Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Brower Hijack/Virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Brower Hijack/Virus

Unread postby cyani47 » May 1st, 2012, 2:15 am

I believe my browser was hijacked when I dl'd an online game. I have scanned my system with Spybot, AVG, Hijack
This but there are still problems. My printer has even stopped printing.

My logs:

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Chris at 22:21:13 on 2012-04-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1112 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Common Files\Iconix\IconixService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Iconix\OEAddOn\OEdmn_6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Documents and Settings\Chris\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Chris\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.ca
uStart Page = hxxp://www.google.ca/
mDefault_Page_URL = hxxp://www.google.ca
mDefault_Search_URL = hxxp://www.google.ca
mSearch Page = hxxp://www.google.ca
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = http://www.google.ca
mSearchAssistant = http://www.google.ca
mCustomizeSearch = http://www.google.ca
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\datamngr\toolbar\wincoreimdtx.dll
BHO: Windows Live ID Sign-in Helper: {30431f21-7ba2-00bc-222c-15ae69cd376c} - c:\windows\system32\pstoreec.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IconixBHOClass Class: {761233b6-f228-49e4-8f6b-668499d4e55a} - c:\program files\iconix\ieaddon\IconixBHO_46.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: DataMngr: {be7a24f5-69cb-4708-b77b-b1eda6043b95} - c:\progra~1\imesha~1\mediabar\datamngr\BROWSE~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\datamngr\toolbar\wincoreimdtx.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [downloadhq] "c:\program files\downloadhq\DownloadHQ.exe" -h
uRun: [Akamai NetSession Interface] "c:\documents and settings\chris\local settings\application data\akamai\netsession_win.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [DATAMNGR] c:\progra~1\imesha~1\mediabar\datamngr\DATAMN~1.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [BHR] c:\program files\zamaan's software\browser hijack retaliator 4.5\BHR.exe
mRun: [IconixOEAddOn] "c:\program files\iconix\oeaddon\OEdmn_6.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - {44E212AB-13EA-4CA4-BE65-197FBA170412} - c:\program files\iconix\ieaddon\IconixBHO_46.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B952F2E0-5F9F-4898-89A8-4FB770625E09} - {84053DA7-03DE-4FB6-80AE-202C04691D8A}
IE: {BC3F6B6D-2E49-4603-B028-7411655713F3} - {0CC2F28D-D415-4FC6-A2E4-54B4D983609A} - c:\program files\iconix\ieaddon\IconixBHO_46.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Vacation%20Quest%20-%20The%20Hawaiian%20Islands/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab ... detect.cab
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Custom ... loader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 4327627171
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 7359035125
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} - hxxp://games.bigfishgames.com/en_big-ci ... Player.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Vacation%20Quest%20-%20The%20Hawaiian%20Islands/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FA8D54DA-4546-4727-B2C0-88390AA59E03} - hxxp://game.mystical-land.com/pluginIns ... taller.cab
TCP: Interfaces\{856B6ABA-AD27-47B7-8104-28BBF4DEA7D9} : NameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
AppInit_DLLs: c:\progra~1\imesha~1\mediabar\datamngr\datamngr.dll c:\progra~1\imesha~1\mediabar\datamngr\IEBHO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-3-11 56208]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-3-11 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-3-11 164112]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-3-26 542040]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 IconixService;Iconix Update Service;c:\program files\common files\iconix\IconixService.exe [2012-4-29 284512]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-3-11 931640]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2011-4-15 1646056]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
R3 SynMini;Syntek USB2.0 2M WebCam;c:\windows\system32\drivers\SynMini.sys [2006-11-2 1207424]
R3 SynScan;Syntek USB2.0 2M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2006-10-5 8064]
S1 MpKsl5caade94;MpKsl5caade94;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d03be36-7852-46c1-bf84-94c8ce923b9b}\mpksl5caade94.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d03be36-7852-46c1-bf84-94c8ce923b9b}\MpKsl5caade94.sys [?]
S1 MpKsl9540817f;MpKsl9540817f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{13301dd0-3254-4de8-b6c8-66024dee69d6}\mpksl9540817f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{13301dd0-3254-4de8-b6c8-66024dee69d6}\MpKsl9540817f.sys [?]
S1 MpKsle2a8b67a;MpKsle2a8b67a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d03be36-7852-46c1-bf84-94c8ce923b9b}\mpksle2a8b67a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3d03be36-7852-46c1-bf84-94c8ce923b9b}\MpKsle2a8b67a.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-19 136176]
S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 253088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-19 136176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva375;XDva375;\??\c:\windows\system32\xdva375.sys --> c:\windows\system32\XDva375.sys [?]
S3 XDva392;XDva392;\??\c:\windows\system32\xdva392.sys --> c:\windows\system32\XDva392.sys [?]
.
=============== Created Last 30 ================
.
2012-04-30 07:06:32 388096 ----a-r- c:\documents and settings\chris\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-04-30 07:06:31 -------- d-----w- c:\program files\Trend Micro
2012-04-30 04:47:02 -------- d-----w- c:\documents and settings\chris\application data\Iconix
2012-04-30 04:47:02 -------- d-----w- c:\documents and settings\all users\application data\Iconix
2012-04-30 04:46:47 -------- d-----w- c:\program files\common files\Iconix
2012-04-30 04:46:45 -------- d-----w- c:\program files\Iconix
2012-04-30 03:26:18 570128 ----a-w- c:\program files\common files\microsoft shared\dao\DAO350.DLL
2012-04-30 03:26:18 3584 ----a-w- c:\program files\common files\microsoft shared\dao\comcat.dll
2012-04-30 03:26:18 244024 ----a-w- c:\windows\system32\MSFLXGRD.OCX
2012-04-30 03:26:18 203976 ----a-w- c:\windows\system32\richtx32.ocx
2012-04-30 03:26:18 140096 ----a-w- c:\windows\system32\COMDLG32.OCX
2012-04-30 03:26:18 1338880 ----a-w- c:\program files\common files\microsoft shared\dao\shdocvw.dll
2012-04-30 03:26:17 -------- d-----w- c:\program files\Zamaan's Software
2012-04-28 03:11:38 -------- d-----w- c:\windows\system32\3085
2012-04-27 05:57:40 -------- d-----w- c:\windows\system32\1002
2012-04-27 03:09:28 -------- d-----w- c:\documents and settings\chris\application data\WeatherLord
2012-04-27 03:09:28 -------- d-----w- c:\documents and settings\all users\application data\WeatherLord
2012-04-27 03:08:52 -------- d-----w- c:\windows\system32\1055
2012-04-24 19:03:01 258352 ----a-w- c:\windows\system32\unicows.dll
2012-04-23 00:37:16 -------- d-----w- C:\PWI_v621_Installer
2012-04-11 02:30:06 -------- d-----w- c:\windows\system32\1052
2012-04-08 04:42:58 -------- d-----w- c:\documents and settings\all users\application data\Fenomen Games
2012-04-04 17:50:48 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 05:53:56 182160 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-04-13 21:38:13 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-26 21:45:18 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2012-03-26 21:45:14 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2012-03-18 05:15:01 60304 -c--a-w- c:\documents and settings\chris\g2mdlhlpx.exe
2012-03-11 20:48:50 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
2012-02-07 18:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2010-12-06 07:01:08 19985265 ----a-w- c:\program files\vlc-1.1.5-win32.exe
.
============= FINISH: 22:22:21.78 ===============

ATTACHED

DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/02/2009 1:10:46 AM
System Uptime: 30/04/2012 9:55:11 AM (13 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Z84J
Processor: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz | Socket 478M | 2161/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 2.967 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_10431316&REV_1007\4&31E8B61D&0&0101
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_1057&DEV_3055&SUBSYS_10431316&REV_1007\4&31E8B61D&0&0101
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Generic Marvell Yukon Chipset based Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_11E51043&REV_12\4&37028E5F&0&00E3
Manufacturer: Marvell
Name: Generic Marvell Yukon Chipset based Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4364&SUBSYS_11E51043&REV_12\4&37028E5F&0&00E3
Service: yukonwxp
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth Personal Area Network
Device ID: BLUETOOTH\0004&0007\0000
Manufacturer: Toshiba
Name: Bluetooth Personal Area Network
PNP Device ID: BLUETOOTH\0004&0007\0000
Service: tosrfnds
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ITE8707\4&305F7111&0
Manufacturer:
Name:
PNP Device ID: ACPI\ITE8707\4&305F7111&0
Service:
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Photosmart D110 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: D110,192.168.1.64
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP412: 12/03/2012 1:31:17 PM - System Checkpoint
RP413: 13/03/2012 1:48:11 PM - System Checkpoint
RP414: 14/03/2012 2:09:56 AM - Software Distribution Service 3.0
RP415: 15/03/2012 11:09:37 PM - System Checkpoint
RP416: 22/03/2012 6:36:45 PM - System Checkpoint
RP417: 23/03/2012 7:22:05 PM - System Checkpoint
RP418: 24/03/2012 8:04:21 PM - System Checkpoint
RP419: 25/03/2012 8:04:32 PM - System Checkpoint
RP420: 27/03/2012 8:13:44 AM - Installed Rapport
RP421: 27/03/2012 6:44:29 PM - Installed Dr. Robert Anthony's Intention Activator
RP422: 30/03/2012 2:14:14 PM - System Checkpoint
RP423: 01/04/2012 9:26:47 PM - System Checkpoint
RP424: 02/04/2012 11:32:50 PM - System Checkpoint
RP425: 06/04/2012 7:33:25 PM - System Checkpoint
RP426: 08/04/2012 2:57:21 PM - System Checkpoint
RP427: 10/04/2012 3:51:46 PM - System Checkpoint
RP428: 10/04/2012 10:54:36 PM - Software Distribution Service 3.0
RP429: 13/04/2012 5:49:51 PM - System Checkpoint
RP430: 18/04/2012 5:02:39 PM - System Checkpoint
RP431: 21/04/2012 11:12:16 PM - System Checkpoint
RP432: 23/04/2012 11:19:43 PM - System Checkpoint
RP433: 25/04/2012 12:21:01 PM - System Checkpoint
RP434: 26/04/2012 2:18:56 PM - System Checkpoint
RP435: 29/04/2012 11:39:14 PM - Software Distribution Service 3.0
RP436: 30/04/2012 12:06:30 AM - Installed HiJackThis
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATK0100 ACPI UTILITY
AVG 2012
BitTorrent
Bluetooth Stack for Windows
Bonjour
Browser Hijack Retaliator 4.5.0 Build 471
BufferChm
D110
Destinations
DeviceDiscovery
Dr. Robert Anthony's Intention Activator
Google Update Helper
GPBaseService2
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotspot Shield 2.52
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPAppStudio
HPProductAssistant
Iconix® eMail ID
iTunes
Java Auto Updater
Java(TM) 6 Update 29
K-Lite Codec Pack 6.5.0 (Full)
League of Legends
MarketResearch
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
NVIDIA Drivers
Pando Media Booster
PS_AIO_07_D110_SW_Min
QuickTransfer
Rapport
Realtek High Definition Audio Driver
Rosetta Stone Ltd Services
Rosetta Stone Version 3
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923789)
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
swMSM
Synaptics Pointing Device Driver
System Requirements Lab
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB971029)
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.1.11
WebFldrs XP
WebReg
Wincore MediaBar
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
30/04/2012 6:11:00 PM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
30/04/2012 12:36:31 PM, error: Print [6161] - The document http://www.allstarjobs.ca/index.php?pos ... tion=searc owned by Chris failed to print on printer HP Photosmart D110 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 246136. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\GILMORE. Win32 error code returned by the print processor: 127 (0x7f).
30/04/2012 12:34:50 PM, error: Print [6161] - The document http://www.allstarjobs.ca/index.php?pos ... tion=searc owned by Chris failed to print on printer HP Photosmart D110 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 327680. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\GILMORE. Win32 error code returned by the print processor: 127 (0x7f).
30/04/2012 12:23:27 PM, error: Print [6161] - The document http://www.allstarjobs.ca/index.php?pos ... tion=searc owned by Chris failed to print on printer HP Photosmart D110 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 249012. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\GILMORE. Win32 error code returned by the print processor: 127 (0x7f).
30/04/2012 12:22:38 PM, error: Print [6161] - The document http://www.allstarjobs.ca/index.php?pos ... tion=searc owned by Chris failed to print on printer HP Photosmart D110 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 195984. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\GILMORE. Win32 error code returned by the print processor: 127 (0x7f).
25/04/2012 10:35:19 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
24/04/2012 6:12:00 PM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
.
==== End Of File ===========================

Thanks for you help. This is my first time posting so let me know if I've sent the proper info.

Edit: email address removed - deltalima
cyani47
Active Member
 
Posts: 1
Joined: May 1st, 2012, 1:39 am
Advertisement
Register to Remove

Re: Brower Hijack/Virus

Unread postby askey127 » May 2nd, 2012, 7:48 am

Hi cyani47,
There are quite a few items to do here in the beginning. Just take one step at a time.
If you wish to re-install Rapport Trusteer and re-enable Teatimer when we are through, that will be your decision.
You have two antivirus programs. I would suggest only keeping Microsoft Security Essentials
-----------------------------------------------
It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
It's likely you have some spyware or adware, and this is where you got it.
-----------------------------------------------------------
Since it is a System protective program, TeaTimer might interfere with the orderly removal of certain system infections.
Temporarily Disable Spybot's TeaTimer Protection
Start Spybot Search & Destroy
In the top menu, click Mode
Check Advanced Mode if it is not already checked. OK the selection if necessary.
In the bottom of the left pane, click on Tools
From the new left pane list, click on Resident
Uncheck the box in the middle labeled "Resident "TeaTimer"(Protection of overall system settings) active.
From the top menu, click on File, Exit.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

AVG 2012
BitTorrent
Rapport
Pando Media Booster

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------------------
From the Control Panel, double click Security Center, and make sure Microsoft Security Essentials and the Firewall are turned ON.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • For WinXP, double click on the OTL icon to run it.
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
    When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Brower Hijack/Virus

Unread postby askey127 » May 6th, 2012, 6:46 am

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 35 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware