Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine redirect


  • Please log in to reply
4 replies to this topic

#1 BlueBomber600

BlueBomber600

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 04 January 2012 - 01:42 AM

Hi,

I am having problems with being redirected from a search engine. Whether it's google or yahoo, I am able to search and get results. However, when clicking on a result, the browser is redirected to some other page, showing fake search results. Occassionally, there is also a consistant pop-up with a fake news headline about a local woman earning money or something along those lines...

I have been running Microsoft Security Essentials, and have tried scanning with Malwarebytes, Spybot Search & Destroy. Since these have not removed the problem, I've downloaded a trial of Kaspersky.

Kaspersky brings up a threat:
"Detected HEUR: Trojan.Win32.Generic
Object C:\\WINDOWS\system32\drivers\netbt.sys but my only option is to ignore it. I've searched, and have found that the netbt.sys is a legit file for Windows, which is why I assume Kaspersky won't let me remove it.

Any help would be greatly appreciated.

Thanks.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:17 PM

Posted 04 January 2012 - 12:22 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 BlueBomber600

BlueBomber600
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 05 January 2012 - 12:29 AM

Hi Broni,

Thanks for the help.

Security Check results:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Kaspersky Anti-Virus 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
CCleaner
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````



Farbar Service Scanner results:

Farbar Service Scanner
Ran by Emil (administrator) on 04-01-2012 at 16:03:07
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returend error: Yahoo IP is unreachable


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys
[2004-08-10 03:00] - [2008-04-13 11:21] - 0162816 ____A () E83B450A3ADAE2D9EF4170474D94DDCC

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(8) Gpc(3) IPSec(5) kl2(9) NetBT(6) PSched(7) Tcpip(4)
0x0A00000009000000050000000100000002000000030000000400000056000000060000000700000008000000


**** End of log ****



MiniToolBox results:

MiniToolBox by Farbar
Ran by Emil (administrator) on 04-01-2012 at 16:04:37
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

Hosts file not detected in the default directory
========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Media disconnected)
Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Media disconnected)
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.


Windows IP Configuration



Host Name . . . . . . . . . . . . : Laptop

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-13-02-20-14-66



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-14-22-F5-31-58

Ping request could not find host google.com. Please check the name and try again.

Ping request could not find host yahoo.com. Please check the name and try again.

Ping request could not find host bleepingcomputer.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 02 20 14 66 ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
0x3 ...00 14 22 f5 31 58 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 3 1
255.255.255.255 255.255.255.255 255.255.255.255 2 1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/02/2012 09:07:09 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally

Error: (01/02/2012 08:19:17 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (01/02/2012 06:00:20 PM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (01/02/2012 10:42:09 AM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (01/02/2012 10:36:41 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80501001applyactionscmainwindow__onblockingthreatsactioncomplete0security essentialsNILNILNIL

Error: (01/02/2012 00:12:40 AM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80501001applyactionscmainwindow__onblockingthreatsactioncomplete0security essentialsNILNILNIL

Error: (01/01/2012 10:10:39 AM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (12/24/2011 09:48:34 AM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (12/24/2011 08:58:09 AM) (Source: MPSampleSubmission) (User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (12/22/2011 01:48:39 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F.crt> with error: The connection with the server was terminated abnormally


System errors:
=============
Error: (01/02/2012 08:19:16 PM) (Source: Microsoft Antimalware) (User: )
Description: %%8603.0.8402.01.117.2093.07%%859NT AUTHORITYSYSTEMS-1-5-181%%8001%%8031.1.7903.00x80070424The specified service does not exist as an installed service. 1%%852Default URL

Error: (01/02/2012 08:18:06 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/02/2012 08:17:12 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/02/2012 08:16:00 PM) (Source: Schedule) (User: )
Description: The At42.job command failed to start due to the following error:
%%2147942402

Error: (01/02/2012 08:13:28 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/02/2012 08:11:52 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/02/2012 08:09:43 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/02/2012 08:09:16 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/02/2012 08:09:16 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/02/2012 08:08:42 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127


Microsoft Office Sessions:
=========================
Error: (01/02/2012 09:07:09 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThe connection with the server was terminated abnormally

Error: (01/02/2012 08:19:17 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (01/02/2012 06:00:20 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (01/02/2012 10:42:09 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (01/02/2012 10:36:41 AM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80501001applyactionscmainwindow__onblockingthreatsactioncomplete0security essentialsNILNILNIL

Error: (01/02/2012 00:12:40 AM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientmsseces.exe2.1.1116.00x80501001applyactionscmainwindow__onblockingthreatsactioncomplete0security essentialsNILNILNIL

Error: (01/01/2012 10:10:39 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (12/24/2011 09:48:34 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (12/24/2011 08:58:09 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetry80070424beginsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL

Error: (12/22/2011 01:48:39 AM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F.crtThe connection with the server was terminated abnormally


=========================== Installed Programs ============================

... Files\Onset Computer Corporation\HOBOware
7-Zip 9.20
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adolix Split and Merge PDF v1.9
Apple Application Support (Version: 1.2.1)
Apple Software Update (Version: 2.1.1.116)
AutoUpdate (Version: 1.1)
Broadcom 440x 10/100 Integrated Controller (Version: 10.04.01)
Canon Camera Access Library (Version: 8.1.1.17)
Canon Camera Support Core Library (Version: 7.3.1.6)
Canon Camera Window DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17)
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.2.0.8)
Canon G.726 WMP-Decoder (Version: 1.0.1.3)
Canon MOV Decoder (Version: 1.7.0.6)
Canon MOV Encoder (Version: 1.5.0.3)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.6.0.5)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.3.0.11)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.5.0.5)
Canon Utilities EOS Utility (Version: 1.0.3.17)
Canon Utilities PhotoStitch (Version: 3.1.17.41)
Canon Utilities ZoomBrowser EX (Version: 6.6.0.23)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.4.0.4)
CCleaner (Version: 3.05)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Conexant HDA D110 MDC V.92 Modem
CutePDF Writer 2.7
Dell ResourceCD
Dell Support Center (Support Software) (Version: 2.2.09085)
Dell Wireless WLAN Card (Version: 4.10.47.3)
DivX Converter (Version: 6.6.1)
DivX Player (Version: 6.8.2)
DivX Web Player (Version: 1.4.2)
DVD Shrink 3.2
DWGeditor (Version: 18.00.5035)
eDrawings 2010 API SDK (Version: 18.00.5035)
Foxit Reader (Version: 4.3.1.323)
Free M4a to MP3 Converter 6.1
Garmin City Navigator North America 2008 (Version: 9.0.0.0)
Garmin Communicator Plugin (Version: 2.5.1)
Garmin MapSource (Version: 6.15.11)
Garmin TOPO U.S. 2008 (Version: 4.0.0.0)
Garmin USB Drivers (Version: 1.0.0.0)
Garmin USB Drivers (Version: 2.3.0.0)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HOBOware 3.0
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software (Version: 11.5.0000)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
JDownloader 0.9 (Version: 0.9)
Kaspersky Anti-Virus 2012 (Version: 12.0.0.374)
Keyspan USB Serial Adapter (Version: 3.7s)
LuminanceHDR 2.0.2
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
mCore (Version: 11.02.0000)
mDriver (Version: 11.02.0000)
mDrWiFi (Version: 11.02.0000)
mHlpDell (Version: 11.02.0000)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components (Version: 12.0.6213.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft Visual Studio 2005 Tools for Applications - ENU (Version: 8.0.50727.146)
mIWA (Version: 11.02.0000)
mLogView (Version: 11.02.0000)
mMHouse (Version: 11.02.0000)
Mozilla Firefox 8.0.1 (x86 en-US) (Version: 8.0.1)
mPfMgr (Version: 11.02.0000)
mPfWiz (Version: 11.02.0000)
mProSafe (Version: 9.00.0000)
mSCfg (Version: 11.02.0000)
mSSO (Version: 11.02.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
mWlsSafe (Version: 9.00.0000)
mWMI (Version: 11.02.0000)
mZConfig (Version: 11.02.0000)
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PhotoScape
PhotoView 360 (Version: 18.00.5035)
Picasa 3 (Version: 3.8)
Power Commander Control Center 3.2.0 (Test Build 1)
PowerDVD 5.5
QuickSet (Version: 7.1.12)
QuickTime (Version: 7.66.71.0)
Roxio DLA (Version: 5.2.0)
Roxio MyDVD LE (Version: 6.1.6)
Roxio RecordNow Audio (Version: 2.0.4)
Roxio RecordNow Copy (Version: 2.0.4)
Roxio RecordNow Data (Version: 2.0.4)
SigmaTel Audio (Version: 5.10.4803.0)
SolidWorks 2010 API SDK (Version: 18.00.5035)
SolidWorks 2010 SP0 (Version: 18.0.0.5035)
SolidWorks 2010 SP0 (Version: 18.100.5035)
SolidWorks eDrawings 2010 (Version: 10.0.727)
SolidWorks Explorer 2010 SP0 (Version: 18.00.5035)
Sonic Encoders (Version: 1.00)
Sonic Update Manager (Version: 3.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
Synaptics Pointing Device Driver (Version: 8.2.4.6)
TeamViewer 6 (Version: 6.0.10194)
Update Rollup 2 for Windows XP Media Center Edition 2005
VLC media player 1.0.2 (Version: 1.0.2)
WD SmartWare (Version: 1.4.1.1)
WebFldrs XP (Version: 9.50.7523)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.3 final uninstall (Version: 1.1)

========================= Memory info: ===================================

Percentage of memory in use: 50%
Total physical RAM: 1014.37 MB
Available physical RAM: 499.86 MB
Total Pagefile: 2436.43 MB
Available Pagefile: 2043.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.98 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:87.06 GB) (Free:7.53 GB) NTFS
3 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
4 Drive g: (Cruzer) (Removable) (Total:7.47 GB) (Free:5.12 GB) FAT32

========================= Users: ========================================

User accounts for \\LAPTOP

Administrator ASPNET Emil
Guest HelpAssistant SUPPORT_388945a0


**** End of log ****




Malwarebytes' results:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.03.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Emil :: LAPTOP [administrator]

1/4/2012 4:08:24 PM
mbam-log-2012-01-04 (16-08-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206996
Time elapsed: 22 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





GMER results:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-04 21:06:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2100BH rev.00850028
Running: 347haksjfh3465.exe; Driver: C:\DOCUME~1\Emil\LOCALS~1\Temp\uxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xAA449FBA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xAA44A8B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xAA463AEE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xAA44AE26]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xAA44AD14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xAA463E06]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcess [0xAA44B056]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcessEx [0xAA44B21E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xAA449D76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xAA44AF3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xAA44A5E6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xAA463ECE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xAA44B53C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xAA45E084]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xAA45F88E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xAA44A8F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xAA44C53C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xAA45F088]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xAA45FA38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xAA44B62E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xAA45EBC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xAA45EE1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xAA44BB9A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xAA46230A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xAA44AEB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xAA44ADA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xAA44A1F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xAA44B97E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xAA44AFD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xAA44A0E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xAA45DEB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xAA45F698]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryObject [0xAA462500]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xAA44BEC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xAA45F488]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xAA44B7CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xAA45E198]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xAA45E80C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xAA464048]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xAA463F96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xAA4640B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xAA45EA14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xAA44C3DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xAA45E33E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKeyEx [0xAA45E4D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveMergedKeys [0xAA45E670]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xAA463C76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xAA44A756]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xAA44B3E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xAA44C010]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xAA45F248]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xAA44C104]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xAA44C23E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xAA44B45E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xAA44A392]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xAA44A2EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xAA44BD78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xAA44A47C]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804EAF84 5 Bytes JMP AA43C9F0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!IoIsOperationSynchronous 804EF912 5 Bytes JMP AA43CDCC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntkrnlpa.exe!ZwCallbackReturn + 2C9C 80504538 12 Bytes [06, 3E, 46, AA, 56, B0, 44, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 12 Bytes [2E, B6, 44, AA, C0, EB, 45, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2DE4 80504680 4 Bytes CALL F2FA8B25
.text ntkrnlpa.exe!ZwCallbackReturn + 2EE4 80504780 16 Bytes [98, E1, 45, AA, 0C, E8, 45, ...] {CWDE ; LOOPZ 0x48; STOSB ; OR AL, 0xe8; INC EBP; STOSB ; DEC EAX; INC EAX; INC ESI; STOSB ; XCHG ESI, EAX; AAS ; INC ESI; STOSB }
.text ntkrnlpa.exe!ZwCallbackReturn + 2F14 805047B0 4 Bytes [14, EA, 45, AA] {ADC AL, 0xea; INC EBP; STOSB }
.text ...
.text netbt.sys AA2D5000 7 Bytes [89, 01, 81, 7D, 10, 16, 00]
.text netbt.sys AA2D5008 30 Bytes [C0, 0F, 85, 36, FF, FF, FF, ...]
.text netbt.sys AA2D5027 93 Bytes [55, 8B, EC, 83, EC, 10, 8B, ...]
.text netbt.sys AA2D5085 114 Bytes [00, 8D, 4F, 5C, FF, 15, 90, ...]
.text netbt.sys AA2D50F9 44 Bytes [89, 7E, 20, C6, 46, 03, E0, ...]
.text ...
? C:\WINDOWS\system32\DRIVERS\netbt.sys suspicious PE modification

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1820] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F2000A
.text C:\WINDOWS\System32\svchost.exe[1820] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F3000A
.text C:\WINDOWS\System32\svchost.exe[1820] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F1000C

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F6DBDDC0] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) AA2FC000-AA316000 (106496 bytes)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB53057$\3223981931 0 bytes
File C:\WINDOWS\$NtUninstallKB53057$\3223981931\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB53057$\3223981931\bckfg.tmp 879 bytes
File C:\WINDOWS\$NtUninstallKB53057$\3223981931\cfg.ini 208 bytes
File C:\WINDOWS\$NtUninstallKB53057$\3223981931\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB53057$\3223981931\keywords 284 bytes
File C:\WINDOWS\$NtUninstallKB53057$\3223981931\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB53057$\3223981931\L 0 bytes
File C:\WINDOWS\$NtUninstallKB53057$\3223981931\L\mimjmdbd 162816 bytes
File C:\WINDOWS\$NtUninstallKB53057$\3223981931\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB53057$\3223981931\U 0 bytes
File C:\WINDOWS\$NtUninstallKB53057$\3223981931\U\00000001.@ 1536 bytes
File C:\WINDOWS\$NtUninstallKB53057$\3223981931\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB53057$\3223981931\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB53057$\3223981931\U\80000000.@ 11264 bytes
File C:\WINDOWS\$NtUninstallKB53057$\3223981931\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB53057$\3223981931\U\80000032.@ 97792 bytes
File C:\WINDOWS\$NtUninstallKB53057$\3795124054 0 bytes

---- EOF - GMER 1.0.15 ----




Only odd thing was running the MiniToolBox, I got 2 errors. Not sure if they mean anything, but:

Netsh.exe - Entry Point Not FOund
The Procedure entry point MigrateWinsockConfiguration could not be located in the dynamic link library MSWSOCK.dll

and

nslookup.exe Ordinal Not Found
The ordinal 1108 could not be located in the dynamic link library WSOCK32.dll


Thanks for you help,
Emil

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:17 PM

Posted 05 January 2012 - 12:36 AM

You have more serious issues there.
Advanced tools will be needed.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 BlueBomber600

BlueBomber600
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 06 January 2012 - 01:07 AM

Hi Broni,

Thanks for pointing me in the right direction.

I've posted in the section.

Thanks again,
Emil




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users