Hijackthis log: worried my computer was hacked, internet explorer keeps closing

Inactive
By shay413
Mar 16, 2012
Topic Status:
Not open for further replies.
  1. Hijackthis log: Hello, I am very worried that my computer has been hacked, or a keylogger is installed. I just learned one of my Facebook friends that also knows my email address has been doing this to people and he got upset with me recently. My internet explorer keeps saying "internet explorer has encountered a problem and needs to close" and it is doing this repeatedly. Also my computer has been running slower. I have no idea if these things could be related but I am worried and upset, I would love for somone who knows something about this to look at my "hijackthis" log and tell me if you see anything suspiscious. Thanks so much!

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Welcome to TechSpot! I'll be glad to help you but we don't use HijackThis to screen for malware, so I don't need it now. Please also note in the following tat all logs must be pasted into the reply.

    It is possible that the problems are related so if you would like us to check the system for malware, please follow these steps: Preliminary Virus and Malware Removal.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    ========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
  3. shay413

    shay413 Newcomer, in training Topic Starter

    Pasted logs from your instructions

    Thank you so much for your help! I apologize for attaching the hijack this log, I wasn't sure what I was supposed to do so your information has been very helpful! I followed the instructions in your reply and I hope I did everything just perfect. Again thank you for your help as I have no idea how to identify or deal with these problems! Just to remind you I was worried that my computer has been hacked and also Internet explorer keeps closing with a message saying "we're sorry, internet explorer is not responding and needs to close" and also my computer is running slower. Thanks again! Here are the logs:

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.20.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Debra :: DEBRA-A14EB9AE5 [administrator]

    3/19/2012 11:56:37 PM
    mbam-log-2012-03-19 (23-56-37).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 172754
    Time elapsed: 8 minute(s), 14 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-03-20 01:27:46
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BEVE-00A0HT0 rev.11.01A11
    Running: zm888sc6.exe; Driver: C:\DOCUME~1\Debra\LOCALS~1\Temp\pwwyqaob.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    ? C:\DOCUME~1\Debra\LOCALS~1\Temp\pwwyqaoc.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\SearchIndexer.exe[316] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6134649C] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6134649C] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [613478C9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61346CC4] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61346CC4] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [613463D7] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61346306] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61346344] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6134649C] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [613478C9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61346537] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61346344] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61346CC4] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [613463D7] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61346CC4] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [613464A2] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61346306] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] [6134657C] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
    IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[3048] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] [61346622] C:\PROGRA~1\Yahoo!\Messenger\yui.dll

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Debra at 12:07:30 on 2012-03-20
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1371 [GMT -6:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
    mRun: [SigmaTel StacMon] c:\program files\sigmatel\sigmatel ac97 audio drivers\stacmon.exe
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276718246674
    TCP: DhcpNameServer = 67.137.240.25 67.137.240.12 204.130.255.3
    TCP: Interfaces\{E4E11AE3-45C6-410F-A8C5-CEBE384C6185} : DhcpNameServer = 67.137.240.25 67.137.240.12 204.130.255.3
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-6 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-6 136176]
    .
    =============== Created Last 30 ================
    .
    2012-03-20 07:28:55 6552120 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d0ed03bf-d4fe-4f36-b373-967cd03a2153}\mpengine.dll
    2012-03-20 05:55:04 -------- d-----w- c:\documents and settings\debra\application data\Malwarebytes
    2012-03-20 05:54:47 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-03-20 05:54:45 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-20 05:54:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-03-16 13:02:33 388096 ----a-r- c:\documents and settings\debra\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-03-16 13:02:32 -------- d-----w- c:\program files\Trend Micro
    2012-03-16 12:16:23 -------- d-----w- c:\documents and settings\debra\application data\Windows Search
    2012-03-15 21:09:37 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2012-03-15 21:09:37 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2012-03-15 21:09:37 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2012-03-15 21:09:36 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2012-03-07 10:00:59 6552120 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\updates\mpengine.dll
    2012-03-07 02:52:00 -------- d-----w- c:\documents and settings\debra\local settings\application data\Temp
    2012-03-07 02:46:56 -------- d-----w- c:\documents and settings\debra\local settings\application data\Google
    2012-03-06 00:30:19 -------- d-----w- c:\windows\TempB17F6B33-7EE9-20CF-3AE0-488CF2AC017E-Signatures
    2012-03-06 00:30:12 -------- d-----w- c:\program files\Microsoft Security Client
    2012-03-05 02:23:32 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2012-03-05 02:21:19 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
    2012-03-05 02:21:17 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
    2012-03-05 02:19:11 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
    2012-03-05 02:17:24 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2012-03-05 02:14:38 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2012-03-05 02:13:49 105472 -c----w- c:\windows\system32\dllcache\mup.sys
    2012-03-05 02:12:17 6552120 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-03-05 02:03:26 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    2012-03-05 02:03:24 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2012-03-05 02:03:24 3072 ------w- c:\windows\system32\iacenc.dll
    2012-03-05 02:02:17 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    .
    ==================== Find3M ====================
    .
    2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    ============= FINISH: 12:07:59.83 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/15/2010 9:08:56 AM
    System Uptime: 3/20/2012 9:48:52 AM (3 hours ago)
    .
    Motherboard: Dell Computer Corporation | | 0Y4803
    Processor: Intel(R) Pentium(R) M processor 1.60GHz | Microprocessor | 1598/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 75 GiB total, 66.058 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP16: 3/4/2012 7:08:18 PM - Software Distribution Service 3.0
    RP17: 3/4/2012 7:11:20 PM - Software Distribution Service 3.0
    RP18: 3/4/2012 7:31:36 PM - Software Distribution Service 3.0
    RP19: 3/5/2012 5:29:51 PM - Software Distribution Service 3.0
    RP20: 3/5/2012 5:32:29 PM - Software Distribution Service 3.0
    RP21: 3/6/2012 7:39:49 PM - Software Distribution Service 3.0
    RP22: 3/6/2012 7:45:16 PM - Installed Adobe Reader X (10.1.2).
    RP23: 3/7/2012 3:00:16 AM - Software Distribution Service 3.0
    RP24: 3/7/2012 3:03:04 AM - Software Distribution Service 3.0
    RP25: 3/8/2012 3:25:00 AM - Software Distribution Service 3.0
    RP26: 3/13/2012 9:43:37 AM - Software Distribution Service 3.0
    RP27: 3/14/2012 3:57:37 PM - Software Distribution Service 3.0
    RP28: 3/15/2012 3:00:22 AM - Software Distribution Service 3.0
    RP29: 3/15/2012 7:21:42 PM - Software Distribution Service 3.0
    RP30: 3/16/2012 5:27:17 AM - Software Distribution Service 3.0
    RP31: 3/16/2012 7:02:31 AM - Installed HiJackThis
    RP32: 3/19/2012 11:42:21 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.2)
    ATI - Software Uninstall Utility
    ATI Control Panel
    ATI Display Driver
    Broadcom Gigabit Integrated Controller
    Conexant D480 MDC V.92 Modem
    Dell ResourceCD
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    Intel PROSet Wireless
    Intel(R) PROSet/Wireless WiFi Software
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    O2Micro Smartcard Driver
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    SigmaTel AC97 Audio Drivers
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Service Pack 3
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/16/2012 6:56:02 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
    3/16/2012 6:56:02 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/16/2012 6:56:02 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/16/2012 6:49:02 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
    3/13/2012 9:32:18 AM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
    .
    ==== End Of File ===========================
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Okay, so basically you think someone got irritated with you and somehow got into the system? First, you should know that 'slow' can be caused by a lot of reasons other than malware. And I don't think the IE crashes are from hacking. Let's do the following:

    Download this program, set it up, but don't run yet: You will configure it so all you will need to do is click on Run after IE crashes:

    Please download VEW and save it to your Desktop:

    Setting up the program

    Double-click VEW.exe to run.

    • Select log to query, select
    • Application
    • System

      Under Select type to list, select:
    • Critical (Vista only)
    • Error

      Click the radio button for Number of events
    • Type 20 in the 1 to 20 box
    • Then click the Run button.<<<< Don't press Run yet.
    • Notepad will open with the output log.

      Load the log
    • In Notepad, click Edit> Select all
    • Then press Edit > Copy
    • Press Ctrl+V on your keyboard to paste the log to your next reply.
    (Courtesy rev-Olie)
    ---------------
    The next time Internet Explorer crashes, note the time on the computer clock- write it down somewhere.

    Now go to the desktop where the program set up above is all ready for you to run> click on Run. After it has run, follow the remaining directions for the log. Please paste the log in your next reply.
    ============================================
    After you have run the above, please do this online virus scan:
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.