Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

internet explorer hijacked

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

internet explorer hijacked

Unread postby Bobc5025 » July 31st, 2012, 6:08 pm

Here is the problem originally when internet was opened it was in a strange language. I returned it to English now none of the security certificates match when browsing mainly for hotmail. here are my logs thanks for any help. also avast has disabled and won't scan system I can re install this later. Thanks for any help Bob.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Administrator at 16:16:53 on 2012-07-31
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1726.1379 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com/ig/dell?hl=en&client=del ... bd=0061019
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/ ... channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/ ... channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=del ... bd=0061019
mSearchAssistant =
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\progra~1\avasts~1\avast\aswWebRepIE.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\progra~1\avasts~1\avast\aswWebRepIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: musicmatch.com\online
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/produ ... wsdc32.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Bejeweled%203/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/sh ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/share ... insctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 2217559328
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/share ... cgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Bejeweled%203/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4B3C7C43-6A92-40F7-A3C6-2924E9BA6712} : DhcpNameServer = 192.168.2.1
.
============= SERVICES / DRIVERS ===============
.
S2 5016;5016;\??\c:\docume~1\computer\locals~1\temp\5016.sys --> c:\docume~1\computer\locals~1\temp\5016.sys [?]
S2 gupdate1c9e164860d0830;Google Update Service (gupdate1c9e164860d0830);c:\program files\google\update\GoogleUpdate.exe [2009-5-30 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-10 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-30 133104]
.
=============== Created Last 30 ================
.
2012-07-31 18:47:11 -------- d-----w- c:\program files\common files\Wise Installation Wizard
.
==================== Find3M ====================
.
2012-07-27 12:53:57 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 12:53:56 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 19:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 23:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 21:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 21:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 21:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 21:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 21:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 21:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 21:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:12:30 2192640 ------w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ------w- c:\windows\system32\ntkrnlpa.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3808110AS rev.3.ADH -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A07A4B1]<< >>UNKNOWN [0x89F62379]<<
_asm { INT 3 ; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a08193c]; MOV EAX, [0x8a081ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A163AB8]
3 CLASSPNP[0xF7617FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000005b[0x8A0BE9E8]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E37D5] -> [0x8A0BED98]
\Driver\atapi[0x8A150BB8] -> IRP_MJ_CREATE -> 0x8A07A4B1
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A07A2E2
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendHandler -> 0x89e6e198
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 16:18:45.45 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/20/2006 3:13:48 PM
System Uptime: 7/31/2012 12:42:36 PM (4 hours ago)
.
Motherboard: Dell Inc | | 0HK980
Processor: AMD Sempron(tm) Processor 3400+ | Socket M2 | 1803/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 71 GiB total, 44.214 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1451: 5/3/2012 5:47:06 PM - System Checkpoint
RP1452: 5/4/2012 10:26:20 PM - System Checkpoint
RP1453: 5/5/2012 10:37:31 PM - System Checkpoint
RP1454: 5/7/2012 12:45:48 AM - System Checkpoint
RP1455: 5/8/2012 11:46:11 AM - System Checkpoint
RP1456: 5/9/2012 11:50:37 AM - System Checkpoint
RP1457: 5/10/2012 12:48:01 PM - System Checkpoint
RP1458: 5/11/2012 1:20:28 PM - System Checkpoint
RP1459: 5/12/2012 1:58:58 PM - Software Distribution Service 3.0
RP1460: 5/13/2012 2:23:43 PM - System Checkpoint
RP1461: 5/14/2012 10:15:52 PM - System Checkpoint
RP1462: 5/15/2012 10:29:02 PM - System Checkpoint
RP1463: 5/16/2012 11:17:45 PM - System Checkpoint
RP1464: 5/17/2012 11:57:54 PM - System Checkpoint
RP1465: 5/19/2012 11:28:27 AM - System Checkpoint
RP1466: 5/20/2012 2:51:55 PM - System Checkpoint
RP1467: 5/21/2012 6:18:36 PM - System Checkpoint
RP1468: 5/23/2012 9:26:00 AM - System Checkpoint
RP1469: 5/24/2012 9:28:10 AM - System Checkpoint
RP1470: 5/25/2012 10:20:44 PM - System Checkpoint
RP1471: 5/26/2012 10:34:46 PM - System Checkpoint
RP1472: 5/28/2012 12:24:23 AM - System Checkpoint
RP1473: 5/29/2012 9:21:54 AM - System Checkpoint
RP1474: 5/30/2012 9:24:50 AM - System Checkpoint
RP1475: 5/31/2012 9:47:15 AM - System Checkpoint
RP1476: 6/1/2012 9:50:53 AM - System Checkpoint
RP1477: 6/2/2012 11:36:32 AM - System Checkpoint
RP1478: 6/3/2012 2:30:15 PM - System Checkpoint
RP1479: 6/4/2012 10:00:16 AM - Software Distribution Service 3.0
RP1480: 6/5/2012 10:39:15 AM - System Checkpoint
RP1481: 6/6/2012 10:48:46 AM - System Checkpoint
RP1482: 6/7/2012 5:42:44 PM - System Checkpoint
RP1483: 6/8/2012 5:53:47 PM - System Checkpoint
RP1484: 6/9/2012 7:04:03 PM - System Checkpoint
RP1485: 6/11/2012 6:06:19 AM - System Checkpoint
RP1486: 6/12/2012 10:09:23 AM - System Checkpoint
RP1487: 6/13/2012 10:00:16 AM - Software Distribution Service 3.0
RP1488: 6/14/2012 10:49:49 AM - System Checkpoint
RP1489: 6/15/2012 10:54:20 AM - System Checkpoint
RP1490: 6/16/2012 11:57:29 AM - System Checkpoint
RP1491: 6/17/2012 1:04:53 PM - System Checkpoint
RP1492: 6/18/2012 1:22:29 PM - System Checkpoint
RP1493: 6/19/2012 11:47:24 PM - System Checkpoint
RP1494: 6/21/2012 12:00:56 AM - System Checkpoint
RP1495: 6/24/2012 4:42:23 PM - System Checkpoint
RP1496: 6/25/2012 11:46:40 PM - System Checkpoint
RP1497: 6/27/2012 5:47:03 AM - System Checkpoint
RP1498: 6/28/2012 9:29:43 AM - System Checkpoint
RP1499: 6/29/2012 10:06:52 AM - System Checkpoint
RP1500: 6/30/2012 10:22:34 AM - System Checkpoint
RP1501: 7/1/2012 12:56:33 PM - System Checkpoint
RP1502: 7/2/2012 10:21:14 PM - System Checkpoint
RP1503: 7/4/2012 8:21:59 AM - System Checkpoint
RP1504: 7/5/2012 9:42:01 AM - System Checkpoint
RP1505: 7/6/2012 9:43:22 AM - System Checkpoint
RP1506: 7/7/2012 11:27:45 AM - System Checkpoint
RP1507: 7/8/2012 1:27:01 PM - System Checkpoint
RP1508: 7/9/2012 5:40:30 PM - System Checkpoint
RP1509: 7/10/2012 11:46:18 PM - System Checkpoint
RP1510: 7/11/2012 10:00:20 AM - Software Distribution Service 3.0
RP1511: 7/12/2012 10:47:36 AM - System Checkpoint
RP1512: 7/13/2012 10:55:56 AM - System Checkpoint
RP1513: 7/14/2012 1:51:19 PM - System Checkpoint
RP1514: 7/15/2012 2:17:20 PM - System Checkpoint
RP1515: 7/16/2012 3:03:27 PM - System Checkpoint
RP1516: 7/17/2012 5:37:22 PM - System Checkpoint
RP1517: 7/18/2012 6:42:46 PM - System Checkpoint
RP1518: 7/19/2012 8:33:43 PM - System Checkpoint
RP1519: 7/21/2012 7:58:04 AM - System Checkpoint
RP1520: 7/22/2012 1:09:57 PM - System Checkpoint
RP1521: 7/28/2012 10:25:56 PM - System Checkpoint
RP1522: 7/29/2012 11:10:16 PM - System Checkpoint
RP1523: 7/31/2012 1:24:13 AM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
888casino
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
Adobe Shockwave Player
AOLIcon
ArcSoft PhotoImpression 6
ArcSoft Print Creations
avast! Free Antivirus
Bejeweled 2 Deluxe
Bejeweled 3
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Corel Photo Album 6
Dell Support 3.2
Dell System Restore
Digital Line Detect
DivX Setup
Documentation & Support Launcher
EducateU
ELIcon
EPSON Stylus CX4400 Series Scanner Driver Update
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Smart Web Printing
HP Update
HPSSupply
Java Auto Updater
Java(TM) 6 Update 30
Learn2 Player (Uninstall Only)
Mah Jong Tiles Deluxe
Malwarebytes Anti-Malware version 1.62.0.1300
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
NetWaiting
NVIDIA Drivers
Personal Ancestral File 5
QuickTime
RealPlayer Basic
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
SmartWebPrintingOC
Sonic Activation Module
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
WebFldrs XP
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
7/31/2012 12:53:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
7/31/2012 12:49:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
7/31/2012 12:45:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/31/2012 12:44:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Fips nvatabus nvraid
7/31/2012 12:43:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/28/2012 9:06:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid
7/28/2012 9:06:42 PM, error: Service Control Manager [7000] - The 5016 service failed to start due to the following error: The system cannot find the file specified.
7/28/2012 8:15:11 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
.
==== End Of File ===========================
Bobc5025
Active Member
 
Posts: 8
Joined: July 31st, 2012, 5:49 pm
Advertisement
Register to Remove

Re: internet explorer hijacked

Unread postby deltalima » August 4th, 2012, 5:02 pm

checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: internet explorer hijacked

Unread postby deltalima » August 4th, 2012, 5:12 pm

Hi Bobc5025,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Rootkit Warning
Your computer has multiple infections, including a rootkit.
A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:
  1. Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  2. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
    If you don't mind the hassle, change all your account numbers.
  3. From a clean computer, change all your passwords
    (Internet login, your email address(es), financial accounts, PayPal, eBay, Amazon...any online activities you carry out which require a username and password).
    Do NOT change your passwords from this computer, the attacker can still get all the new passwords and transaction records.
  4. Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again.
Many experts in the security community believe that once infected with this type of Trojan,
the best course of action would be to do a reformat and re-installation of the operating system (OS).
This decision will have to be made by you...


We can attempt to clean this machine but we will not guarantee that it won't still be compromised, afterwards.
Please let me know how you wish to proceed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: internet explorer hijacked

Unread postby Bobc5025 » August 6th, 2012, 3:50 pm

Let's try to clean
Bobc5025
Active Member
 
Posts: 8
Joined: July 31st, 2012, 5:49 pm

Re: internet explorer hijacked

Unread postby deltalima » August 6th, 2012, 3:58 pm

Hi Bobc5025,

Let's try to clean


OK, before we start can I ask is this computer used for business in any way?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: internet explorer hijacked

Unread postby Bobc5025 » August 7th, 2012, 11:39 pm

No this computer is not used for buisness
Bobc5025
Active Member
 
Posts: 8
Joined: July 31st, 2012, 5:49 pm

Re: internet explorer hijacked

Unread postby deltalima » August 8th, 2012, 4:21 am

Hi Bobc5025,

Please boot into normal mode.

Rkill

Please download Rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • A notepad windows will open, please post the contents in your next reply
  • This log can also be found at C:\rkill.log
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: internet explorer hijacked

Unread postby Bobc5025 » August 9th, 2012, 12:08 am

Thank you for your help thees are the logs in order.

Rkill 2.0.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/08/2012 09:34:11 PM in x86 mode.
Windows Version: Windows XP

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\WINDOWS\stsystra.exe (PID: 1960) [WD-HEUR]
* C:\WINDOWS\System32\DLA\DLACTRLW.EXE (PID: 1980) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@"was reset to comfile!


Performing miscellaneous checks.

* No issues found.

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/08/2012 09:36:39 PM
Execution time: 0 hours(s), 2 minute(s), and 27 seconds(s)




OTL logfile created on: 8/8/2012 9:40:05 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\All Users\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.69 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 77.16% Memory free
2.19 Gb Paging File | 1.95 Gb Available in Paging File | 88.96% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.07 Gb Total Space | 42.53 Gb Free Space | 59.85% Space Free | Partition Type: NTFS
Drive E: | 249.70 Mb Total Space | 128.67 Mb Free Space | 51.53% Space Free | Partition Type: FAT

Computer Name: GARN | User Name: Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\All Users\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\WINDOWS\system32\nvapi.dll ()


========== Win32 Services (SafeList) ==========

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (5016) -- C:\DOCUME~1\Computer\LOCALS~1\Temp\5016.sys File not found
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=0061019
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cli ... bd=0061019
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q={searchTerms}&crm=1


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=0061019
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=0061019
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2193443775-2499276585-758302993-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-2193443775-2499276585-758302993-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-2193443775-2499276585-758302993-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2193443775-2499276585-758302993-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-2193443775-2499276585-758302993-1007\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKU\S-1-5-21-2193443775-2499276585-758302993-1007\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.iplay.com/searchresult ... =chrome&q={searchTerms}
IE - HKU\S-1-5-21-2193443775-2499276585-758302993-1007\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-2193443775-2499276585-758302993-1007\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3013973
IE - HKU\S-1-5-21-2193443775-2499276585-758302993-1007\..\SearchScopes\{FBD9499A-91EC-C593-1D50-7512683B52A6}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z137&form=ZGAIDF&install_date=20111006&iesrc={referrer:source}
IE - HKU\S-1-5-21-2193443775-2499276585-758302993-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2193443775-2499276585-758302993-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Computer\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Computer\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Computer\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Computer\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\gcffxtbr@WeatherBlink.com: C:\Program Files\WeatherBlink\bar\1.bin
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Computer\Application Data\Move Networks [2010/01/09 10:00:22 | 000,000,000 | ---D | M]

[2011/06/02 16:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Computer\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://start.msn.iplay.com/?o=shp
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://start.msn.iplay.com/?o=shp
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Computer\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Computer\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Computer\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Computer\Application Data\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Computer\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Computer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Computer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Computer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/21 13:51:13 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-2193443775-2499276585-758302993-1007..\Run: [RegisteredApplications] C:\Documents and Settings\Computer\Local Settings\Application Data\RegisteredApplications\gayulvlv.dll (Sun Microsystems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2193443775-2499276585-758302993-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2193443775-2499276585-758302993-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2193443775-2499276585-758302993-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2193443775-2499276585-758302993-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/produ ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Bejeweled%203/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/sh ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab (DLM Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/share ... insctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 2217559328 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/share ... cgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Bejeweled%203/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B3C7C43-6A92-40F7-A3C6-2924E9BA6712}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Computer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/08 21:30:48 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\OTL.exe
[2012/08/08 21:30:46 | 001,051,552 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\All Users\Desktop\rkill.exe
[2012/07/31 12:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2012/07/31 12:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/07/31 12:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\RegisteredApplications
[2012/07/22 23:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/07/22 23:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/07/22 21:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/07/22 21:01:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/07/21 14:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\RegisteredApplications
[2012/07/21 12:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Computer\Local Settings\Application Data\RegisteredApplications

========== Files - Modified Within 30 Days ==========

[2012/08/08 21:40:39 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/08 21:33:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/08 21:33:41 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/08/08 21:33:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/08 21:33:29 | 1810,354,176 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/08 21:05:44 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\md8h71d7.exe
[2012/08/08 21:05:04 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Desktop\OTL.exe
[2012/08/08 21:02:32 | 001,051,552 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\All Users\Desktop\rkill.exe
[2012/07/31 11:53:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/31 11:48:33 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2193443775-2499276585-758302993-1007UA.job
[2012/07/31 09:46:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2193443775-2499276585-758302993-1007Core.job
[2012/07/27 06:53:57 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/07/27 06:53:56 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/07/24 08:18:18 | 000,001,508 | ---- | M] () -- C:\Documents and Settings\Computer\Desktop\Hearts.lnk
[2012/07/23 13:05:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/21 13:51:13 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/12 00:50:50 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\Computer\Desktop\Google Chrome.lnk
[2012/07/12 00:50:50 | 000,002,319 | ---- | M] () -- C:\Documents and Settings\Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/11 10:30:15 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 10:07:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/08/08 21:33:29 | 1810,354,176 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/08 21:31:20 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\md8h71d7.exe
[2012/02/15 14:44:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/17 15:04:52 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Computer\g2mdlhlpx.exe
[2012/01/07 16:31:17 | 000,052,942 | ---- | C] () -- C:\Program Files\EULA.eng
[2011/10/21 16:33:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/06 12:41:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/06 12:41:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/06 12:41:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/06 12:41:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/06 12:41:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/24 15:33:27 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Computer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/20 14:56:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Computer\Application Data\wklnhst.dat
[2009/12/11 15:58:48 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Computer\.asadminpass
[2009/12/11 15:58:30 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Computer\.asadmintruststore
[2009/12/01 11:28:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Computer\Ÿ;Ÿ;
[2009/10/16 10:18:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Computer\Ÿ9Ÿ9
[2008/12/06 00:29:50 | 000,000,090 | ---- | C] () -- C:\Documents and Settings\Computer\webct_upload_applet.properties
[2008/06/15 09:01:00 | 000,000,314 | ---- | C] () -- C:\Documents and Settings\Computer\jobq.dat
[2006/10/20 16:42:46 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Computer\Local Settings\Application Data\fusioncache.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E2B0AAB4
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5B78274
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55422315
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F4A0A6B

< End of report >



OTL Extras logfile created on: 8/8/2012 9:40:05 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\All Users\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.69 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 77.16% Memory free
2.19 Gb Paging File | 1.95 Gb Available in Paging File | 88.96% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.07 Gb Total Space | 42.53 Gb Free Space | 59.85% Space Free | Partition Type: NTFS
Drive E: | 249.70 Mb Total Space | 128.67 Mb Free Space | 51.53% Space Free | Partition Type: FAT

Computer Name: GARN | User Name: Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2193443775-2499276585-758302993-1007\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 30
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{471B83B9-29D8-41EC-9974-56BB8A457A8B}" = EPSON Stylus CX4400 Series Scanner Driver Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111412653}" = Mah Jong Tiles Deluxe
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"888casino" = 888casino
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"avast" = avast! Free Antivirus
"Bejeweled 3" = Bejeweled 3
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"DivX Setup.divx.com" = DivX Setup
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Smart Web Printing" = HP Smart Web Printing
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SearchAssist" = SearchAssist
"Shop for HP Supplies" = Shop for HP Supplies
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2193443775-2499276585-758302993-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.8.0.723
"Move Media Player" = Move Media Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/18/2012 9:09:29 AM | Computer Name = GARN | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/21/2012 4:16:17 PM | Computer Name = GARN | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 7/21/2012 5:51:49 PM | Computer Name = GARN | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 7/22/2012 3:20:35 PM | Computer Name = GARN | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19258, fault address 0x000a75bf.

Error - 7/28/2012 12:12:38 PM | Computer Name = GARN | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 7/31/2012 2:26:28 PM | Computer Name = GARN | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 7/31/2012 2:33:16 PM | Computer Name = GARN | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 7/31/2012 2:41:45 PM | Computer Name = GARN | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 7/31/2012 2:47:15 PM | Computer Name = GARN | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Program Files\Common Files\Wise Installation
Wizard\WISCC1F6DA021D2425AB1B65B164A598450_4_9_12_4023.MSI is not permitted due
to an error in software restriction policy processing. The object cannot be trusted.

Error - 7/31/2012 2:49:12 PM | Computer Name = GARN | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Program Files\Common Files\Wise Installation
Wizard\WISCC1F6DA021D2425AB1B65B164A598450_4_9_12_4023.MSI is not permitted due
to an error in software restriction policy processing. The object cannot be trusted.

[ System Events ]
Error - 7/31/2012 2:53:02 PM | Computer Name = GARN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}

Error - 7/31/2012 6:16:49 PM | Computer Name = GARN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/8/2012 11:30:29 PM | Computer Name = GARN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/8/2012 11:31:38 PM | Computer Name = GARN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/8/2012 11:31:49 PM | Computer Name = GARN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/8/2012 11:32:26 PM | Computer Name = GARN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/8/2012 11:32:30 PM | Computer Name = GARN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/8/2012 11:33:53 PM | Computer Name = GARN | Source = Service Control Manager | ID = 7000
Description = The 5016 service failed to start due to the following error: %%2

Error - 8/8/2012 11:33:53 PM | Computer Name = GARN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
nvatabus nvraid

Error - 8/8/2012 11:41:19 PM | Computer Name = GARN | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-08 22:20:55
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST3808110AS rev.3.ADH
Running: md8h71d7.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdqpog.sys


---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ZwResumeThread 80578F00 1 Byte [CC] {INT 3 }
.text ACPI.sys F75A8300 24 Bytes [00, 00, 00, 00, 00, 00, 8B, ...]
.text ACPI.sys F75A8319 7 Bytes [00, 6A, 0C, E8, AD, 13, 01]
.text ACPI.sys F75A8321 4 Bytes [56, 68, CA, B6]
.text ACPI.sys F75A8327 3 Bytes [68, 5B, 2A]
.text ACPI.sys F75A8339 7 Bytes [56, 6A, 0B, E8, 8D, 13, 01]
.text ...
.text C:\WINDOWS\system32\drivers\ACPI.sys section is writeable [0xF75A8300, 0x1AF00, 0xE8000020]
.rsrc C:\WINDOWS\system32\drivers\ACPI.sys section is executable [0xF75D1F00, 0x18E8, 0xE8000040]
.reloc C:\WINDOWS\system32\drivers\ACPI.sys section is executable [0xF75D3800, 0x2506, 0xE8000040]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[1020] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 001A3E39
.text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\system32\svchost.exe[1020] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 001A47A7
.text C:\WINDOWS\system32\svchost.exe[1020] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 001A47F6
.text C:\WINDOWS\system32\svchost.exe[1020] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 001A4856
.text C:\WINDOWS\system32\svchost.exe[1020] USER32.dll!IsWindowVisible 7E429E3D 5 Bytes JMP 001A487D
.text C:\WINDOWS\system32\svchost.exe[1020] USER32.dll!MessageBoxIndirectW 7E4664D5 6 Bytes [33, C0, 40, C2, 04, 00] {XOR EAX, EAX; INC EAX; RET 0x4}
.text C:\WINDOWS\system32\svchost.exe[1020] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 001A4974
.text C:\WINDOWS\system32\svchost.exe[1020] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 001A494A
.text C:\WINDOWS\system32\svchost.exe[1020] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 001A4743

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A06E2E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8A06E2E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A06E2E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8A06E2E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8A06E2E2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A06E2E2

---- Threads - GMER 1.0.15 ----

Thread System [4:560] 89E960F4

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----
Bobc5025
Active Member
 
Posts: 8
Joined: July 31st, 2012, 5:49 pm

Re: internet explorer hijacked

Unread postby deltalima » August 9th, 2012, 3:35 am

Hi Bobc5025,

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click the TDSSKiller icon on you're desktop then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: internet explorer hijacked

Unread postby Bobc5025 » August 9th, 2012, 4:38 pm

13:11:29.0171 1812 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:11:31.0171 1812 ============================================================
13:11:31.0171 1812 Current date / time: 2012/08/09 13:11:31.0171
13:11:31.0171 1812 SystemInfo:
13:11:31.0171 1812
13:11:31.0171 1812 OS Version: 5.1.2600 ServicePack: 3.0
13:11:31.0171 1812 Product type: Workstation
13:11:31.0171 1812 ComputerName: GARN
13:11:31.0171 1812 UserName: Computer
13:11:31.0171 1812 Windows directory: C:\WINDOWS
13:11:31.0171 1812 System windows directory: C:\WINDOWS
13:11:31.0171 1812 Processor architecture: Intel x86
13:11:31.0171 1812 Number of processors: 1
13:11:31.0171 1812 Page size: 0x1000
13:11:31.0171 1812 Boot type: Normal boot
13:11:31.0171 1812 ============================================================
13:11:33.0531 1812 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:11:33.0531 1812 Drive \Device\Harddisk1\DR4 - Size: 0xFA00000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:11:33.0531 1812 ============================================================
13:11:33.0531 1812 \Device\Harddisk0\DR0:
13:11:33.0531 1812 MBR partitions:
13:11:33.0531 1812 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x8E256BE
13:11:33.0531 1812 \Device\Harddisk1\DR4:
13:11:33.0531 1812 MBR partitions:
13:11:33.0531 1812 \Device\Harddisk1\DR4\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x7CFE0
13:11:33.0531 1812 ============================================================
13:11:33.0859 1812 C: <-> \Device\Harddisk0\DR0\Partition0
13:11:33.0859 1812 ============================================================
13:11:33.0859 1812 Initialize success
13:11:33.0859 1812 ============================================================
13:11:53.0265 2020 ============================================================
13:11:53.0265 2020 Scan started
13:11:53.0281 2020 Mode: Manual;
13:11:53.0281 2020 ============================================================
13:11:53.0578 2020 5016 - ok
13:11:53.0625 2020 Abiosdsk - ok
13:11:53.0687 2020 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:11:53.0703 2020 abp480n5 - ok
13:11:53.0765 2020 ACPI (ea38c961260f29295c6d03070fa9d0b5) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:11:53.0765 2020 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: ea38c961260f29295c6d03070fa9d0b5, Fake md5: 8fd99680a539792a30e97944fdaecf17
13:11:53.0781 2020 ACPI ( Virus.Win32.Rloader.a ) - infected
13:11:53.0781 2020 ACPI - detected Virus.Win32.Rloader.a (0)
13:11:53.0828 2020 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:11:53.0828 2020 ACPIEC - ok
13:11:53.0937 2020 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:11:53.0953 2020 AdobeFlashPlayerUpdateSvc - ok
13:11:54.0000 2020 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:11:54.0000 2020 adpu160m - ok
13:11:54.0046 2020 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:11:54.0062 2020 aec - ok
13:11:54.0125 2020 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
13:11:54.0125 2020 Afc - ok
13:11:54.0171 2020 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:11:54.0187 2020 AFD - ok
13:11:54.0218 2020 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:11:54.0218 2020 agp440 - ok
13:11:54.0265 2020 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:11:54.0265 2020 agpCPQ - ok
13:11:54.0296 2020 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:11:54.0296 2020 Aha154x - ok
13:11:54.0328 2020 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:11:54.0343 2020 aic78u2 - ok
13:11:54.0359 2020 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:11:54.0359 2020 aic78xx - ok
13:11:54.0406 2020 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:11:54.0406 2020 Alerter - ok
13:11:54.0453 2020 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:11:54.0453 2020 ALG - ok
13:11:54.0484 2020 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:11:54.0484 2020 AliIde - ok
13:11:54.0500 2020 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:11:54.0515 2020 alim1541 - ok
13:11:54.0546 2020 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:11:54.0546 2020 amdagp - ok
13:11:54.0593 2020 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
13:11:54.0593 2020 AmdK8 - ok
13:11:54.0640 2020 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:11:54.0640 2020 amsint - ok
13:11:54.0656 2020 AppMgmt - ok
13:11:54.0671 2020 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:11:54.0671 2020 asc - ok
13:11:54.0687 2020 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:11:54.0687 2020 asc3350p - ok
13:11:54.0703 2020 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:11:54.0718 2020 asc3550 - ok
13:11:54.0765 2020 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
13:11:54.0765 2020 ASCTRM - ok
13:11:54.0875 2020 aspnet_state (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
13:11:54.0875 2020 aspnet_state - ok
13:11:54.0953 2020 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:11:54.0953 2020 AsyncMac - ok
13:11:54.0984 2020 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:11:55.0000 2020 atapi - ok
13:11:55.0000 2020 Atdisk - ok
13:11:55.0046 2020 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:11:55.0062 2020 Atmarpc - ok
13:11:55.0109 2020 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:11:55.0109 2020 AudioSrv - ok
13:11:55.0140 2020 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:11:55.0140 2020 audstub - ok
13:11:55.0187 2020 bcm4sbxp (78e7b52da292fa90bad2f887bbf22159) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
13:11:55.0187 2020 bcm4sbxp - ok
13:11:55.0234 2020 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:11:55.0234 2020 Beep - ok
13:11:55.0296 2020 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:11:55.0359 2020 BITS - ok
13:11:55.0406 2020 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:11:55.0421 2020 Browser - ok
13:11:55.0437 2020 catchme - ok
13:11:55.0484 2020 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:11:55.0484 2020 cbidf - ok
13:11:55.0515 2020 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:11:55.0515 2020 cbidf2k - ok
13:11:55.0546 2020 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:11:55.0546 2020 cd20xrnt - ok
13:11:55.0593 2020 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:11:55.0609 2020 Cdaudio - ok
13:11:55.0671 2020 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:11:55.0671 2020 Cdfs - ok
13:11:55.0687 2020 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:11:55.0703 2020 Cdrom - ok
13:11:55.0718 2020 Changer - ok
13:11:55.0765 2020 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:11:55.0765 2020 CiSvc - ok
13:11:55.0796 2020 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:11:55.0796 2020 ClipSrv - ok
13:11:55.0843 2020 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:11:55.0843 2020 CmdIde - ok
13:11:55.0859 2020 COMSysApp - ok
13:11:55.0906 2020 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:11:55.0921 2020 Cpqarray - ok
13:11:55.0953 2020 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:11:55.0968 2020 CryptSvc - ok
13:11:56.0015 2020 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:11:56.0046 2020 dac2w2k - ok
13:11:56.0062 2020 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:11:56.0062 2020 dac960nt - ok
13:11:56.0109 2020 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:11:56.0140 2020 DcomLaunch - ok
13:11:56.0187 2020 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:11:56.0187 2020 Dhcp - ok
13:11:56.0218 2020 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:11:56.0218 2020 Disk - ok
13:11:56.0296 2020 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
13:11:56.0296 2020 DLABOIOM - ok
13:11:56.0328 2020 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
13:11:56.0328 2020 DLACDBHM - ok
13:11:56.0343 2020 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
13:11:56.0359 2020 DLADResN - ok
13:11:56.0359 2020 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
13:11:56.0375 2020 DLAIFS_M - ok
13:11:56.0390 2020 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
13:11:56.0390 2020 DLAOPIOM - ok
13:11:56.0406 2020 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
13:11:56.0406 2020 DLAPoolM - ok
13:11:56.0421 2020 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
13:11:56.0421 2020 DLARTL_N - ok
13:11:56.0437 2020 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
13:11:56.0437 2020 DLAUDFAM - ok
13:11:56.0453 2020 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
13:11:56.0468 2020 DLAUDF_M - ok
13:11:56.0484 2020 dmadmin - ok
13:11:56.0546 2020 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:11:56.0578 2020 dmboot - ok
13:11:56.0593 2020 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:11:56.0593 2020 dmio - ok
13:11:56.0656 2020 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:11:56.0656 2020 dmload - ok
13:11:56.0703 2020 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:11:56.0703 2020 dmserver - ok
13:11:56.0734 2020 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:11:56.0734 2020 DMusic - ok
13:11:56.0781 2020 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:11:56.0781 2020 Dnscache - ok
13:11:56.0843 2020 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:11:56.0843 2020 Dot3svc - ok
13:11:56.0890 2020 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:11:56.0890 2020 dpti2o - ok
13:11:56.0906 2020 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:11:56.0906 2020 drmkaud - ok
13:11:57.0265 2020 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
13:11:57.0281 2020 DRVMCDB - ok
13:11:57.0296 2020 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
13:11:57.0296 2020 DRVNDDM - ok
13:11:57.0765 2020 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
13:11:57.0765 2020 DSproct - ok
13:11:57.0906 2020 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:11:57.0921 2020 E100B - ok
13:11:58.0000 2020 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:11:58.0015 2020 EapHost - ok
13:11:58.0062 2020 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:11:58.0062 2020 ERSvc - ok
13:11:58.0078 2020 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:11:58.0093 2020 Eventlog - ok
13:11:58.0125 2020 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
13:11:58.0125 2020 EventSystem - ok
13:11:58.0171 2020 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:11:58.0187 2020 Fastfat - ok
13:11:58.0234 2020 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:11:58.0234 2020 FastUserSwitchingCompatibility - ok
13:11:58.0265 2020 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:11:58.0265 2020 Fdc - ok
13:11:58.0281 2020 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:11:58.0281 2020 Fips - ok
13:11:58.0296 2020 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:11:58.0296 2020 Flpydisk - ok
13:11:58.0328 2020 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:11:58.0328 2020 FltMgr - ok
13:11:58.0359 2020 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:11:58.0375 2020 Fs_Rec - ok
13:11:58.0406 2020 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:11:58.0406 2020 Ftdisk - ok
13:11:58.0453 2020 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:11:58.0453 2020 Gpc - ok
13:11:58.0562 2020 gupdate1c9e164860d0830 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
13:11:58.0578 2020 gupdate1c9e164860d0830 - ok
13:11:58.0593 2020 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
13:11:58.0593 2020 gupdatem - ok
13:11:58.0625 2020 gusvc - ok
13:11:58.0656 2020 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:11:58.0656 2020 HDAudBus - ok
13:11:58.0750 2020 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:11:58.0750 2020 helpsvc - ok
13:11:58.0781 2020 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
13:11:58.0781 2020 HidServ - ok
13:11:58.0828 2020 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:11:58.0828 2020 HidUsb - ok
13:11:58.0875 2020 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:11:58.0875 2020 hkmsvc - ok
13:11:58.0953 2020 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:11:58.0968 2020 hpn - ok
13:11:59.0015 2020 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:11:59.0015 2020 HPZid412 - ok
13:11:59.0031 2020 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:11:59.0031 2020 HPZipr12 - ok
13:11:59.0046 2020 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:11:59.0062 2020 HPZius12 - ok
13:11:59.0093 2020 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
13:11:59.0109 2020 HSFHWBS2 - ok
13:11:59.0171 2020 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
13:11:59.0203 2020 HSF_DP - ok
13:11:59.0265 2020 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:11:59.0281 2020 HTTP - ok
13:11:59.0328 2020 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:11:59.0328 2020 HTTPFilter - ok
13:11:59.0375 2020 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:11:59.0390 2020 i2omgmt - ok
13:11:59.0406 2020 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:11:59.0421 2020 i2omp - ok
13:11:59.0437 2020 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:11:59.0437 2020 i8042prt - ok
13:11:59.0453 2020 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:11:59.0453 2020 Imapi - ok
13:11:59.0515 2020 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:11:59.0531 2020 ImapiService - ok
13:11:59.0562 2020 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:11:59.0578 2020 ini910u - ok
13:11:59.0609 2020 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:11:59.0609 2020 IntelIde - ok
13:11:59.0640 2020 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:11:59.0640 2020 intelppm - ok
13:11:59.0656 2020 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:11:59.0656 2020 Ip6Fw - ok
13:11:59.0703 2020 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:11:59.0703 2020 IpFilterDriver - ok
13:11:59.0734 2020 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:11:59.0734 2020 IpInIp - ok
13:11:59.0765 2020 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:11:59.0781 2020 IpNat - ok
13:11:59.0796 2020 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:11:59.0796 2020 IPSec - ok
13:11:59.0812 2020 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:11:59.0812 2020 IRENUM - ok
13:11:59.0859 2020 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:11:59.0859 2020 isapnp - ok
13:12:00.0031 2020 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
13:12:00.0046 2020 JavaQuickStarterService - ok
13:12:00.0062 2020 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:12:00.0062 2020 Kbdclass - ok
13:12:00.0078 2020 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:12:00.0078 2020 kbdhid - ok
13:12:00.0109 2020 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:12:00.0109 2020 kmixer - ok
13:12:00.0171 2020 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:12:00.0171 2020 KSecDD - ok
13:12:00.0218 2020 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:12:00.0218 2020 lanmanserver - ok
13:12:00.0265 2020 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
13:12:00.0265 2020 lanmanworkstation - ok
13:12:00.0281 2020 lbrtfdc - ok
13:12:00.0328 2020 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:12:00.0343 2020 LmHosts - ok
13:12:00.0437 2020 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
13:12:00.0453 2020 MDM - ok
13:12:00.0484 2020 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:12:00.0484 2020 mdmxsdk - ok
13:12:00.0515 2020 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:12:00.0515 2020 Messenger - ok
13:12:00.0562 2020 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:12:00.0562 2020 mnmdd - ok
13:12:00.0609 2020 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:12:00.0609 2020 mnmsrvc - ok
13:12:00.0640 2020 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:12:00.0640 2020 Modem - ok
13:12:00.0656 2020 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:12:00.0656 2020 MODEMCSA - ok
13:12:00.0671 2020 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:12:00.0671 2020 Mouclass - ok
13:12:00.0718 2020 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:12:00.0718 2020 mouhid - ok
13:12:00.0750 2020 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:12:00.0750 2020 MountMgr - ok
13:12:00.0796 2020 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:12:00.0796 2020 mraid35x - ok
13:12:00.0812 2020 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:12:00.0843 2020 MRxDAV - ok
13:12:00.0890 2020 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:12:00.0906 2020 MRxSmb - ok
13:12:00.0937 2020 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:12:00.0953 2020 MSDTC - ok
13:12:00.0984 2020 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:12:00.0984 2020 Msfs - ok
13:12:00.0984 2020 MSIServer - ok
13:12:01.0000 2020 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:12:01.0000 2020 MSKSSRV - ok
13:12:01.0015 2020 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:12:01.0015 2020 MSPCLOCK - ok
13:12:01.0031 2020 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:12:01.0031 2020 MSPQM - ok
13:12:01.0046 2020 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:12:01.0046 2020 mssmbios - ok
13:12:01.0078 2020 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:12:01.0093 2020 Mup - ok
13:12:01.0140 2020 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:12:01.0156 2020 napagent - ok
13:12:01.0187 2020 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:12:01.0203 2020 NDIS - ok
13:12:01.0234 2020 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:12:01.0234 2020 NdisTapi - ok
13:12:01.0281 2020 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:12:01.0281 2020 Ndisuio - ok
13:12:01.0296 2020 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:12:01.0296 2020 NdisWan - ok
13:12:01.0343 2020 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:12:01.0343 2020 NDProxy - ok
13:12:01.0390 2020 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
13:12:01.0390 2020 Net Driver HPZ12 - ok
13:12:01.0406 2020 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:12:01.0406 2020 NetBIOS - ok
13:12:01.0453 2020 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:12:01.0453 2020 NetBT - ok
13:12:01.0500 2020 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:12:01.0500 2020 NetDDE - ok
13:12:01.0515 2020 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:12:01.0515 2020 NetDDEdsdm - ok
13:12:01.0546 2020 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:12:01.0562 2020 Netlogon - ok
13:12:01.0593 2020 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:12:01.0609 2020 Netman - ok
13:12:01.0671 2020 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:12:01.0687 2020 Nla - ok
13:12:01.0718 2020 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:12:01.0718 2020 Npfs - ok
13:12:01.0781 2020 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:12:01.0812 2020 Ntfs - ok
13:12:01.0828 2020 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:12:01.0828 2020 NtLmSsp - ok
13:12:01.0890 2020 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:12:01.0906 2020 NtmsSvc - ok
13:12:01.0984 2020 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:12:01.0984 2020 Null - ok
13:12:02.0218 2020 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:12:02.0328 2020 nv - ok
13:12:02.0390 2020 nvatabus (75562456aa672bb5fe56d3c64c6d1c7d) C:\WINDOWS\system32\drivers\nvatabus.sys
13:12:02.0390 2020 nvatabus - ok
13:12:02.0406 2020 nvraid (1d4781a5957300dc81b91161b45704bb) C:\WINDOWS\system32\drivers\nvraid.sys
13:12:02.0421 2020 nvraid - ok
13:12:02.0453 2020 NVSvc (986d6666e076afd2b60acafd5b01a00f) C:\WINDOWS\system32\nvsvc32.exe
13:12:02.0468 2020 NVSvc - ok
13:12:02.0515 2020 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:12:02.0515 2020 NwlnkFlt - ok
13:12:02.0531 2020 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:12:02.0531 2020 NwlnkFwd - ok
13:12:02.0593 2020 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:12:02.0609 2020 ose - ok
13:12:02.0656 2020 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:12:02.0656 2020 Parport - ok
13:12:02.0671 2020 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:12:02.0671 2020 PartMgr - ok
13:12:02.0703 2020 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:12:02.0718 2020 ParVdm - ok
13:12:02.0718 2020 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:12:02.0734 2020 PCI - ok
13:12:02.0734 2020 PCIDump - ok
13:12:02.0750 2020 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:12:02.0750 2020 PCIIde - ok
13:12:02.0781 2020 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:12:02.0796 2020 Pcmcia - ok
13:12:02.0796 2020 PDCOMP - ok
13:12:02.0812 2020 PDFRAME - ok
13:12:02.0828 2020 PDRELI - ok
13:12:02.0828 2020 PDRFRAME - ok
13:12:02.0859 2020 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
13:12:02.0859 2020 perc2 - ok
13:12:02.0890 2020 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:12:02.0890 2020 perc2hib - ok
13:12:02.0984 2020 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:12:02.0984 2020 PlugPlay - ok
13:12:03.0375 2020 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
13:12:03.0375 2020 Pml Driver HPZ12 - ok
13:12:03.0406 2020 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:12:03.0406 2020 PolicyAgent - ok
13:12:03.0453 2020 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:12:03.0453 2020 PptpMiniport - ok
13:12:03.0468 2020 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
13:12:03.0468 2020 Processor - ok
13:12:03.0484 2020 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:12:03.0484 2020 ProtectedStorage - ok
13:12:03.0500 2020 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:12:03.0500 2020 PSched - ok
13:12:03.0546 2020 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:12:03.0546 2020 Ptilink - ok
13:12:03.0593 2020 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:12:03.0625 2020 PxHelp20 - ok
13:12:03.0656 2020 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:12:03.0656 2020 ql1080 - ok
13:12:03.0671 2020 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:12:03.0671 2020 Ql10wnt - ok
13:12:03.0687 2020 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:12:03.0687 2020 ql12160 - ok
13:12:03.0703 2020 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:12:03.0703 2020 ql1240 - ok
13:12:03.0718 2020 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:12:03.0718 2020 ql1280 - ok
13:12:03.0734 2020 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:12:03.0750 2020 RasAcd - ok
13:12:03.0781 2020 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:12:03.0796 2020 RasAuto - ok
13:12:03.0828 2020 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:12:03.0828 2020 Rasl2tp - ok
13:12:03.0875 2020 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:12:03.0890 2020 RasMan - ok
13:12:03.0890 2020 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:12:03.0906 2020 RasPppoe - ok
13:12:03.0906 2020 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:12:03.0921 2020 Raspti - ok
13:12:03.0937 2020 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:12:03.0953 2020 Rdbss - ok
13:12:03.0953 2020 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:12:03.0953 2020 RDPCDD - ok
13:12:04.0000 2020 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:12:04.0015 2020 rdpdr - ok
13:12:04.0062 2020 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
13:12:04.0078 2020 RDPWD - ok
13:12:04.0109 2020 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:12:04.0125 2020 RDSessMgr - ok
13:12:04.0156 2020 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:12:04.0156 2020 redbook - ok
13:12:04.0203 2020 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:12:04.0203 2020 RemoteAccess - ok
13:12:04.0218 2020 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
13:12:04.0234 2020 RpcLocator - ok
13:12:04.0296 2020 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
13:12:04.0296 2020 RpcSs - ok
13:12:04.0343 2020 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:12:04.0375 2020 RSVP - ok
13:12:04.0421 2020 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:12:04.0421 2020 SamSs - ok
13:12:04.0468 2020 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:12:04.0468 2020 SCardSvr - ok
13:12:04.0515 2020 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:12:04.0531 2020 Schedule - ok
13:12:04.0593 2020 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:12:04.0593 2020 Secdrv - ok
13:12:04.0640 2020 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:12:04.0640 2020 seclogon - ok
13:12:04.0671 2020 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:12:04.0671 2020 SENS - ok
13:12:04.0703 2020 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:12:04.0734 2020 serenum - ok
13:12:04.0781 2020 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:12:04.0781 2020 Serial - ok
13:12:04.0828 2020 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:12:04.0828 2020 Sfloppy - ok
13:12:04.0875 2020 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:12:04.0890 2020 SharedAccess - ok
13:12:04.0937 2020 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:12:04.0953 2020 ShellHWDetection - ok
13:12:04.0968 2020 Simbad - ok
13:12:05.0015 2020 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:12:05.0015 2020 sisagp - ok
13:12:05.0062 2020 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:12:05.0078 2020 Sparrow - ok
13:12:05.0109 2020 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:12:05.0109 2020 splitter - ok
13:12:05.0156 2020 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:12:05.0156 2020 Spooler - ok
13:12:05.0203 2020 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:12:05.0218 2020 sr - ok
13:12:05.0265 2020 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:12:05.0281 2020 srservice - ok
13:12:05.0328 2020 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:12:05.0343 2020 Srv - ok
13:12:05.0375 2020 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:12:05.0375 2020 SSDPSRV - ok
13:12:05.0468 2020 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
13:12:05.0484 2020 STHDA - ok
13:12:05.0546 2020 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:12:05.0562 2020 stisvc - ok
13:12:05.0656 2020 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:12:05.0671 2020 swenum - ok
13:12:05.0703 2020 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:12:05.0703 2020 swmidi - ok
13:12:05.0718 2020 SwPrv - ok
13:12:05.0765 2020 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:12:05.0765 2020 symc810 - ok
13:12:05.0781 2020 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:12:05.0796 2020 symc8xx - ok
13:12:05.0828 2020 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:12:05.0828 2020 sym_hi - ok
13:12:05.0843 2020 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:12:05.0843 2020 sym_u3 - ok
13:12:05.0890 2020 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:12:05.0890 2020 sysaudio - ok
13:12:05.0953 2020 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:12:05.0953 2020 SysmonLog - ok
13:12:06.0015 2020 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:12:06.0031 2020 TapiSrv - ok
13:12:06.0078 2020 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:12:06.0093 2020 Tcpip - ok
13:12:06.0140 2020 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:12:06.0140 2020 TDPIPE - ok
13:12:06.0171 2020 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:12:06.0171 2020 TDTCP - ok
13:12:06.0218 2020 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:12:06.0218 2020 TermDD - ok
13:12:06.0281 2020 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:12:06.0296 2020 TermService - ok
13:12:06.0343 2020 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:12:06.0343 2020 Themes - ok
13:12:06.0406 2020 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
13:12:06.0406 2020 TosIde - ok
13:12:06.0437 2020 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:12:06.0453 2020 TrkWks - ok
13:12:06.0500 2020 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:12:06.0515 2020 Udfs - ok
13:12:06.0546 2020 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
13:12:06.0546 2020 ultra - ok
13:12:06.0578 2020 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
13:12:06.0578 2020 UMWdf - ok
13:12:06.0640 2020 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:12:06.0671 2020 Update - ok
13:12:06.0703 2020 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:12:06.0718 2020 upnphost - ok
13:12:06.0750 2020 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:12:06.0750 2020 UPS - ok
13:12:06.0812 2020 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:12:06.0828 2020 usbccgp - ok
13:12:06.0859 2020 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:12:06.0859 2020 usbehci - ok
13:12:06.0906 2020 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:12:06.0906 2020 usbhub - ok
13:12:06.0953 2020 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:12:06.0953 2020 usbohci - ok
13:12:07.0015 2020 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:12:07.0015 2020 usbprint - ok
13:12:07.0062 2020 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:12:07.0062 2020 usbscan - ok
13:12:07.0093 2020 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:12:07.0093 2020 USBSTOR - ok
13:12:07.0125 2020 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:12:07.0125 2020 usbuhci - ok
13:12:07.0171 2020 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:12:07.0171 2020 VgaSave - ok
13:12:07.0234 2020 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:12:07.0234 2020 viaagp - ok
13:12:07.0250 2020 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:12:07.0265 2020 ViaIde - ok
13:12:07.0296 2020 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:12:07.0312 2020 VolSnap - ok
13:12:07.0359 2020 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:12:07.0375 2020 VSS - ok
13:12:07.0437 2020 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:12:07.0437 2020 Wanarp - ok
13:12:07.0453 2020 wanatw - ok
13:12:07.0468 2020 WDICA - ok
13:12:07.0515 2020 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:12:07.0515 2020 wdmaud - ok
13:12:07.0578 2020 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:12:07.0578 2020 WebClient - ok
13:12:07.0656 2020 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:12:07.0687 2020 winachsf - ok
13:12:07.0765 2020 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:12:07.0781 2020 winmgmt - ok
13:12:07.0859 2020 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
13:12:07.0875 2020 WmdmPmSN - ok
13:12:07.0937 2020 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:12:07.0953 2020 WmiApSrv - ok
13:12:08.0015 2020 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
13:12:08.0031 2020 WpdUsb - ok
13:12:08.0078 2020 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
13:12:08.0078 2020 wscsvc - ok
13:12:08.0125 2020 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
13:12:08.0140 2020 wuauserv - ok
13:12:08.0203 2020 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:12:08.0218 2020 WZCSVC - ok
13:12:08.0265 2020 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:12:08.0281 2020 xmlprov - ok
13:12:08.0312 2020 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
13:12:08.0328 2020 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
13:12:08.0328 2020 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
13:12:08.0343 2020 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR4
13:12:12.0171 2020 \Device\Harddisk1\DR4 - ok
13:12:12.0187 2020 Boot (0x1200) (2372d361e8573bc8a2528731887faf9a) \Device\Harddisk0\DR0\Partition0
13:12:12.0187 2020 \Device\Harddisk0\DR0\Partition0 - ok
13:12:12.0187 2020 Boot (0x1200) (e1eeeade1d915a90c0862bce3eaf4de4) \Device\Harddisk1\DR4\Partition0
13:12:12.0203 2020 \Device\Harddisk1\DR4\Partition0 - ok
13:12:12.0203 2020 ============================================================
13:12:12.0203 2020 Scan finished
13:12:12.0203 2020 ============================================================
13:12:12.0218 2648 Detected object count: 2
13:12:12.0218 2648 Actual detected object count: 2
13:12:36.0046 2648 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
13:12:38.0078 2648 Backup copy found, using it..
13:12:38.0109 2648 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
13:12:38.0109 2648 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
13:12:38.0828 2648 \Device\Harddisk0\DR0\# - copied to quarantine
13:12:38.0828 2648 \Device\Harddisk0\DR0 - copied to quarantine
13:12:38.0906 2648 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
13:12:38.0937 2648 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
13:12:38.0937 2648 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
13:12:38.0937 2648 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
13:12:38.0937 2648 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
13:12:38.0953 2648 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
13:12:38.0953 2648 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
13:12:38.0984 2648 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
13:12:39.0000 2648 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
13:12:39.0015 2648 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
13:12:39.0015 2648 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
13:12:39.0015 2648 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
13:12:39.0031 2648 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
13:12:39.0031 2648 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
13:12:39.0031 2648 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
13:12:39.0046 2648 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
13:12:39.0046 2648 \Device\Harddisk0\DR0 - ok
13:12:40.0078 2648 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
13:12:49.0312 1724 Deinitialize success
Bobc5025
Active Member
 
Posts: 8
Joined: July 31st, 2012, 5:49 pm

Re: internet explorer hijacked

Unread postby deltalima » August 9th, 2012, 4:45 pm

Hi Bobc5025,

Please reboot the computer.

Next, run a quick scan with Malwarebytes and post the log in your next reply.

Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: internet explorer hijacked

Unread postby Bobc5025 » August 9th, 2012, 7:32 pm

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.09.11

Windows XP Service Pack 3 x86 FAT
Internet Explorer 8.0.6001.18702
Computer :: GARN [administrator]

8/9/2012 4:15:13 PM
mbam-log-2012-08-09 (17-48-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216960
Time elapsed: 8 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Documents and Settings\Computer\Local Settings\temp\jre-6u30-windows-i586-iftw-rvv.exe (Trojan.Happili) -> No action taken.
C:\Documents and Settings\Computer\Local Settings\temp\51.tmp (Trojan.Agent.EXPD1) -> No action taken.
C:\Documents and Settings\Computer\Local Settings\temp\55.tmp (Trojan.Agent.EXPD1) -> No action taken.

(end)


symptoms still the same having certificate problems when trying to get to e-mail on hotmail.com

Thanks Deltalima
Bobc5025
Active Member
 
Posts: 8
Joined: July 31st, 2012, 5:49 pm

Re: internet explorer hijacked

Unread postby deltalima » August 10th, 2012, 2:56 am

Hi Bobc5025,

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    :processes
    killallprocesses
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [RESETHOSTS]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Now please run a new scan with DDS and post the logs in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: internet explorer hijacked

Unread postby Bobc5025 » August 10th, 2012, 6:50 pm

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 33845462 bytes
->Temporary Internet Files folder emptied: 6270788 bytes
->Flash cache emptied: 492 bytes

User: All Users

User: Computer
->Temp folder emptied: 62047862 bytes
->Temporary Internet Files folder emptied: 103411631 bytes
->Java cache emptied: 50760079 bytes
->Google Chrome cache emptied: 347885841 bytes
->Flash cache emptied: 2876379 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 218965044 bytes
->Flash cache emptied: 16799 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 57671728 bytes
->Flash cache emptied: 2207 bytes

User: Owner
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 58740075 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 103715195 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2205997 bytes

Total Files Cleaned = 1,000.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Computer
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Computer
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

User: Owner

Total Java Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.56.0 log created on 08102012_100950

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Computer\Local Settings\Temp\fla50.tmp not found!
C:\Documents and Settings\Computer\Local Settings\Temporary Internet Files\Content.IE5\K4T18W6R\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Computer\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

PendingFileRenameOperations files...
File C:\Documents and Settings\Computer\Local Settings\Temp\fla50.tmp not found!
File C:\Documents and Settings\Computer\Local Settings\Temporary Internet Files\Content.IE5\K4T18W6R\viewtopic[1].htm not found!
File C:\Documents and Settings\Computer\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat not found!

Registry entries deleted on Reboot...



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=552656026c8cc64a8a2e26fe04a1433c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-10 10:16:19
# local_time=2012-08-10 04:16:19 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 84580515 84580515 0 0
# compatibility_mode=768 16777215 100 0 72224904 72224904 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=71953
# found=13
# cleaned=0
# scan_time=3226
C:\Documents and Settings\Computer\Local Settings\Application Data\RegisteredApplications\gayulvlv.dll.old a variant of Win32/Boaxxe.I trojan (unable to clean) 00000000000000000000000000000000 I
C:\MGtools\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\09.08.2012_13.11.31\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\09.08.2012_13.11.31\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\09.08.2012_13.11.31\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\09.08.2012_13.11.31\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\09.08.2012_13.11.31\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NH trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\09.08.2012_13.11.31\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\09.08.2012_13.11.31\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\09.08.2012_13.11.31\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\09.08.2012_13.11.31\mbr0000\tdlfs0000\tsk0014.dta Win32/Olmarik.AYI trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\09.08.2012_13.11.31\rtkt0000\svc0000\tsk0000.dta Win32/Simda.M.Gen trojan (unable to clean) 00000000000000000000000000000000 I


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Computer at 16:52:33 on 2012-08-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1726.1073 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page =
uSearch Bar =
uInternet Settings,ProxyOverride = <local>
mSearchAssistant =
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\progra~1\avasts~1\avast\aswWebRepIE.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\progra~1\avasts~1\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\computer\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RegisteredApplications] rundll32.exe "c:\documents and settings\computer\local settings\application data\registeredapplications\gayulvlv.dll",DllCanUnloadNow
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: musicmatch.com\online
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/produ ... wsdc32.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Bejeweled%203/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/sh ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/share ... insctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 2217559328
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/share ... cgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Bejeweled%203/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4B3C7C43-6A92-40F7-A3C6-2924E9BA6712} : DhcpNameServer = 192.168.2.1
.
============= SERVICES / DRIVERS ===============
.
S2 5016;5016;\??\c:\docume~1\computer\locals~1\temp\5016.sys --> c:\docume~1\computer\locals~1\temp\5016.sys [?]
S2 gupdate1c9e164860d0830;Google Update Service (gupdate1c9e164860d0830);c:\program files\google\update\GoogleUpdate.exe [2009-5-30 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-10 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-30 133104]
.
=============== Created Last 30 ================
.
2012-08-10 16:17:09 -------- d-----w- c:\program files\ESET
2012-08-10 16:09:50 -------- d-----w- C:\_OTL
2012-08-09 19:12:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-31 18:47:11 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-07-21 18:08:14 -------- d-----w- c:\documents and settings\computer\local settings\application data\RegisteredApplications
.
==================== Find3M ====================
.
2012-08-09 22:53:19 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-09 22:53:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-09 19:13:38 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2012-07-03 19:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 23:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 21:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 21:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 21:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 21:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 21:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 21:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 21:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
.
============= FINISH: 16:53:22.01 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/20/2006 3:13:48 PM
System Uptime: 8/10/2012 10:12:43 AM (6 hours ago)
.
Motherboard: Dell Inc | | 0HK980
Processor: AMD Sempron(tm) Processor 3400+ | Socket M2 | 1803/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 71 GiB total, 43.609 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1460: 5/13/2012 2:23:43 PM - System Checkpoint
RP1461: 5/14/2012 10:15:52 PM - System Checkpoint
RP1462: 5/15/2012 10:29:02 PM - System Checkpoint
RP1463: 5/16/2012 11:17:45 PM - System Checkpoint
RP1464: 5/17/2012 11:57:54 PM - System Checkpoint
RP1465: 5/19/2012 11:28:27 AM - System Checkpoint
RP1466: 5/20/2012 2:51:55 PM - System Checkpoint
RP1467: 5/21/2012 6:18:36 PM - System Checkpoint
RP1468: 5/23/2012 9:26:00 AM - System Checkpoint
RP1469: 5/24/2012 9:28:10 AM - System Checkpoint
RP1470: 5/25/2012 10:20:44 PM - System Checkpoint
RP1471: 5/26/2012 10:34:46 PM - System Checkpoint
RP1472: 5/28/2012 12:24:23 AM - System Checkpoint
RP1473: 5/29/2012 9:21:54 AM - System Checkpoint
RP1474: 5/30/2012 9:24:50 AM - System Checkpoint
RP1475: 5/31/2012 9:47:15 AM - System Checkpoint
RP1476: 6/1/2012 9:50:53 AM - System Checkpoint
RP1477: 6/2/2012 11:36:32 AM - System Checkpoint
RP1478: 6/3/2012 2:30:15 PM - System Checkpoint
RP1479: 6/4/2012 10:00:16 AM - Software Distribution Service 3.0
RP1480: 6/5/2012 10:39:15 AM - System Checkpoint
RP1481: 6/6/2012 10:48:46 AM - System Checkpoint
RP1482: 6/7/2012 5:42:44 PM - System Checkpoint
RP1483: 6/8/2012 5:53:47 PM - System Checkpoint
RP1484: 6/9/2012 7:04:03 PM - System Checkpoint
RP1485: 6/11/2012 6:06:19 AM - System Checkpoint
RP1486: 6/12/2012 10:09:23 AM - System Checkpoint
RP1487: 6/13/2012 10:00:16 AM - Software Distribution Service 3.0
RP1488: 6/14/2012 10:49:49 AM - System Checkpoint
RP1489: 6/15/2012 10:54:20 AM - System Checkpoint
RP1490: 6/16/2012 11:57:29 AM - System Checkpoint
RP1491: 6/17/2012 1:04:53 PM - System Checkpoint
RP1492: 6/18/2012 1:22:29 PM - System Checkpoint
RP1493: 6/19/2012 11:47:24 PM - System Checkpoint
RP1494: 6/21/2012 12:00:56 AM - System Checkpoint
RP1495: 6/24/2012 4:42:23 PM - System Checkpoint
RP1496: 6/25/2012 11:46:40 PM - System Checkpoint
RP1497: 6/27/2012 5:47:03 AM - System Checkpoint
RP1498: 6/28/2012 9:29:43 AM - System Checkpoint
RP1499: 6/29/2012 10:06:52 AM - System Checkpoint
RP1500: 6/30/2012 10:22:34 AM - System Checkpoint
RP1501: 7/1/2012 12:56:33 PM - System Checkpoint
RP1502: 7/2/2012 10:21:14 PM - System Checkpoint
RP1503: 7/4/2012 8:21:59 AM - System Checkpoint
RP1504: 7/5/2012 9:42:01 AM - System Checkpoint
RP1505: 7/6/2012 9:43:22 AM - System Checkpoint
RP1506: 7/7/2012 11:27:45 AM - System Checkpoint
RP1507: 7/8/2012 1:27:01 PM - System Checkpoint
RP1508: 7/9/2012 5:40:30 PM - System Checkpoint
RP1509: 7/10/2012 11:46:18 PM - System Checkpoint
RP1510: 7/11/2012 10:00:20 AM - Software Distribution Service 3.0
RP1511: 7/12/2012 10:47:36 AM - System Checkpoint
RP1512: 7/13/2012 10:55:56 AM - System Checkpoint
RP1513: 7/14/2012 1:51:19 PM - System Checkpoint
RP1514: 7/15/2012 2:17:20 PM - System Checkpoint
RP1515: 7/16/2012 3:03:27 PM - System Checkpoint
RP1516: 7/17/2012 5:37:22 PM - System Checkpoint
RP1517: 7/18/2012 6:42:46 PM - System Checkpoint
RP1518: 7/19/2012 8:33:43 PM - System Checkpoint
RP1519: 7/21/2012 7:58:04 AM - System Checkpoint
RP1520: 7/22/2012 1:09:57 PM - System Checkpoint
RP1521: 7/28/2012 10:25:56 PM - System Checkpoint
RP1522: 7/29/2012 11:10:16 PM - System Checkpoint
RP1523: 7/31/2012 1:24:13 AM - System Checkpoint
RP1524: 8/9/2012 1:32:20 PM - System Checkpoint
RP1525: 8/10/2012 10:10:06 AM - OTL Restore Point - 8/10/2012 10:10:02 AM
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
888casino
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
Adobe Shockwave Player
AOLIcon
ArcSoft PhotoImpression 6
ArcSoft Print Creations
avast! Free Antivirus
Bejeweled 2 Deluxe
Bejeweled 3
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Corel Photo Album 6
Dell Support 3.2
Dell System Restore
Digital Line Detect
DivX Setup
Documentation & Support Launcher
EducateU
ELIcon
EPSON Stylus CX4400 Series Scanner Driver Update
ESET Online Scanner v3
Google Chrome
Google Update Helper
Google Updater
GoToMeeting 4.8.0.723
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Smart Web Printing
HP Update
HPSSupply
Java Auto Updater
Java(TM) 6 Update 30
Learn2 Player (Uninstall Only)
Mah Jong Tiles Deluxe
Malwarebytes Anti-Malware version 1.62.0.1300
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Move Media Player
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
NetWaiting
NVIDIA Drivers
Personal Ancestral File 5
QuickTime
RealPlayer Basic
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
SmartWebPrintingOC
Sonic Activation Module
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
WebFldrs XP
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
8/9/2012 5:25:44 PM, error: Dhcp [1002] - The IP address lease 192.168.2.29 for the Network Card with network address 00137234BD52 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
8/9/2012 4:13:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: nvatabus nvraid
8/9/2012 4:13:36 PM, error: Service Control Manager [7000] - The 5016 service failed to start due to the following error: The system cannot find the file specified.
8/9/2012 1:14:08 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
8/9/2012 1:09:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/8/2012 10:21:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/8/2012 10:01:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Fips nvatabus nvraid
8/10/2012 10:09:52 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
8/10/2012 10:09:51 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
Bobc5025
Active Member
 
Posts: 8
Joined: July 31st, 2012, 5:49 pm

Re: internet explorer hijacked

Unread postby deltalima » August 11th, 2012, 10:47 am

Hi Bobc5025,

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    :files
    C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll
    :commands
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please download aswMBR and save it to your Desktop.
  • Double click aswMBR.exe to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.

Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 9 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware