Just recently I have been getting redirected from the pages when I click on hyperlinks. I have done as requested and here are the logs.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4344
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
7/25/2010 12:35:24 PM
mbam-log-2010-07-25 (12-35-24).txt
Scan type: Quick scan
Objects scanned: 130391
Time elapsed: 6 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-25 13:05:31
Windows 6.1.7600
Running: kqz3e94m.exe; Driver: C:\Users\Windows7\AppData\Local\Temp\ugtcikow.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8222FAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8222F104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8222F3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82217634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82217898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8222F1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8222F958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8222F6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8222FF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 822301A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 81E48599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81E6CF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Windows\System32\Drivers\ezfydpup.sys A device attached to the system is not functioning. !
.rsrc C:\Windows\System32\drivers\volmgrx.sys entry point in ".rsrc" section [0x8804D014]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[800] ntdll.dll!NtProtectVirtualMemory 77C75380 5 Bytes JMP 002C000A
.text C:\Windows\system32\svchost.exe[800] ntdll.dll!NtWriteVirtualMemory 77C75F00 5 Bytes JMP 002D000A
.text C:\Windows\system32\svchost.exe[800] ntdll.dll!KiUserExceptionDispatcher 77C76448 5 Bytes JMP 002B000A
.text C:\Windows\system32\svchost.exe[800] ole32.dll!CoCreateInstance 77B257FC 5 Bytes JMP 003C000A
.text C:\Windows\system32\svchost.exe[800] USER32.dll!GetCursorPos 77D9C198 5 Bytes JMP 0096000A
.text C:\Windows\Explorer.EXE[1760] ntdll.dll!NtProtectVirtualMemory 77C75380 5 Bytes JMP 0028000A
.text C:\Windows\Explorer.EXE[1760] ntdll.dll!NtWriteVirtualMemory 77C75F00 5 Bytes JMP 0029000A
.text C:\Windows\Explorer.EXE[1760] ntdll.dll!KiUserExceptionDispatcher 77C76448 5 Bytes JMP 0027000A
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 84E6B178
Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device -> \Driver\atapi \Device\Harddisk0\DR0 84B52EC5
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\ezfydpup@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\ezfydpup@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\ezfydpup@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\services\ezfydpup@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\services\ezfydpup@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\ezfydpup@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\ezfydpup@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\services\ezfydpup@Group Boot Bus Extender
---- Files - GMER 1.0.15 ----
File C:\Windows\System32\drivers\volmgrx.sys suspicious modification
File C:\Windows\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
DDS log was too long so it is attached.
Please let me know what is needed of me next. Thanx in advance.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4344
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
7/25/2010 12:35:24 PM
mbam-log-2010-07-25 (12-35-24).txt
Scan type: Quick scan
Objects scanned: 130391
Time elapsed: 6 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-25 13:05:31
Windows 6.1.7600
Running: kqz3e94m.exe; Driver: C:\Users\Windows7\AppData\Local\Temp\ugtcikow.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8222FAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8222F104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8222F3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82217634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82217898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8222F1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8222F958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8222F6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8222FF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 822301A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 81E48599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81E6CF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Windows\System32\Drivers\ezfydpup.sys A device attached to the system is not functioning. !
.rsrc C:\Windows\System32\drivers\volmgrx.sys entry point in ".rsrc" section [0x8804D014]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[800] ntdll.dll!NtProtectVirtualMemory 77C75380 5 Bytes JMP 002C000A
.text C:\Windows\system32\svchost.exe[800] ntdll.dll!NtWriteVirtualMemory 77C75F00 5 Bytes JMP 002D000A
.text C:\Windows\system32\svchost.exe[800] ntdll.dll!KiUserExceptionDispatcher 77C76448 5 Bytes JMP 002B000A
.text C:\Windows\system32\svchost.exe[800] ole32.dll!CoCreateInstance 77B257FC 5 Bytes JMP 003C000A
.text C:\Windows\system32\svchost.exe[800] USER32.dll!GetCursorPos 77D9C198 5 Bytes JMP 0096000A
.text C:\Windows\Explorer.EXE[1760] ntdll.dll!NtProtectVirtualMemory 77C75380 5 Bytes JMP 0028000A
.text C:\Windows\Explorer.EXE[1760] ntdll.dll!NtWriteVirtualMemory 77C75F00 5 Bytes JMP 0029000A
.text C:\Windows\Explorer.EXE[1760] ntdll.dll!KiUserExceptionDispatcher 77C76448 5 Bytes JMP 0027000A
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 84E6B178
Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device -> \Driver\atapi \Device\Harddisk0\DR0 84B52EC5
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\ezfydpup@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\ezfydpup@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\ezfydpup@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\services\ezfydpup@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\services\ezfydpup@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\ezfydpup@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\ezfydpup@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\services\ezfydpup@Group Boot Bus Extender
---- Files - GMER 1.0.15 ----
File C:\Windows\System32\drivers\volmgrx.sys suspicious modification
File C:\Windows\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
DDS log was too long so it is attached.
Please let me know what is needed of me next. Thanx in advance.