Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser redirecting after system recovery virus removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser redirecting after system recovery virus removal

Unread postby jdempsey » October 30th, 2011, 10:46 am

This thing has me pulling my hair out. Seems no one can fix this. Someone said come here and try to get some help. So here i am. Whenever i do a search i am redirected to all these different junk websites. Everything else seems to be working fine just cant get this issue fixed. Im also attaching the hijack this log along with the DDS logs also. Any help will be greatly appreciated. Oh i almost forgot. also i can here audio playing randomly in the background from multiple sources when i have internet explorer open.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 10:34:18 on 2011-10-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.185 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Symantec Endpoint Protection *Disabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec AntiVirus\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://www.napaaccount.com/rfmweb/LTOCX13N.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Custo ... anager.CAB
DPF: {460324E8-CFB4-4357-85EF-CE3EBFE23A62} - hxxp://www.trba.org/ActiveXControls/ActiveXViewer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
TCP: DhcpNameServer = 76.85.228.100 76.85.228.101 209.18.47.61
TCP: Interfaces\{5D578125-9120-4B9F-B46E-C789D9F97F3D} : DhcpNameServer = 76.85.228.100 76.85.228.101 209.18.47.61
Notify: igfxcui - igfxdev.dll
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido anti-malware\shellhook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator.highwaymarkings\application data\mozilla\firefox\profiles\z0u2xz4e.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2004-11-22 3072]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl79092b3c;MpKsl79092b3c;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6464e7e9-5c6c-434c-9800-04ecc26fa648}\MpKsl79092b3c.sys [2011-10-30 28752]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-11-12 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-11-12 108392]
R2 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2008-11-12 2240944]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-6-2 105592]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110602.001\NAVENG.SYS [2011-6-2 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110602.001\NAVEX15.SYS [2011-6-2 1542392]
S1 MpKsl02f79126;MpKsl02f79126;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{03ed8e3c-667d-4abb-a630-e30a0eadeb03}\mpksl02f79126.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{03ed8e3c-667d-4abb-a630-e30a0eadeb03}\MpKsl02f79126.sys [?]
S1 MpKsl1d28f81b;MpKsl1d28f81b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4d8e8b3e-1796-465a-b768-54f3d4332656}\mpksl1d28f81b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4d8e8b3e-1796-465a-b768-54f3d4332656}\MpKsl1d28f81b.sys [?]
S1 MpKsl2d95647c;MpKsl2d95647c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f19eddfc-e187-4737-82fe-0e507901d74b}\mpksl2d95647c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f19eddfc-e187-4737-82fe-0e507901d74b}\MpKsl2d95647c.sys [?]
S1 MpKslb9269bf5;MpKslb9269bf5;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f19eddfc-e187-4737-82fe-0e507901d74b}\mpkslb9269bf5.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f19eddfc-e187-4737-82fe-0e507901d74b}\MpKslb9269bf5.sys [?]
S2 ewido security suite guard;ewido security suite guard;c:\program files\ewido anti-malware\ewidoguard.exe [2005-12-18 151616]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-24 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-12 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-24 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
=============== Created Last 30 ================
.
2011-10-30 13:57:55 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6464e7e9-5c6c-434c-9800-04ecc26fa648}\MpKsl79092b3c.sys
2011-10-30 13:57:51 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6464e7e9-5c6c-434c-9800-04ecc26fa648}\offreg.dll
2011-10-30 13:07:40 -------- d-----w- C:\VundoFix Backups
2011-10-30 12:58:27 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6464e7e9-5c6c-434c-9800-04ecc26fa648}\MpKsl854e0c5f.sys
2011-10-30 12:47:07 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6464e7e9-5c6c-434c-9800-04ecc26fa648}\MpKsl3758a2d5.sys
2011-10-30 05:33:38 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6464e7e9-5c6c-434c-9800-04ecc26fa648}\mpengine.dll
2011-10-29 16:46:04 1416 ----a-w- c:\windows\system32\tmp.reg
2011-10-28 23:17:22 -------- d-----w- c:\documents and settings\administrator.highwaymarkings\application data\kCekIBrzOyA
2011-10-28 23:17:02 -------- d-----w- c:\documents and settings\administrator.highwaymarkings\application data\j0ycS1ivDoGaHsK
2011-10-28 23:16:57 -------- d-----w- c:\program files\STOPzilla!
2011-10-28 23:16:56 -------- d-----w- c:\program files\common files\iS3
2011-10-28 23:16:56 -------- d-----w- c:\documents and settings\administrator.highwaymarkings\application data\dfEL9gTXqYeIrOy
2011-10-28 23:15:14 -------- d-----w- c:\windows\TempA620E010-AD6B-FBCF-762F-AA1C1818D132-Signatures
2011-10-28 23:14:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-28 23:11:11 -------- d-----w- C:\ComboFix413533C
2011-10-28 23:10:45 -------- d--h--w- C:\ErdUndoCache
2011-10-28 23:09:46 -------- d-----w- C:\~ErdUserProfile.$$$
2011-10-28 20:37:21 -------- d-----w- c:\program files\ewido anti-malware
2011-10-28 19:45:07 -------- d-----w- C:\ComboFix2
2011-10-28 19:21:32 11654 ----a-w- C:\cc_20111028_152127.reg
2011-10-28 16:36:15 69456 ----a-w- c:\windows\system32\drivers\klmd.sys
2011-10-28 16:32:54 -------- d-----w- c:\program files\Trend Micro
2011-10-28 15:00:55 -------- d-----w- c:\documents and settings\administrator.highwaymarkings\local settings\application data\Temp
2011-10-27 19:36:29 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-10-26 14:11:54 -------- d-sha-r- C:\cmdcons
2011-10-26 13:58:32 98816 ----a-w- c:\windows\sed.exe
2011-10-26 13:58:32 518144 ----a-w- c:\windows\SWREG.exe
2011-10-26 13:58:32 256000 ----a-w- c:\windows\PEV.exe
2011-10-26 13:58:32 208896 ----a-w- c:\windows\MBR.exe
2011-10-26 13:53:24 -------- d-----w- C:\ComboFix4
2011-10-26 13:49:22 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-10-26 13:49:17 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-10-26 13:49:15 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-10-26 13:49:12 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-10-26 13:49:08 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-10-26 13:48:36 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2011-10-26 13:48:31 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-10-26 13:48:28 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-10-26 13:48:17 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2011-10-26 13:48:16 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-10-26 13:48:13 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2011-10-26 13:47:39 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2011-10-26 13:47:33 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2011-10-26 13:47:29 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2011-10-26 13:47:13 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2011-10-26 13:47:02 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-10-26 13:45:58 64605 ----a-w- c:\windows\system32\dllcache\vvoice.sys
2011-10-26 13:45:53 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys
2011-10-26 13:45:48 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
2011-10-26 13:45:44 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
2011-10-26 13:45:40 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2011-10-26 13:45:36 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2011-10-26 13:45:29 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2011-10-26 13:45:25 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2011-10-26 13:45:18 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2011-10-26 13:45:14 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2011-10-26 13:45:07 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2011-10-26 13:45:03 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2011-10-26 13:43:55 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2011-10-26 13:43:53 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2011-10-26 13:43:44 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2011-10-26 13:43:40 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2011-10-26 13:43:37 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
2011-10-26 13:43:33 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2011-10-26 13:43:29 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
2011-10-26 13:43:26 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
2011-10-26 13:43:21 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2011-10-26 13:43:18 42496 ----a-w- c:\windows\system32\dllcache\tp4res.dll
2011-10-26 13:43:16 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2011-10-26 13:43:13 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
2011-10-26 13:41:51 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2011-10-26 13:40:58 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2011-10-26 13:39:59 12288 ----a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2011-10-26 13:38:59 157696 ----a-w- c:\windows\system32\dllcache\sisv256.dll
2011-10-26 13:37:54 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2011-10-26 13:36:59 198400 ----a-w- c:\windows\system32\dllcache\s3sav4.dll
2011-10-26 13:35:59 9216 ----a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2011-10-26 13:34:57 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys
2011-10-26 13:33:52 121344 ----a-w- c:\windows\system32\dllcache\phvfwext.dll
2011-10-26 13:32:55 41984 ----a-w- c:\windows\system32\dllcache\ovui2rc.dll
2011-10-26 13:31:52 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2011-10-26 13:31:49 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2011-10-26 13:31:40 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2011-10-26 13:31:39 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-10-26 13:31:32 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2011-10-26 13:31:29 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2011-10-26 13:31:28 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2011-10-26 13:31:20 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-10-26 13:31:18 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2011-10-26 13:31:13 53248 ----a-w- c:\windows\system32\dllcache\nextlink.dll
2011-10-26 13:31:13 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2011-10-26 13:31:12 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2011-10-26 13:31:02 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2011-10-26 13:29:40 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2011-10-26 13:29:40 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2011-10-26 13:29:33 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-10-26 13:29:21 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-10-26 13:29:19 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2011-10-26 13:29:18 98304 ----a-w- c:\windows\system32\dllcache\msir3jp.dll
2011-10-26 13:29:03 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2011-10-26 13:28:59 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2011-10-26 13:28:57 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2011-10-26 13:26:57 58880 ----a-w- c:\windows\system32\dllcache\m3092dc.dll
2011-10-26 13:25:59 253952 ----a-w- c:\windows\system32\dllcache\kdsusd.dll
2011-10-26 13:24:56 45632 ----a-w- c:\windows\system32\dllcache\ip5515.sys
2011-10-26 13:23:59 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys
2011-10-26 13:22:58 542879 ----a-w- c:\windows\system32\dllcache\hsf_msft.sys
2011-10-26 13:21:58 2688 ----a-w- c:\windows\system32\dllcache\hidswvd.sys
2011-10-26 13:20:57 71680 ----a-w- c:\windows\system32\dllcache\fnfilter.dll
2011-10-26 13:19:58 40704 ----a-w- c:\windows\system32\dllcache\es1371mp.sys
2011-10-26 13:18:56 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys
2011-10-26 13:17:58 91305 ----a-w- c:\windows\system32\dllcache\dimaint.sys
2011-10-26 13:16:34 117760 ----a-w- c:\windows\system32\dllcache\d100ib5.sys
2011-10-26 13:15:58 21533 ----a-w- c:\windows\system32\dllcache\cpqndis5.sys
2011-10-26 13:14:59 9728 ----a-w- c:\windows\system32\dllcache\change.exe
2011-10-26 13:13:40 6656 ----a-w- c:\windows\system32\dllcache\c_is2022.dll
2011-10-26 13:13:40 10752 ----a-w- c:\windows\system32\dllcache\c_iscii.dll
2011-10-26 13:12:07 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2011-10-26 13:12:01 31529 ----a-w- c:\windows\system32\dllcache\brzwlan.sys
2011-10-26 13:12:00 10368 ----a-w- c:\windows\system32\dllcache\brusbscn.sys
2011-10-26 13:10:59 342336 ----a-w- c:\windows\system32\dllcache\banshee.dll
2011-10-26 13:09:58 29184 ----a-w- c:\windows\system32\dllcache\asptxn.dll
2011-10-26 13:09:58 10240 ----a-w- c:\windows\system32\dllcache\aspperf.dll
2011-10-26 13:09:57 97354 ----a-w- c:\windows\system32\dllcache\aspndis3.sys
2011-10-26 13:09:52 45056 ----a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2011-10-26 13:09:48 6272 ----a-w- c:\windows\system32\dllcache\apmbatt.sys
2011-10-26 13:09:47 36224 ----a-w- c:\windows\system32\dllcache\an983.sys
2011-10-26 13:09:44 16969 ----a-w- c:\windows\system32\dllcache\amb8002.sys
2011-10-26 13:09:42 26624 ----a-w- c:\windows\system32\dllcache\alifir.sys
2011-10-26 13:09:41 27678 ----a-w- c:\windows\system32\dllcache\ali5261.sys
2011-10-26 13:06:34 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll
2011-10-26 13:05:59 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-10-26 13:02:57 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll
2011-10-26 13:02:56 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe
2011-10-26 13:02:51 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll
2011-10-26 13:02:49 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll
2011-10-26 13:02:48 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe
2011-10-26 13:02:45 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2011-10-26 12:42:44 32952 ----a-w- C:\cc_20111026_084233.reg
2011-10-26 03:10:53 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
2011-10-26 01:05:35 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2011-10-26 01:02:57 -------- d-----w- c:\program files\CCleaner
2011-10-25 22:08:34 -------- d-----w- c:\documents and settings\administrator.highwaymarkings\application data\IObit
2011-10-25 22:08:22 -------- d-----w- c:\program files\IObit
2011-10-25 22:03:08 -------- d-----w- c:\windows\pss
2011-10-25 21:50:38 54016 ----a-w- c:\windows\system32\drivers\ajpljkp.sys
2011-10-25 20:51:52 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-25 19:58:15 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-10-25 19:58:15 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-25 19:45:51 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-10-25 19:45:51 215920 ----a-w- c:\windows\system32\muweb.dll
2011-10-25 19:45:51 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-10-25 19:10:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-25 19:10:37 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-10-25 19:10:20 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-25 19:10:15 -------- d-----w- c:\program files\SpywareBlaster
2011-10-25 19:09:47 -------- d-----w- C:\bbb9ba77e3fd3bda1fc43b31
2011-10-25 17:56:36 -------- d-----w- c:\documents and settings\administrator.highwaymarkings\application data\Malwarebytes
2011-10-25 17:56:15 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-24 19:35:24 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-10-24 19:18:28 -------- d-sh--w- c:\documents and settings\administrator.highwaymarkings\local settings\application data\cd2ac3f8
.
==================== Find3M ====================
.
2011-10-25 20:08:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 10:42:20.90 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/6/2006 9:51:22 AM
System Uptime: 10/30/2011 9:57:18 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0WJ772
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 50.514 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1370: 9/7/2011 3:00:19 AM - Software Distribution Service 3.0
RP1371: 9/7/2011 8:37:57 AM - Software Distribution Service 3.0
RP1372: 9/8/2011 8:42:43 AM - System Checkpoint
RP1373: 9/9/2011 9:28:35 AM - System Checkpoint
RP1374: 9/10/2011 10:09:04 AM - System Checkpoint
RP1375: 9/11/2011 11:09:03 AM - System Checkpoint
RP1376: 9/12/2011 11:36:32 AM - System Checkpoint
RP1377: 9/13/2011 12:25:47 PM - System Checkpoint
RP1378: 9/14/2011 3:00:17 AM - Software Distribution Service 3.0
RP1379: 9/15/2011 3:26:40 AM - System Checkpoint
RP1380: 9/16/2011 9:10:15 AM - System Checkpoint
RP1381: 9/17/2011 9:41:25 AM - System Checkpoint
RP1382: 9/18/2011 10:41:24 AM - System Checkpoint
RP1383: 9/19/2011 10:54:59 AM - System Checkpoint
RP1384: 9/20/2011 11:42:28 AM - System Checkpoint
RP1385: 9/21/2011 12:41:22 PM - System Checkpoint
RP1386: 9/22/2011 12:42:25 PM - System Checkpoint
RP1387: 9/23/2011 1:03:34 PM - System Checkpoint
RP1388: 9/24/2011 1:41:14 PM - System Checkpoint
RP1389: 9/25/2011 2:41:15 PM - System Checkpoint
RP1390: 9/26/2011 2:42:18 PM - System Checkpoint
RP1391: 9/27/2011 2:44:55 PM - System Checkpoint
RP1392: 9/28/2011 3:41:12 PM - System Checkpoint
RP1393: 9/29/2011 3:00:18 AM - Software Distribution Service 3.0
RP1394: 9/30/2011 3:41:17 AM - System Checkpoint
RP1395: 10/1/2011 3:44:31 AM - System Checkpoint
RP1396: 10/2/2011 4:44:31 AM - System Checkpoint
RP1397: 10/3/2011 5:44:29 AM - System Checkpoint
RP1398: 10/4/2011 6:44:27 AM - System Checkpoint
RP1399: 10/5/2011 7:44:27 AM - System Checkpoint
RP1400: 10/6/2011 7:56:58 AM - System Checkpoint
RP1401: 10/7/2011 7:57:53 AM - System Checkpoint
RP1402: 10/8/2011 8:44:24 AM - System Checkpoint
RP1403: 10/9/2011 9:44:25 AM - System Checkpoint
RP1404: 10/10/2011 10:45:29 AM - System Checkpoint
RP1405: 10/11/2011 12:01:52 PM - System Checkpoint
RP1406: 10/12/2011 12:23:42 PM - System Checkpoint
RP1407: 10/13/2011 3:00:19 AM - Software Distribution Service 3.0
RP1408: 10/14/2011 3:30:27 AM - System Checkpoint
RP1409: 10/15/2011 4:30:23 AM - System Checkpoint
RP1410: 10/16/2011 5:30:24 AM - System Checkpoint
RP1411: 10/17/2011 6:30:23 AM - System Checkpoint
RP1412: 10/18/2011 7:30:23 AM - System Checkpoint
RP1413: 10/19/2011 7:30:44 AM - System Checkpoint
RP1414: 10/20/2011 12:06:36 PM - System Checkpoint
RP1415: 10/21/2011 12:30:12 PM - System Checkpoint
RP1416: 10/22/2011 1:30:09 PM - System Checkpoint
RP1417: 10/23/2011 2:30:09 PM - System Checkpoint
RP1418: 10/24/2011 3:34:52 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1419: 10/25/2011 3:09:11 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1420: 10/25/2011 3:54:32 PM - Restore Operation
RP1421: 10/25/2011 4:56:29 PM - Software Distribution Service 3.0
RP1422: 10/25/2011 11:05:17 PM - Software Distribution Service 3.0
RP1423: 10/26/2011 8:12:21 AM - Software Distribution Service 3.0
RP1424: 10/26/2011 8:37:33 AM - Restore Operation
RP1425: 10/26/2011 8:54:42 AM - Restore Operation
RP1426: 10/26/2011 9:00:25 AM - Restore Operation
RP1427: 10/26/2011 2:10:50 PM - Software Distribution Service 3.0
RP1428: 10/27/2011 3:35:38 PM - Software Distribution Service 3.0
RP1429: 10/28/2011 12:32:44 PM - Installed HiJackThis
RP1430: 10/28/2011 12:54:42 PM - Installed Microsoft Fix it 50267
RP1431: 10/28/2011 3:23:34 PM - Installed Microsoft Fix it 50267
RP1432: 10/28/2011 6:51:56 PM - Restore Operation
RP1433: 10/28/2011 5:12:33 PM - Restore Operation
RP1434: 10/29/2011 12:31:15 PM - Restore Operation
RP1435: 10/29/2011 12:26:24 PM - Software Distribution Service 3.0
RP1436: 10/29/2011 12:55:52 PM - Software Distribution Service 3.0
RP1437: 10/29/2011 1:04:56 PM - Software Distribution Service 3.0
RP1438: 10/30/2011 1:33:31 AM - Software Distribution Service 3.0
RP1439: 10/30/2011 8:08:38 AM - Removed HiJackThis
RP1440: 10/30/2011 9:04:35 AM - Restore Operation
RP1441: 10/30/2011 9:12:56 AM - Restore Operation
.
==== Installed Programs ======================
.
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.5 - CPSID_49013
Adobe Acrobat 8.1.5 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 11 ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Apple Mobile Device Support
Apple Software Update
Bonjour
Brother MFL-Pro Suite
CCleaner
Dell AIO Printer A940
ewido anti-malware
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB835221
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iTunes
Java(TM) 6 Update 7
LiveUpdate 3.3 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Mozilla Firefox 7.0.1 (x86 en-US)
MSN
Norton PC Checkup
OpenOffice.org Installer 1.0
PaperPort
PowerDVD OD
QuickTime
Roxio DLA
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Smart Defrag
Sonic Update Manager
Spybot - Search & Destroy
SpywareBlaster 4.4
Symantec Endpoint Protection
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WeatherStudio Toolbar and Desktop
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
10/30/2011 10:34:32 AM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
10/29/2011 12:40:48 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.712.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
10/29/2011 12:40:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/29/2011 12:31:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm MpFilter SPBBCDrv SRTSPX SYMTDI
10/28/2011 6:51:05 PM, error: Dhcp [1002] - The IP address lease 10.10.10.114 for the Network Card with network address 001676AE39B1 has been denied by the DHCP server 10.10.10.1 (The DHCP Server sent a DHCPNACK message).
10/28/2011 4:37:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ewido security suite guard service to connect.
10/26/2011 7:52:51 AM, error: Service Control Manager [7001] - The Remote Procedure Call (RPC) Locator service depends on the Workstation service which failed to start because of the following error: The service has returned a service-specific error code.
10/26/2011 7:52:51 AM, error: Service Control Manager [7001] - The Net Logon service depends on the Workstation service which failed to start because of the following error: The service has returned a service-specific error code.
10/26/2011 7:52:51 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service has returned a service-specific error code.
10/26/2011 2:57:50 PM, error: Dhcp [1002] - The IP address lease 10.10.10.114 for the Network Card with network address 001676AE39B1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
10/26/2011 2:00:17 PM, error: NetDDE [206] - Listen failed: 23: The ncb_lana_num member did not specify a valid network number.
10/25/2011 6:07:37 PM, error: Service Control Manager [7024] - The Workstation service terminated with service-specific error 2250 (0x8CA).
10/25/2011 6:06:13 PM, error: Workstation [5727] - Could not load RDR device driver.
10/25/2011 5:50:21 PM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.
10/25/2011 3:53:02 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service Symantec AntiVirus with arguments "" in order to run the server: {5CEC0E13-CF22-414C-8D67-D44B06420FC1}
10/25/2011 3:53:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec Endpoint Protection service to connect.
10/25/2011 3:52:58 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
10/25/2011 3:46:03 PM, error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: %%2147942402
10/25/2011 3:44:43 PM, error: NETLOGON [5719] - No Domain Controller is available for domain HIGHWAYMARKINGS due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
10/25/2011 3:40:48 AM, error: NETLOGON [5719] - No Domain Controller is available for domain HIGHWAYMARKINGS due to the following: Not enough storage is available to process this command. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
10/25/2011 3:23:52 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service Symantec AntiVirus with arguments "" in order to run the server: {567E4150-E7D1-48BA-B03D-4FB71A217080}
10/25/2011 3:12:53 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/25/2011 3:12:53 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
10/25/2011 3:04:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
10/25/2011 3:01:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/25/2011 1:56:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips IntelIde intelppm SPBBCDrv SRTSPX SYMTDI
10/25/2011 1:56:14 PM, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
10/25/2011 1:55:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/25/2011 1:55:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
10/25/2011 1:00:36 PM, error: Dhcp [1002] - The IP address lease 192.168.1.28 for the Network Card with network address 001676AE39B1 has been denied by the DHCP server 10.10.10.1 (The DHCP Server sent a DHCPNACK message).
10/24/2011 3:27:38 PM, error: Service Control Manager [7034] - The Network DDE service terminated unexpectedly. It has done this 1 time(s).
10/24/2011 3:27:38 PM, error: Service Control Manager [7034] - The Network DDE DSDM service terminated unexpectedly. It has done this 1 time(s).
10/24/2011 3:27:37 PM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
10/24/2011 3:27:36 PM, error: Service Control Manager [7034] - The Remote Procedure Call (RPC) Locator service terminated unexpectedly. It has done this 1 time(s).
10/24/2011 3:27:36 PM, error: Service Control Manager [7034] - The BrSplService service terminated unexpectedly. It has done this 1 time(s).
10/24/2011 3:27:36 PM, error: Service Control Manager [7034] - The Brother Popup Suspend service for Resource manager service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:39:49, on 10/30/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
G:\dds.scr
C:\WINDOWS\system32\cmd.exe
G:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=2061028
O1 - Hosts: ::1 localhost #[IPv6]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} (LEAD Main Control (13.0)) - http://www.napaaccount.com/rfmweb/LTOCX13N.cab
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Custo ... anager.CAB
O16 - DPF: {460324E8-CFB4-4357-85EF-CE3EBFE23A62} (Crystal ActiveX Report Viewer Control 11.0) - http://www.trba.org/ActiveXControls/ActiveXViewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = highwaymarkings.com
O17 - HKLM\Software\..\Telephony: DomainName = highwaymarkings.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = highwaymarkings.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = highwaymarkings.com
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7383 bytes
jdempsey
Active Member
 
Posts: 1
Joined: October 30th, 2011, 10:31 am
Advertisement
Register to Remove

Re: Browser redirecting after system recovery virus removal

Unread postby deltalima » October 30th, 2011, 3:33 pm

I see you are posting for help for a "Business" computer.

May I draw your attention to THIS topic, which you should have read before posting for help.

The section Posting for help for business machines explains why we do not offer help for such computers.

This topic is now closed
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware