664]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[220]McProxy.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [McProxy.exe]
[220]McProxy.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [McProxy.exe]
[2592]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[2592]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[2592]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[2592]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[2592]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[2592]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[2592]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[2592]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[2592]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[2592]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[2592]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[2592]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[2592]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[2592]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[2592]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[2592]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[2592]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[2592]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[2592]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[2592]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[2592]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[2592]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[2592]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[2592]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[2592]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[2592]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x771CA6DD-->00000000 [unknown_code_page]
[2592]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x771CC8BD-->00000000 [unknown_code_page]
[2592]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x77215A51-->00000000 [unknown_code_page]
[2592]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x771CAFC2-->00000000 [unknown_code_page]
[2592]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[3100]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3100]explorer.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[3100]explorer.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[3100]explorer.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[3100]explorer.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[3100]explorer.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[3100]explorer.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[3100]explorer.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[3100]explorer.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[3100]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3100]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[3100]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[3100]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[3100]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[3100]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[3100]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[3100]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3100]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3100]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[724]services.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[724]services.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[724]services.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[724]services.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[724]services.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[724]services.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[724]services.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[724]services.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[724]services.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[724]services.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[724]services.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[724]services.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[724]services.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[724]services.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[724]services.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[724]services.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[724]services.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[724]services.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[724]services.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[724]services.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[724]services.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[724]services.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[724]services.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[724]services.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[724]services.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[724]services.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x771CA6DD-->00000000 [unknown_code_page]
[724]services.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x771CC8BD-->00000000 [unknown_code_page]
[724]services.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x77215A51-->00000000 [unknown_code_page]
[724]services.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x771CAFC2-->00000000 [unknown_code_page]
[724]services.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[736]lsass.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[736]lsass.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[736]lsass.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[736]lsass.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[736]lsass.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[736]lsass.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[736]lsass.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[736]lsass.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[736]lsass.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[736]lsass.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[736]lsass.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[736]lsass.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[736]lsass.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[736]lsass.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[736]lsass.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[736]lsass.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[736]lsass.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[736]lsass.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[736]lsass.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[736]lsass.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[736]lsass.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[736]lsass.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[736]lsass.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[736]lsass.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[736]lsass.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[736]lsass.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x771CA6DD-->00000000 [unknown_code_page]
[736]lsass.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x771CC8BD-->00000000 [unknown_code_page]
[736]lsass.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x77215A51-->00000000 [unknown_code_page]
[736]lsass.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x771CAFC2-->00000000 [unknown_code_page]
[736]lsass.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[888]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[888]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[888]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x771CA6DD-->00000000 [unknown_code_page]
[888]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x771CC8BD-->00000000 [unknown_code_page]
[888]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x77215A51-->00000000 [unknown_code_page]
[888]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x771CAFC2-->00000000 [unknown_code_page]
[888]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegCreateKeyA, Type: Inline - RelativeJump 0x77DFBCF3-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegCreateKeyExA, Type: Inline - RelativeJump 0x77DDE9F4-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegCreateKeyExW, Type: Inline - RelativeJump 0x77DD776C-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegCreateKeyW, Type: Inline - RelativeJump 0x77DFBA55-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegOpenKeyA, Type: Inline - RelativeJump 0x77DDEFC8-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegOpenKeyExA, Type: Inline - RelativeJump 0x77DD7852-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: Inline - RelativeJump 0x77DD6AAF-->00000000 [unknown_code_page]
[968]svchost.exe-->advapi32.dll-->RegOpenKeyW, Type: Inline - RelativeJump 0x77DD7946-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->CreateFileA, Type: Inline - RelativeJump 0x7C801A28-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->CreateFileW, Type: Inline - RelativeJump 0x7C810800-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->CreateNamedPipeA, Type: Inline - RelativeJump 0x7C860CDC-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->CreateNamedPipeW, Type: Inline - RelativeJump 0x7C82F0DD-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->CreatePipe, Type: Inline - RelativeJump 0x7C81D83F-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->CreateProcessA, Type: Inline - RelativeJump 0x7C80236B-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->CreateProcessW, Type: Inline - RelativeJump 0x7C802336-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->GetProcAddress, Type: Inline - RelativeJump 0x7C80AE40-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->GetStartupInfoA, Type: Inline - RelativeJump 0x7C801EF2-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->GetStartupInfoW, Type: Inline - RelativeJump 0x7C801E54-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: Inline - RelativeJump 0x7C801D7B-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->LoadLibraryExA, Type: Inline - RelativeJump 0x7C801D53-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: Inline - RelativeJump 0x7C801AF5-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->LoadLibraryW, Type: Inline - RelativeJump 0x7C80AEEB-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x7C801AD4-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->VirtualProtectEx, Type: Inline - RelativeJump 0x7C801A61-->00000000 [unknown_code_page]
[968]svchost.exe-->kernel32.dll-->WinExec, Type: Inline - RelativeJump 0x7C86250D-->00000000 [unknown_code_page]
[968]svchost.exe-->wininet.dll-->InternetOpenA, Type: Inline - RelativeJump 0x771CA6DD-->00000000 [unknown_code_page]
[968]svchost.exe-->wininet.dll-->InternetOpenUrlA, Type: Inline - RelativeJump 0x771CC8BD-->00000000 [unknown_code_page]
[968]svchost.exe-->wininet.dll-->InternetOpenUrlW, Type: Inline - RelativeJump 0x77215A51-->00000000 [unknown_code_page]
[968]svchost.exe-->wininet.dll-->InternetOpenW, Type: Inline - RelativeJump 0x771CAFC2-->00000000 [unknown_code_page]
[968]svchost.exe-->ws2_32.dll-->socket, Type: Inline - RelativeJump 0x71AB4211-->00000000 [unknown_code_page]


Malwarebytes:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4340

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

7/22/2010 11:28:45 PM
mbam-log-2010-07-22 (23-28-45).txt

Scan type: Full scan (C:\|)
Objects scanned: 255342
Time elapsed: 2 hour(s), 45 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 17
Registry Values Infected: 15
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\KBDPRFI.dll (Trojan.Hiloti.Gen) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\setup.player (Spyware.MarketScore) -> No action taken.
HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c3ba40a2-75f1-52bd-f413-04b15a2c8953} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c3ba40a2-75f1-52bd-f413-04b15a2c8953} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3ba40a2-75f1-52bd-f413-04b15a2c8953} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\AVSolution (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\trehumofutoc (Trojan.Hiloti.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c3ba40a2-75f1-52bd-f413-04b15a2c8953} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsehf98u34i9tjioaugy987iuegdsg (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jwcwugpk (Rogue.AntivirusSuite.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bdeqvkps (Rogue.AntivirusSuite.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mcexecwin (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sdr8gdrgdrgke49orkgsjkjfjhsd (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jwcwugpk (Rogue.AntivirusSuite.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bdeqvkps (Rogue.AntivirusSuite.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ulrubhfm (Rogue.AntivirusSuite.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewrgetuj (Worm.Prolaco.M) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsef87ehf3jishfs87fhuishfsgggfdgs4g (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\KBDPRFI.dll (Trojan.Hiloti.Gen) -> No action taken.
C:\Documents and Settings\Ron\Local Settings\Temp\iexplorer.exe (Malware.Packer.Gen) -> No action taken.
C:\WINDOWS\Temp\ixUAKXUSiT.exe (Rogue.AntivirSolutionPro) -> No action taken.
C:\WINDOWS\Temp\C1.tmp (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\Temp\C5.tmp (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\Temp\E8.tmp (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\Temp\exe.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\All Users\Favorites\_favdata.dat (Malware.Trace) -> No action taken.
justin234
Active Member
 
Posts: 12
Joined: July 22nd, 2010, 12:18 am

Re: Browser redirects

Unread postby deltalima » July 28th, 2010, 10:24 am

OK, please run the OTL script and the Kaspersky scan from my previous post, The Kaspersky scan will take a long time to complete.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Browser redirects

Unread postby justin234 » July 28th, 2010, 12:49 pm

Again, thanks for helping me. I didn't know this would be so involved. Makes me appreciate your profession a lot more.

Upon restarting I did get a little popup error box that didn't stop anything from loading apparently but still I thought you should know.

"Error loading C:\WINDOWS\KBDPRFI.dll
The specified module could not be found."

I will do the online scan now.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3BA40A2-75F1-52BD-F413-04B15A2C8953}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3BA40A2-75F1-52BD-F413-04B15A2C8953}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bdeqvkps deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ewrgetuj deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hetgklfl deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Jmatoj deleted successfully.
C:\WINDOWS\ijenubesidacibi.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jwcwugpk deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ulrubhfm deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\hetgklfl deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\ulrubhfm deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\hetgklfl not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ulrubhfm not found.
Registry value HKEY_USERS\S-1-5-21-2617571402-3943365155-446356517-1006\Software\Microsoft\Windows\CurrentVersion\Run\\bdeqvkps deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2617571402-3943365155-446356517-1006\Software\Microsoft\Windows\CurrentVersion\Run\\hsef87ehf3jishfs87fhuishfsgggfdgs4g deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2617571402-3943365155-446356517-1006\Software\Microsoft\Windows\CurrentVersion\Run\\hsehf98u34i9tjioaugy987iuegdsg deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2617571402-3943365155-446356517-1006\Software\Microsoft\Windows\CurrentVersion\Run\\jwcwugpk deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2617571402-3943365155-446356517-1006\Software\Microsoft\Windows\CurrentVersion\Run\\mcexecwin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2617571402-3943365155-446356517-1006\Software\Microsoft\Windows\CurrentVersion\Run\\sdr8gdrgdrgke49orkgsjkjfjhsd deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2617571402-3943365155-446356517-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Trehumofutoc deleted successfully.
C:\WINDOWS\KBDPRFI.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2617571402-3943365155-446356517-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2617571402-3943365155-446356517-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Starting removal of ActiveX control {35B7E48B-9D81-4C6C-9578-5FD4F620D886}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{35B7E48B-9D81-4C6C-9578-5FD4F620D886}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{35B7E48B-9D81-4C6C-9578-5FD4F620D886}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35B7E48B-9D81-4C6C-9578-5FD4F620D886}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{35B7E48B-9D81-4C6C-9578-5FD4F620D886}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35B7E48B-9D81-4C6C-9578-5FD4F620D886}\ not found.
Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{C3BA40A2-75F1-52BD-F413-04B15A2C8953} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3BA40A2-75F1-52BD-F413-04B15A2C8953}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 20316258 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 39454326 bytes
->Flash cache emptied: 5759 bytes

User: Ron
->Temp folder emptied: 12477357 bytes
->Temporary Internet Files folder emptied: 166208210 bytes
->Java cache emptied: 81499140 bytes
->Google Chrome cache emptied: 6982828 bytes
->Flash cache emptied: 1329144 bytes

%systemdrive% .tmp files removed: 3345269 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 3613713 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 312533571 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64725710 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 49377 bytes
RecycleBin emptied: 2605008 bytes

Total Files Cleaned = 682.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 07282010_071545

Files\Folders moved on Reboot...
C:\Documents and Settings\Ron\Local Settings\Temp\~DF4B9A.tmp moved successfully.
File\Folder C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\URRGJZOP\viewtopic[1].htm not found!
File\Folder C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\G0Y82H66\1[2].htm not found!
File\Folder C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\G0Y82H66\mcminnville-2448306[1].htm not found!
C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\5Q1NDALF\finance.yahoo[1].htm moved successfully.
C:\Documents and Settings\Ron\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
File\Folder C:\WINDOWS\temp\mcmsc_35pgUzBBCgLNVGw not found!
File\Folder C:\WINDOWS\temp\mcmsc_WvOldXV5lmDhY2a not found!

Registry entries deleted on Reboot...
justin234
Active Member
 
Posts: 12
Joined: July 22nd, 2010, 12:18 am

Re: Browser redirects

Unread postby deltalima » July 28th, 2010, 1:20 pm

Hi justin234,

I didn't know this would be so involved


Indeed it can be, we still have quite some work to do.

"Error loading C:\WINDOWS\KBDPRFI.dll
The specified module could not be found."


OK, we can fix that later.

I will do the online scan now.


Great, please post back when complete.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Browser redirects

Unread postby justin234 » July 29th, 2010, 1:20 am

Hello again,

Kaspersky report and new HiJackThis included. I'm still getting broswer redirects.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, July 28, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, July 28, 2010 17:52:59
Records in database: 4195346
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 119768
Threats found: 4
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 03:04:01


File name / Threat / Threats count
svchost.exe\svchost.exe/svchost.exe\svchost.exe Infected: Trojan.Win32.Agent2.cqok 1
C:\Documents and Settings\Ron\My Documents\fix-justin\regtools.vbs Infected: not-a-virus:RiskTool.VBS.DisReg.a 1
C:\Documents and Settings\Ron\My Documents\WxBugSetup6.07.0.20.EXE Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1
C:\_OTL\MovedFiles\07282010_071545\C_WINDOWS\KBDPRFI.dll Infected: Trojan-Spy.Win32.Zbot.aleo 1
F:\My Documents\WxBugSetup6.07.0.20.EXE Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1
F:\My Documents\fix-justin\regtools.vbs Infected: not-a-virus:RiskTool.VBS.DisReg.a 1

Selected area has been scanned.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:19:27 PM, on 7/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\mstbsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Secure Online Account Numbers\SOAN.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\RCrawler\RCrawler.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\TeleChart\TeleChart.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SecureOnlineAccountNumbers] C:\Program Files\Secure Online Account Numbers\SOAN.exe /dontopenmycards
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Registry Crawler] C:\PROGRA~1\RCrawler\RCrawler.exe -TRAYONLY
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Trehumofutoc] rundll32.exe "C:\WINDOWS\KBDPRFI.dll",Startup
O4 - HKUS\S-1-5-18\..\Run: [NetworkControl] C:\NetworkControl\nc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NetworkControl] C:\NetworkControl\nc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCo ... taller.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {3CA15C82-6297-11D6-B8FA-00C04F5E375A} (BridgeChannel v3) - http://channel.bridge.com/bc/java/bc3_bridge_i.cab
O16 - DPF: {A0777FF1-23AC-11D5-BA9B-00C04F753F09} (BridgeChannel) - http://channel.bridge.com/bc24/java/bc_bridge_i.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://prod1.centra.com/SiteRoots/main/ ... loader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://optionsxpressevents.webex.com/c ... eatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
O23 - Service: Google Update Service (gupdate1ca3e0754473069) (gupdate1ca3e0754473069) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 11517 bytes

Thanks deltalima.
justin234
Active Member
 
Posts: 12
Joined: July 22nd, 2010, 12:18 am

Re: Browser redirects

Unread postby deltalima » July 29th, 2010, 4:07 am

Hi justin234,

Please re-open HijackThis and select Scan. Check the boxes next to all the entries listed below (if present):

O4 - HKCU\..\Run: [Trehumofutoc] rundll32.exe "C:\WINDOWS\KBDPRFI.dll",Startup

Now close all other open windows and then click on Fix Checked. Close HijackThis.

Run Combofix

Temporarily disable any antispyware, antivirus and or antimalware real-time protection as they may interfere with running of ComboFix.

Download ComboFix from here to your Desktop.

For more information about Combofix please see here.

Close all programs.

Double click combofix.exe and follow the prompts.

If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures, if not, then follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Once installed, you should see the following message:

The recovery console was successfuly installed.
Click ‘YES’ to continue scanning for malware
Click ‘NO’ for exit

Click the YES button.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your “drive access” light. If it is flashing, Combofix is still at work.

When finished ComboFix will produce a log file. Please post the contents of this log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Browser redirects

Unread postby justin234 » July 29th, 2010, 12:37 pm

Hey there deltalima, Here are the results of the combofix:

ComboFix 10-07-28.04 - Ron 07/29/2010 9:08.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.412 [GMT -7:00]
Running from: c:\documents and settings\Ron\My Documents\fix-justin\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\Ron\g2mdlhlpx.exe
c:\documents and settings\Ron\GoToAssistDownloadHelper.exe
c:\documents and settings\Ron\My Documents\regbackup.reg
c:\program files\INSTALL.LOG
c:\windows\abowajur.dll
c:\windows\abuhemof.dll
c:\windows\acaliyojoqoziyi.dll
c:\windows\acatamuxudipota.dll
c:\windows\adodoyadomipu.dll
c:\windows\afokakadikuji.dll
c:\windows\afowuqewidumuhi.dll
c:\windows\ahuyibewereco.dll
c:\windows\akopagid.dll
c:\windows\alifanivagoxoyi.dll
c:\windows\anexixoyen.dll
c:\windows\anukiqaq.dll
c:\windows\apatukixuyoy.dll
c:\windows\apugedekosubuk.dll
c:\windows\arefepuxek.dll
c:\windows\atisumocare.dll
c:\windows\atumodeta.dll
c:\windows\avezugiti.dll
c:\windows\ayasawegu.dll
c:\windows\azidafugahopi.dll
c:\windows\ebicohuv.dll
c:\windows\ebisiwojiyerez.dll
c:\windows\ecoquxojaponaduq.dll
c:\windows\efalohawurovi.dll
c:\windows\efepojuyibox.dll
c:\windows\egogabobituyi.dll
c:\windows\ejunemer.dll
c:\windows\ekewuhuropifatu.dll
c:\windows\emeruwuy.dll
c:\windows\emusatoxolibugid.dll
c:\windows\epenopafebo.dll
c:\windows\etocanuveruqapiw.dll
c:\windows\ewojugabor.dll
c:\windows\exevoqububukuk.dll
c:\windows\ibaninozumahohew.dll
c:\windows\ibuqimezocijezow.dll
c:\windows\ifekoqat.dll
c:\windows\ifupeyamo.dll
c:\windows\ihicucafuv.dll
c:\windows\ijesexasuxomodor.dll
c:\windows\imafetah.dll
c:\windows\imapubik.dll
c:\windows\imefadujuge.dll
c:\windows\iniquwejulati.dll
c:\windows\iputelaguzeyaweb.dll
c:\windows\irebenuw.dll
c:\windows\isegumaj.dll
c:\windows\isevazomopaj.dll
c:\windows\isofesujoxumu.dll
c:\windows\itepevubeqo.dll
c:\windows\ituzijuqumofut.dll
c:\windows\ivasuvub.dll
c:\windows\ivofepux.dll
c:\windows\iwufiwuzozawufi.dll
c:\windows\izeqodihod.dll
c:\windows\izojozap.dll
c:\windows\obocetuw.dll
c:\windows\ocadelujol.dll
c:\windows\odaqubef.dll
c:\windows\ogexesak.dll
c:\windows\ojuyeyogomusige.dll
c:\windows\okalufujuf.dll
c:\windows\okomutivolubu.dll
c:\windows\opumiyap.dll
c:\windows\oreweqoharus.dll
c:\windows\orodezen.dll
c:\windows\otaqeluwe.dll
c:\windows\oteqiqur.dll
c:\windows\oteyitejedab.dll
c:\windows\ovupefoqe.dll
c:\windows\owiqicac.dll
c:\windows\oxutubetogu.dll
c:\windows\oyaxanimifi.dll
c:\windows\oyofoqiwuhuropi.dll
c:\windows\ozixuqux.dll
c:\windows\system32\a.bat
c:\windows\ubadupapoxu.dll
c:\windows\udowuhuropi.dll
c:\windows\ufezepufi.dll
c:\windows\uheganisapam.dll
c:\windows\ujuraxijuma.dll
c:\windows\uleminopafebo.dll
c:\windows\uniyucegaqabiheb.dll
c:\windows\upuwiroz.dll
c:\windows\urinucijenonu.dll
c:\windows\utekupug.dll
c:\windows\utexoyiv.dll
c:\windows\utiwupom.dll
c:\windows\uvayuhax.dll
c:\windows\uyediwoxew.dll
c:\windows\uzeveraxif.dll

Infected copy of c:\windows\system32\drivers\pci.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-29 )))))))))))))))))))))))))))))))
.

2010-07-29 16:08 . 2010-07-29 16:08 -------- d-----w- c:\windows\LastGood
2010-07-29 00:12 . 2010-07-29 00:12 -------- d-----w- c:\program files\Common Files\Java
2010-07-28 14:15 . 2010-07-28 14:15 -------- d-----w- C:\_OTL
2010-07-27 20:01 . 2010-07-27 20:01 -------- d-----w- C:\NetworkControl
2010-07-26 17:59 . 2010-07-26 17:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\dhmsqsnoo
2010-07-23 03:37 . 2010-07-23 03:37 -------- d-----w- c:\documents and settings\Ron\Application Data\Malwarebytes
2010-07-23 03:37 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-23 03:37 . 2010-07-23 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-23 03:37 . 2010-07-23 06:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-23 03:37 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-22 06:11 . 2010-07-22 06:11 388096 ----a-r- c:\documents and settings\Ron\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-22 06:11 . 2010-07-22 06:11 -------- d-----w- c:\program files\Trend Micro
2010-07-20 13:13 . 2010-07-20 13:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-07-20 00:33 . 2010-07-20 17:11 -------- d-----w- c:\windows\system32\MpEngineStore
2010-07-19 13:42 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-18 07:24 . 2010-07-18 07:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\cagqiseoa
2010-07-17 16:52 . 2010-07-17 16:52 503808 ----a-w- c:\documents and settings\Ron\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-45e57fa5-n\msvcp71.dll
2010-07-17 16:52 . 2010-07-17 16:52 499712 ----a-w- c:\documents and settings\Ron\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-45e57fa5-n\jmc.dll
2010-07-17 16:52 . 2010-07-17 16:52 348160 ----a-w- c:\documents and settings\Ron\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-45e57fa5-n\msvcr71.dll
2010-07-17 16:52 . 2010-07-17 16:52 61440 ----a-w- c:\documents and settings\Ron\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-19c86688-n\decora-sse.dll
2010-07-17 16:52 . 2010-07-17 16:52 12800 ----a-w- c:\documents and settings\Ron\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-19c86688-n\decora-d3d.dll
2010-07-17 16:52 . 2010-07-17 12:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-16 16:55 . 2010-07-16 16:55 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-07-09 16:26 . 2010-07-16 16:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-09 14:18 . 2010-07-09 14:18 -------- d-----w- c:\documents and settings\Ron\Application Data\HTML Executable
2010-07-09 14:18 . 2010-07-09 14:18 -------- d-----w- c:\program files\Common Files\HTML Executable Viewer
2010-07-09 05:49 . 2010-07-29 05:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-09 05:42 . 2010-07-09 05:42 -------- d-----w- c:\documents and settings\Ron\Local Settings\Application Data\qjqfvnrwj
2010-07-09 05:34 . 2010-07-28 14:01 0 ----a-w- c:\windows\Dkekonafaz.dat
2010-07-09 05:34 . 2010-07-09 12:58 0 ----a-w- c:\windows\Pvumadazad.bin
2010-07-09 05:34 . 2010-07-09 05:34 -------- d-----w- c:\documents and settings\Ron\Local Settings\Application Data\{0C8DCCF0-6850-49C1-88C2-9B880C86CD53}
2010-07-09 05:31 . 2010-07-09 05:31 -------- d-----w- c:\documents and settings\Ron\Local Settings\Application Data\jvvdycmjo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-29 00:11 . 2009-05-24 16:33 -------- d-----w- c:\program files\Java
2010-07-28 14:37 . 2005-03-20 06:37 -------- d-----w- c:\program files\TeleChart
2010-07-24 03:38 . 2010-04-07 03:49 -------- d-----w- c:\program files\McAfee
2010-07-15 22:18 . 2010-04-07 03:51 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-07-09 05:35 . 2010-07-16 16:54 179860 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat
2010-07-01 04:50 . 2010-03-14 19:41 439816 ----a-w- c:\documents and settings\Ron\Application Data\Real\Update\setup3.10\setup.exe
2010-06-23 14:10 . 2010-06-23 14:10 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb5E.tmp.exe
2010-06-14 14:31 . 2002-08-29 11:00 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-05-02 05:22 . 2002-08-29 11:00 1851264 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-10-06 49152]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-15 28672]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-17 135168]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"SecureOnlineAccountNumbers"="c:\program files\Secure Online Account Numbers\SOAN.exe" [2005-08-02 196608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-20 286720]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-28 122368]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-25 198160]
"Registry Crawler"="c:\progra~1\RCrawler\RCrawler.exe" [2002-01-27 446464]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NetworkControl"="c:\networkcontrol\nc.exe" [2010-07-27 630784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-3-27 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-04-05 21:41 13672 ------w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/6/2010 8:55 PM 93320]
R2 mstbsvc;MSN Toolbar Setup;c:\program files\MSN\Toolbar\3.0.1125.0\mstbsvc.exe [2/9/2009 9:33 PM 104784]
S2 gupdate1ca3e0754473069;Google Update Service (gupdate1ca3e0754473069);c:\program files\Google\Update\GoogleUpdate.exe [9/25/2009 10:40 AM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]

2010-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 17:40]

2010-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-25 17:40]

2010-04-05 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-04-07 19:22]

2010-04-05 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-04-07 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://finance.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uInternet Settings,ProxyOverride = hxxp://localhost;
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: ameritrade.com
Trusted Zone: ameritrade.com\wwws
Trusted Zone: tdameritrade.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3CA15C82-6297-11D6-B8FA-00C04F5E375A} - hxxp://channel.bridge.com/bc/java/bc3_bridge_i.cab
DPF: {A0777FF1-23AC-11D5-BA9B-00C04F753F09} - hxxp://channel.bridge.com/bc24/java/bc_bridge_i.cab
DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} - hxxp://prod1.centra.com/SiteRoots/main/ ... loader.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
SafeBoot-mferkdk



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-29 09:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
.
Completion time: 2010-07-29 09:23:33
ComboFix-quarantined-files.txt 2010-07-29 16:23

Pre-Run: 43,043,078,144 bytes free
Post-Run: 43,140,386,816 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - CD967E8E187211A6A5B1944E2010FCDC
justin234
Active Member
 
Posts: 12
Joined: July 22nd, 2010, 12:18 am

Re: Browser redirects

Unread postby deltalima » July 29th, 2010, 1:09 pm

Hi justin234,

Please run Malwarebytes, update and run a quick scan and remove any detected items.

Please post the log and let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Browser redirects

Unread postby justin234 » July 31st, 2010, 11:47 am

Hi deltalima,

A family emergency came up and I am away from my home computer for a week. I will run Malwarebytes when I return. Thank you so much.

Justin
justin234
Active Member
 
Posts: 12
Joined: July 22nd, 2010, 12:18 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 304 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware