Welcome to MalwareRemoval.com, What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.
MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
It seems that Firefox 10.0.2 has been hijacked (I have not tried other browsers), and AVG (up to date definitions) returns no problems after a full scan. When I use Google, I am sometimes directed to sites other than the one indicated by the result. XP (SP3). Any help would be greatly appreciated.
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/29/2009 3:00:30 PM
System Uptime: 3/8/2012 5:51:08 PM (4 hours ago)
.
Motherboard: Dell Computer Corporation | | 07W080
Processor: Intel(R) Pentium(R) 4 CPU 1.80GHz | Socket 478 | 1794/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 107.923 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM (UDF)
G: is FIXED (NTFS) - 465 GiB total, 424.996 GiB free.
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP614: 12/9/2011 2:56:42 PM - System Checkpoint
RP615: 12/10/2011 3:38:52 PM - System Checkpoint
RP616: 12/11/2011 4:48:21 PM - System Checkpoint
RP617: 12/12/2011 4:52:12 PM - System Checkpoint
RP618: 12/13/2011 6:36:57 PM - System Checkpoint
RP619: 12/15/2011 11:11:05 AM - System Checkpoint
RP620: 12/15/2011 3:15:24 PM - Software Distribution Service 3.0
RP621: 12/17/2011 2:09:51 PM - System Checkpoint
RP622: 12/18/2011 2:34:40 PM - System Checkpoint
RP623: 12/19/2011 5:47:19 PM - System Checkpoint
RP624: 12/22/2011 10:48:46 AM - System Checkpoint
RP625: 12/23/2011 1:32:59 PM - System Checkpoint
RP626: 12/26/2011 3:15:17 PM - System Checkpoint
RP627: 12/27/2011 6:27:06 PM - System Checkpoint
RP628: 12/28/2011 7:42:53 PM - System Checkpoint
RP629: 12/30/2011 2:17:12 PM - System Checkpoint
RP630: 1/1/2012 1:47:38 PM - System Checkpoint
RP631: 1/2/2012 5:20:24 PM - System Checkpoint
RP632: 1/3/2012 7:28:59 PM - System Checkpoint
RP633: 1/5/2012 4:41:33 PM - System Checkpoint
RP634: 1/6/2012 5:40:26 PM - System Checkpoint
RP635: 1/7/2012 5:47:00 PM - System Checkpoint
RP636: 1/8/2012 6:03:11 PM - System Checkpoint
RP637: 1/9/2012 8:45:46 PM - System Checkpoint
RP638: 1/11/2012 12:41:47 PM - System Checkpoint
RP639: 1/12/2012 2:07:13 PM - System Checkpoint
RP640: 1/13/2012 2:55:21 PM - System Checkpoint
RP641: 1/16/2012 5:34:13 PM - System Checkpoint
RP642: 1/17/2012 5:46:37 PM - System Checkpoint
RP643: 1/19/2012 3:02:13 PM - System Checkpoint
RP644: 1/19/2012 9:16:22 PM - Software Distribution Service 3.0
RP645: 1/21/2012 4:52:14 PM - System Checkpoint
RP646: 1/22/2012 6:45:39 PM - System Checkpoint
RP647: 1/23/2012 7:19:40 PM - System Checkpoint
RP648: 1/23/2012 9:11:18 PM - Software Distribution Service 3.0
RP649: 1/25/2012 4:44:39 PM - System Checkpoint
RP650: 1/26/2012 6:59:29 PM - System Checkpoint
RP651: 1/27/2012 7:08:07 PM - System Checkpoint
RP652: 1/29/2012 12:11:05 PM - System Checkpoint
RP653: 1/30/2012 12:14:34 PM - System Checkpoint
RP654: 1/31/2012 4:04:15 PM - System Checkpoint
RP655: 1/31/2012 8:15:24 PM - Software Distribution Service 3.0
RP656: 2/1/2012 3:25:01 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
RP657: 2/2/2012 3:26:11 PM - System Checkpoint
RP658: 2/3/2012 5:09:53 PM - System Checkpoint
RP659: 2/5/2012 1:51:04 PM - System Checkpoint
RP660: 2/6/2012 5:44:00 PM - System Checkpoint
RP661: 2/7/2012 6:44:04 PM - System Checkpoint
RP662: 2/9/2012 12:02:01 PM - System Checkpoint
RP663: 2/10/2012 3:17:58 PM - System Checkpoint
RP664: 2/11/2012 6:48:17 PM - System Checkpoint
RP665: 2/12/2012 6:57:21 PM - System Checkpoint
RP666: 2/15/2012 11:48:00 AM - System Checkpoint
RP667: 2/15/2012 11:07:50 PM - Software Distribution Service 3.0
RP668: 2/17/2012 5:13:28 PM - System Checkpoint
RP669: 2/19/2012 5:15:48 PM - System Checkpoint
RP670: 2/20/2012 5:57:34 PM - System Checkpoint
RP671: 2/22/2012 10:50:00 AM - System Checkpoint
RP672: 2/23/2012 7:51:25 PM - System Checkpoint
RP673: 2/24/2012 8:20:33 PM - System Checkpoint
RP674: 2/28/2012 8:51:06 AM - System Checkpoint
RP675: 3/1/2012 8:15:33 AM - System Checkpoint
RP676: 3/3/2012 11:58:46 AM - System Checkpoint
RP677: 3/5/2012 9:11:53 AM - System Checkpoint
RP678: 3/6/2012 12:02:47 PM - System Checkpoint
RP679: 3/7/2012 3:05:59 PM - System Checkpoint
RP680: 3/8/2012 4:33:43 PM - System Checkpoint
RP681: 3/8/2012 5:47:32 PM - Restore Operation
RP682: 3/8/2012 8:07:32 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader 9.5.0
Apple Application Support
Apple Software Update
AVG 2012
AVG PC Tuneup 2011
AVG Security Toolbar
BCM V.92 56K Modem
Broadcom 440x 10/100 Integrated Controller
Coupon Printer for Windows
Dell PC Fax
Dell Photo AIO Printer 926
emWave PC
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Intel(R) Extreme Graphics Driver
Java Auto Updater
Java(TM) 6 Update 26
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 10.0.2 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Opera 10.50
QuickTime
Revo Uninstaller 1.91
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923789)
Skype™ 5.5
SoundMAX
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB971029)
VC 9.0 Runtime
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebEx
WebFldrs XP
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
ZoneAlarm Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/8/2012 12:40:53 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
3/8/2012 12:40:53 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/8/2012 12:34:43 PM, error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
3/7/2012 2:21:27 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
3/5/2012 8:53:21 AM, error: Service Control Manager [7034] - The dlcx_device service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
Last edited by Col on March 12th, 2012, 4:33 pm, edited 2 times in total.
My name is pgmigg and I'll be helping you with any malware problems.
Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them. This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.
Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
You must have Administrator rights, permissions for this computer.
DO NOT run any other fix or removal tools unless instructed to do so!
DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" Absence of symptoms does not mean that everything is clear.
I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime... Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.
Please read all instructions carefully before executing and perform the steps, in the order given. lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.
TDSSKiller - Scan only Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
Right-click and select "Run As Administrator" TDSSKiller.exe to run the tool for known TDSS variants. If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
Click the Start Scan button. Do not use the computer during the scan!
If the scan completes with nothing found please
Click Report at the right upper corner to open it now.
Copy and paste the contents of that report in your next reply and click Close to exit.
If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
Now click on Report to open the log file created by TDSSKiller in your root directory C:\
A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.
Please include in your next reply:
Do you have any problems executing the instructions?
There was a positive result (a root kit of some kind) - I selected "skip", but there was no log. I reran the utility, but it now instantly returns "no threats found" (it clearly does not rerun - even after a reboot).
Renamed the file and ran it again. This time, I received no warnings. There is no "Report" to click!? In any case, I checked the C drive and both reports were there. Here's the second report:
Your computer has multiple infections, including a Rootkit. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.
You are strongly advised to do the following:
Disconnect the computer from the Internet and from any networked computers until it is cleaned.
Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.
Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and re-installation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.
To help you understand more, please take some time to read the following articles:
I appreciate your decision to reformat and reinstall. At least you can be sure that your computer is not compromised anymore...
I was wondering, before I reformat and reinstall Windows: what's the chance of determining how the root kit got onto the system?
I don't think that there is adequate explanation to answer your question.
Finally, please click HERE to find a short guide to staying safer online and avoid if possible another chance to receive a Rootkit as well as any other infection.
Please don't hesitate to ask any additional questions.
Users browsing this forum: No registered users and 291 guests
Contact us:
Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.