Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirecting


  • Please log in to reply
5 replies to this topic

#1 Kouban

Kouban

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 05 February 2012 - 03:39 PM

Starting yesterday, anytime I do a search on Google it redirects me to http://209.85.145.103/webhp?hl=en, which then lets me through to the links. Searching for this problem lead me to Ragolas's thread at http://www.bleepingcomputer.com/forums/topic438825.html with the same complaint. I took the liberty of running all the scans suggested in the reply post, and the logs are as follows:

SECURITY CHECK:

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Java™ 6 Update 25
Out of date Java installed!
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.2)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbam.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

FARBAR SERVICE SCANNER:

Farbar Service Scanner Version: 05-02-2012
Ran by Owner (administrator) on 05-02-2012 at 14:55:02
Running from "C:\Documents and Settings\Owner\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
===========

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
fssfltr(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

MINITOOLBOX

MiniToolBox by Farbar Version: 18-01-2012
Ran by Owner (administrator) on 05-02-2012 at 14:57:03
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 localhost

========================= IP Configuration: ================================

D-Link AirPlus DWL-520+ Wireless PCI Adapter = Wireless Network Connection (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : owner-971d78994

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-0F-1F-EB-27-F9



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : D-Link AirPlus DWL-520+ Wireless PCI Adapter

Physical Address. . . . . . . . . : 00-80-C8-16-6A-57

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.13

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 216.144.187.199

207.44.96.129

216.144.187.71

Lease Obtained. . . . . . . . . . : Sunday, February 05, 2012 2:35:12 PM

Lease Expires . . . . . . . . . . : Sunday, February 05, 2012 3:35:12 PM

Server: dns.eph.ptd.net
Address: 216.144.187.199

Name: google.com
Addresses: 74.125.115.106, 74.125.115.147, 74.125.115.99, 74.125.115.103
74.125.115.104, 74.125.115.105



Pinging google.com [74.125.115.105] with 32 bytes of data:



Reply from 74.125.115.105: bytes=32 time=35ms TTL=57

Reply from 74.125.115.105: bytes=32 time=34ms TTL=57



Ping statistics for 74.125.115.105:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 34ms, Maximum = 35ms, Average = 34ms

Server: dns.eph.ptd.net
Address: 216.144.187.199

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.2.43, 98.137.149.56, 98.139.180.149



Pinging yahoo.com [98.139.180.149] with 32 bytes of data:



Reply from 98.139.180.149: bytes=32 time=57ms TTL=56

Reply from 98.139.180.149: bytes=32 time=298ms TTL=56



Ping statistics for 98.139.180.149:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 57ms, Maximum = 298ms, Average = 177ms

Server: dns.eph.ptd.net
Address: 216.144.187.199

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x3 ...00 0f 1f eb 27 f9 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x20002 ...00 80 c8 16 6a 57 ...... D-Link AirPlus DWL-520+ Wireless PCI Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.13 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.13 192.168.0.13 30
192.168.0.13 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.0.255 255.255.255.255 192.168.0.13 192.168.0.13 30
224.0.0.0 240.0.0.0 192.168.0.13 192.168.0.13 30
255.255.255.255 255.255.255.255 192.168.0.13 3 1
255.255.255.255 255.255.255.255 192.168.0.13 192.168.0.13 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/05/2012 09:27:40 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (02/03/2012 08:57:37 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/02/2012 10:16:31 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 800706bb, P2 beginsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (02/01/2012 11:12:58 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80070008, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/31/2012 02:48:21 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/31/2012 02:48:20 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8402.0, P3 timeout, P4 1.1.8001.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/31/2012 00:17:42 PM) (Source: .NET Runtime) (User: )
Description: Application: TWCApp.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
Stack:
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at System.Threading.ExecutionContext.runTryCode(System.Object)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.Run()
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at DW.UI.App.Main()

Error: (01/31/2012 10:38:13 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/30/2012 09:50:09 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3 download, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (01/26/2012 01:43:10 PM) (Source: .NET Runtime) (User: )
Description: Application: TWCApp.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ArgumentException
Stack:
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.DispatcherOperation.InvokeImpl()
at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
at System.Threading.ExecutionContext.runTryCode(System.Object)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Windows.Threading.DispatcherOperation.Invoke()
at System.Windows.Threading.Dispatcher.ProcessQueue()
at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
at System.Windows.Threading.Dispatcher.Run()
at System.Windows.Application.RunDispatcher(System.Object)
at System.Windows.Application.RunInternal(System.Windows.Window)
at System.Windows.Application.Run(System.Windows.Window)
at DW.UI.App.Main()


System errors:
=============
Error: (02/05/2012 01:38:52 PM) (Source: Service Control Manager) (User: )
Description: The Application Layer Gateway Service service failed to start due to the following error:
%%1053

Error: (02/05/2012 01:38:41 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

Error: (02/05/2012 09:38:15 AM) (Source: 0) (User: )
Description: \Device\LanmanServer

Error: (02/05/2012 09:38:15 AM) (Source: 0) (User: )
Description: \Device\LanmanServer

Error: (02/05/2012 08:27:27 AM) (Source: Service Control Manager) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Error: (02/05/2012 08:27:27 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Error: (02/04/2012 06:04:17 PM) (Source: Service Control Manager) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Error: (02/04/2012 06:04:17 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Error: (02/04/2012 06:03:47 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service failed to start due to the following error:
%%1053

Error: (02/04/2012 06:03:47 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Adobe Flash Player 10 ActiveX (Version: 10.3.181.14)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Bing Bar (Version: 6.3.2291.0)
Bing Bar Platform (Version: 6.3.2291.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
CCleaner (Version: 3.14)
D-Link AirPlus
HP Officejet 6500 E710n-z Basic Device Software (Version: 22.50.231.0)
HP Officejet 6500 E710n-z Help (Version: 140.0.2.2)
HP Officejet 6500 E710n-z Product Improvement Study (Version: 22.50.231.0)
HP Update (Version: 5.002.006.003)
I.R.I.S. OCR (Version: 12.3.4.0)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4543)
Java Auto Updater (Version: 2.0.4.1)
Java™ 6 Update 25 (Version: 6.0.250)
Junk Mail filter update (Version: 14.0.8117.416)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Marketsplash Shortcuts (Version: 1.0.1.7)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Search Enhancement Pack (Version: 3.0.131.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6425.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
MSVCRT (Version: 14.0.1468.721)
Nero 7 Ultra Edition (Version: 7.02.4712)
OpenOffice.org 3.3 (Version: 3.3.9567)
SCRABBLE (Version: 1.0.1.3)
Segoe UI (Version: 14.0.4327.805)
SoundMAX (Version: 5.12.01.7000)
The Weather Channel App
Ultimate Mahjongg 10 (Version: 10.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VLC media player 1.1.11 (Version: 1.1.11)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11

========================= Memory info: ===================================

Percentage of memory in use: 91%
Total physical RAM: 2038.07 MB
Available physical RAM: 181.96 MB
Total Pagefile: 3931.14 MB
Available Pagefile: 2242.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.45 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.52 GB) (Free:59.12 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-971D78994

Administrator ASPNET Guest
HelpAssistant Owner SUPPORT_388945a0


**** End of log ****

MALWAREBYTES

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.05.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: OWNER-971D78994 [administrator]

2/5/2012 2:58:26 PM
mbam-log-2012-02-05 (14-58-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 187449
Time elapsed: 16 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ASWMBR

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-05 15:00:20
-----------------------------
15:00:20.093 OS Version: Windows 5.1.2600 Service Pack 3
15:00:20.093 Number of processors: 2 586 0x401
15:00:20.203 ComputerName: OWNER-971D78994 UserName: Owner
15:00:23.015 Initialize success
15:05:20.921 AVAST engine defs: 12020502
15:18:20.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
15:18:20.031 Disk 0 Vendor: WDC_WD800JD-00MSA1 10.01E01 Size: 76319MB BusType: 3
15:18:20.031 Device \Driver\atapi -> DriverStartIo 898582c6
15:18:20.046 Disk 0 MBR read successfully
15:18:20.046 Disk 0 MBR scan
15:18:20.593 Disk 0 MBR:Pihar-C [Rtk]
15:18:20.593 Disk 0 TDL4@MBR code has been found
15:18:20.593 Disk 0 Windows XP default MBR code found via API
15:18:20.593 Disk 0 MBR hidden
15:18:20.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
15:18:21.109 Disk 0 MBR [TDL4] **ROOTKIT**
15:18:21.109 Disk 0 trace - called modules:
15:18:21.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8985849f]<<
15:18:21.125 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89e40ab8]
15:18:21.125 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x89d33440]
15:18:21.125 \Driver\atapi[0x8986ee90] -> IRP_MJ_CREATE -> 0x8985849f
15:18:22.046 AVAST engine scan C:\WINDOWS
15:18:34.828 AVAST engine scan C:\WINDOWS\system32
15:22:50.218 AVAST engine scan C:\WINDOWS\system32\drivers
15:23:05.781 AVAST engine scan C:\Documents and Settings\Owner
15:27:29.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
15:27:29.390 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:01 PM

Posted 05 February 2012 - 07:06 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.

Restart your PC after running TDSSkiller,run aswmbr again and post the log


Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Post the clean log

#3 Kouban

Kouban
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 06 February 2012 - 02:57 PM

I've run all the programs as instructed, and Google seems to be working normally again, so I think I'm in the clear now :)

Here's the results from this new batch of scans:

TDSSKiller

11:28:33.0500 5572 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
11:28:33.0796 5572 ============================================================
11:28:33.0796 5572 Current date / time: 2012/02/06 11:28:33.0796
11:28:33.0796 5572 SystemInfo:
11:28:33.0796 5572
11:28:33.0796 5572 OS Version: 5.1.2600 ServicePack: 3.0
11:28:33.0796 5572 Product type: Workstation
11:28:33.0796 5572 ComputerName: OWNER-971D78994
11:28:33.0796 5572 UserName: Owner
11:28:33.0796 5572 Windows directory: C:\WINDOWS
11:28:33.0796 5572 System windows directory: C:\WINDOWS
11:28:33.0796 5572 Processor architecture: Intel x86
11:28:33.0796 5572 Number of processors: 2
11:28:33.0796 5572 Page size: 0x1000
11:28:33.0796 5572 Boot type: Normal boot
11:28:33.0796 5572 ============================================================
11:28:38.0031 5572 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:28:38.0062 5572 \Device\Harddisk0\DR0:
11:28:38.0062 5572 MBR used
11:28:38.0062 5572 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
11:28:38.0109 5572 Initialize success
11:28:38.0109 5572 ============================================================
11:29:30.0984 1352 ============================================================
11:29:30.0984 1352 Scan started
11:29:30.0984 1352 Mode: Manual; TDLFS;
11:29:30.0984 1352 ============================================================
11:29:31.0781 1352 Abiosdsk - ok
11:29:31.0796 1352 abp480n5 - ok
11:29:31.0843 1352 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:29:31.0843 1352 ACPI - ok
11:29:31.0890 1352 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:29:31.0890 1352 ACPIEC - ok
11:29:31.0906 1352 adpu160m - ok
11:29:31.0953 1352 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:29:31.0953 1352 aec - ok
11:29:31.0984 1352 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:29:31.0984 1352 AFD - ok
11:29:32.0000 1352 Aha154x - ok
11:29:32.0015 1352 aic78u2 - ok
11:29:32.0031 1352 aic78xx - ok
11:29:32.0062 1352 AIRPLUS (8b9ccded592a52e9c27e862f11a29c4d) C:\WINDOWS\system32\DRIVERS\airplus.sys
11:29:32.0062 1352 AIRPLUS - ok
11:29:32.0234 1352 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
11:29:32.0328 1352 ALCXWDM - ok
11:29:32.0687 1352 AliIde - ok
11:29:32.0703 1352 amsint - ok
11:29:32.0718 1352 asc - ok
11:29:32.0734 1352 asc3350p - ok
11:29:32.0750 1352 asc3550 - ok
11:29:32.0828 1352 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:29:32.0828 1352 AsyncMac - ok
11:29:32.0875 1352 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:29:32.0875 1352 atapi - ok
11:29:32.0875 1352 Atdisk - ok
11:29:32.0890 1352 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:29:32.0890 1352 Atmarpc - ok
11:29:32.0937 1352 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:29:32.0937 1352 audstub - ok
11:29:32.0984 1352 b57w2k (741dfbf3a4dc41a400dbc71199564853) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
11:29:32.0984 1352 b57w2k - ok
11:29:33.0031 1352 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:29:33.0031 1352 Beep - ok
11:29:33.0078 1352 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:29:33.0078 1352 cbidf2k - ok
11:29:33.0140 1352 cd20xrnt - ok
11:29:33.0218 1352 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:29:33.0234 1352 Cdaudio - ok
11:29:33.0234 1352 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:29:33.0234 1352 Cdfs - ok
11:29:33.0250 1352 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:29:33.0265 1352 Cdrom - ok
11:29:33.0546 1352 cerc6 - ok
11:29:33.0562 1352 Changer - ok
11:29:33.0609 1352 CmdIde - ok
11:29:33.0625 1352 Cpqarray - ok
11:29:33.0640 1352 dac2w2k - ok
11:29:33.0656 1352 dac960nt - ok
11:29:33.0671 1352 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:29:33.0671 1352 Disk - ok
11:29:33.0734 1352 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:29:33.0765 1352 dmboot - ok
11:29:33.0796 1352 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:29:33.0812 1352 dmio - ok
11:29:33.0812 1352 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:29:33.0812 1352 dmload - ok
11:29:33.0875 1352 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:29:33.0875 1352 DMusic - ok
11:29:33.0953 1352 dpti2o - ok
11:29:34.0031 1352 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:29:34.0031 1352 drmkaud - ok
11:29:34.0062 1352 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:29:34.0062 1352 Fastfat - ok
11:29:34.0390 1352 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:29:34.0390 1352 Fdc - ok
11:29:34.0406 1352 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:29:34.0406 1352 Fips - ok
11:29:34.0421 1352 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:29:34.0421 1352 Flpydisk - ok
11:29:34.0468 1352 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:29:34.0484 1352 FltMgr - ok
11:29:34.0515 1352 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
11:29:34.0531 1352 fssfltr - ok
11:29:34.0546 1352 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:29:34.0546 1352 Fs_Rec - ok
11:29:34.0562 1352 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:29:34.0562 1352 Ftdisk - ok
11:29:34.0593 1352 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:29:34.0593 1352 Gpc - ok
11:29:34.0687 1352 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:29:34.0687 1352 hidusb - ok
11:29:34.0703 1352 hpn - ok
11:29:34.0734 1352 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:29:34.0750 1352 HTTP - ok
11:29:35.0046 1352 i2omgmt - ok
11:29:35.0046 1352 i2omp - ok
11:29:35.0062 1352 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
11:29:35.0062 1352 i8042prt - ok
11:29:35.0140 1352 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:29:35.0171 1352 ialm - ok
11:29:35.0203 1352 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:29:35.0203 1352 Imapi - ok
11:29:35.0218 1352 ini910u - ok
11:29:35.0265 1352 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:29:35.0265 1352 IntelIde - ok
11:29:35.0359 1352 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:29:35.0359 1352 intelppm - ok
11:29:35.0406 1352 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:29:35.0406 1352 Ip6Fw - ok
11:29:35.0437 1352 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:29:35.0437 1352 IpFilterDriver - ok
11:29:35.0453 1352 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:29:35.0453 1352 IpInIp - ok
11:29:35.0484 1352 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:29:35.0484 1352 IpNat - ok
11:29:35.0531 1352 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:29:35.0531 1352 IPSec - ok
11:29:35.0562 1352 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:29:35.0562 1352 IRENUM - ok
11:29:35.0875 1352 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:29:35.0875 1352 isapnp - ok
11:29:35.0937 1352 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:29:35.0937 1352 Kbdclass - ok
11:29:35.0984 1352 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:29:35.0984 1352 kbdhid - ok
11:29:36.0031 1352 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:29:36.0031 1352 kmixer - ok
11:29:36.0125 1352 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:29:36.0125 1352 KSecDD - ok
11:29:36.0140 1352 lbrtfdc - ok
11:29:36.0171 1352 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:29:36.0171 1352 mnmdd - ok
11:29:36.0234 1352 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:29:36.0234 1352 Modem - ok
11:29:36.0234 1352 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:29:36.0234 1352 Mouclass - ok
11:29:36.0265 1352 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:29:36.0265 1352 mouhid - ok
11:29:36.0281 1352 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:29:36.0281 1352 MountMgr - ok
11:29:36.0328 1352 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:29:36.0328 1352 MpFilter - ok
11:29:36.0609 1352 mraid35x - ok
11:29:36.0640 1352 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:29:36.0640 1352 MRxDAV - ok
11:29:36.0687 1352 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:29:36.0703 1352 MRxSmb - ok
11:29:36.0843 1352 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:29:36.0859 1352 Msfs - ok
11:29:37.0187 1352 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:29:37.0187 1352 MSKSSRV - ok
11:29:37.0218 1352 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:29:37.0218 1352 MSPCLOCK - ok
11:29:37.0265 1352 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:29:37.0265 1352 MSPQM - ok
11:29:37.0296 1352 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:29:37.0296 1352 mssmbios - ok
11:29:37.0328 1352 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:29:37.0328 1352 Mup - ok
11:29:37.0484 1352 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:29:37.0484 1352 NDIS - ok
11:29:37.0515 1352 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:29:37.0515 1352 NdisTapi - ok
11:29:37.0640 1352 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:29:37.0640 1352 Ndisuio - ok
11:29:37.0859 1352 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:29:37.0859 1352 NdisWan - ok
11:29:37.0906 1352 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:29:37.0906 1352 NDProxy - ok
11:29:37.0953 1352 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:29:37.0953 1352 NetBIOS - ok
11:29:38.0015 1352 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:29:38.0015 1352 NetBT - ok
11:29:38.0156 1352 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:29:38.0156 1352 Npfs - ok
11:29:38.0203 1352 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:29:38.0218 1352 Ntfs - ok
11:29:38.0515 1352 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:29:38.0515 1352 Null - ok
11:29:38.0562 1352 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:29:38.0562 1352 NwlnkFlt - ok
11:29:38.0578 1352 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:29:38.0578 1352 NwlnkFwd - ok
11:29:38.0640 1352 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:29:38.0640 1352 Parport - ok
11:29:38.0656 1352 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:29:38.0656 1352 PartMgr - ok
11:29:38.0687 1352 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:29:38.0687 1352 ParVdm - ok
11:29:38.0718 1352 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:29:38.0718 1352 PCI - ok
11:29:38.0812 1352 PCIDump - ok
11:29:38.0843 1352 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
11:29:38.0843 1352 PCIIde - ok
11:29:38.0890 1352 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:29:38.0906 1352 Pcmcia - ok
11:29:38.0921 1352 PDCOMP - ok
11:29:38.0937 1352 PDFRAME - ok
11:29:38.0937 1352 PDRELI - ok
11:29:38.0953 1352 PDRFRAME - ok
11:29:38.0968 1352 perc2 - ok
11:29:38.0984 1352 perc2hib - ok
11:29:39.0031 1352 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:29:39.0031 1352 PptpMiniport - ok
11:29:39.0031 1352 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:29:39.0046 1352 PSched - ok
11:29:39.0046 1352 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:29:39.0046 1352 Ptilink - ok
11:29:39.0062 1352 ql1080 - ok
11:29:39.0078 1352 Ql10wnt - ok
11:29:39.0093 1352 ql12160 - ok
11:29:39.0093 1352 ql1240 - ok
11:29:39.0109 1352 ql1280 - ok
11:29:39.0125 1352 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:29:39.0125 1352 RasAcd - ok
11:29:39.0156 1352 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:29:39.0156 1352 Rasl2tp - ok
11:29:39.0453 1352 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:29:39.0453 1352 RasPppoe - ok
11:29:39.0484 1352 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:29:39.0484 1352 Raspti - ok
11:29:39.0515 1352 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:29:39.0515 1352 Rdbss - ok
11:29:39.0531 1352 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:29:39.0531 1352 RDPCDD - ok
11:29:39.0578 1352 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:29:39.0578 1352 rdpdr - ok
11:29:39.0625 1352 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:29:39.0625 1352 RDPWD - ok
11:29:39.0671 1352 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:29:39.0671 1352 redbook - ok
11:29:39.0734 1352 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:29:39.0734 1352 Secdrv - ok
11:29:39.0875 1352 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
11:29:39.0906 1352 senfilt - ok
11:29:39.0984 1352 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:29:39.0984 1352 serenum - ok
11:29:40.0109 1352 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:29:40.0109 1352 Serial - ok
11:29:40.0343 1352 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:29:40.0343 1352 Sfloppy - ok
11:29:40.0375 1352 Simbad - ok
11:29:40.0453 1352 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
11:29:40.0453 1352 smwdm - ok
11:29:40.0515 1352 Sparrow - ok
11:29:40.0562 1352 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:29:40.0562 1352 splitter - ok
11:29:40.0625 1352 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:29:40.0625 1352 sr - ok
11:29:40.0656 1352 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:29:40.0687 1352 Srv - ok
11:29:40.0843 1352 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:29:40.0843 1352 swenum - ok
11:29:41.0062 1352 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:29:41.0062 1352 swmidi - ok
11:29:41.0062 1352 symc810 - ok
11:29:41.0078 1352 symc8xx - ok
11:29:41.0093 1352 sym_hi - ok
11:29:41.0109 1352 sym_u3 - ok
11:29:41.0156 1352 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:29:41.0156 1352 sysaudio - ok
11:29:41.0187 1352 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:29:41.0203 1352 Tcpip - ok
11:29:41.0312 1352 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:29:41.0312 1352 TDPIPE - ok
11:29:41.0328 1352 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:29:41.0328 1352 TDTCP - ok
11:29:41.0375 1352 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:29:41.0375 1352 TermDD - ok
11:29:41.0390 1352 TosIde - ok
11:29:41.0453 1352 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:29:41.0453 1352 Udfs - ok
11:29:41.0515 1352 ultra - ok
11:29:41.0546 1352 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:29:41.0562 1352 Update - ok
11:29:41.0859 1352 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:29:41.0859 1352 usbccgp - ok
11:29:41.0890 1352 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:29:41.0890 1352 usbehci - ok
11:29:41.0921 1352 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:29:41.0921 1352 usbhub - ok
11:29:41.0953 1352 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:29:41.0968 1352 usbprint - ok
11:29:42.0046 1352 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:29:42.0046 1352 usbscan - ok
11:29:42.0093 1352 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:29:42.0093 1352 USBSTOR - ok
11:29:42.0156 1352 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:29:42.0156 1352 usbuhci - ok
11:29:42.0187 1352 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:29:42.0187 1352 VgaSave - ok
11:29:42.0218 1352 ViaIde - ok
11:29:42.0250 1352 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:29:42.0250 1352 VolSnap - ok
11:29:42.0546 1352 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:29:42.0546 1352 Wanarp - ok
11:29:42.0546 1352 WDICA - ok
11:29:42.0593 1352 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:29:42.0593 1352 wdmaud - ok
11:29:42.0687 1352 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:29:42.0703 1352 WudfPf - ok
11:29:42.0718 1352 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:29:42.0718 1352 WudfRd - ok
11:29:42.0750 1352 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
11:29:42.0765 1352 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
11:29:42.0765 1352 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
11:29:42.0796 1352 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:29:42.0796 1352 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:29:42.0796 1352 Boot (0x1200) (483558f9e09b2a9e3d1584dd8704eaf0) \Device\Harddisk0\DR0\Partition0
11:29:42.0796 1352 \Device\Harddisk0\DR0\Partition0 - ok
11:29:42.0796 1352 ============================================================
11:29:42.0796 1352 Scan finished
11:29:42.0796 1352 ============================================================
11:29:42.0812 4672 Detected object count: 2
11:29:42.0812 4672 Actual detected object count: 2
11:30:28.0625 4672 \Device\Harddisk0\DR0\# - copied to quarantine
11:30:28.0625 4672 \Device\Harddisk0\DR0 - copied to quarantine
11:30:28.0656 4672 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
11:30:28.0656 4672 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
11:30:28.0656 4672 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
11:30:28.0671 4672 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
11:30:28.0671 4672 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
11:30:28.0671 4672 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
11:30:28.0703 4672 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
11:30:28.0718 4672 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
11:30:28.0718 4672 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
11:30:28.0718 4672 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
11:30:28.0750 4672 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
11:30:28.0750 4672 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
11:30:28.0750 4672 \Device\Harddisk0\DR0 - ok
11:30:28.0750 4672 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
11:30:28.0750 4672 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:30:28.0750 4672 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:32:19.0328 4292 Deinitialize success


GMER results:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-06 13:06:05
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD800JD-00MSA1 rev.10.01E01
Running: b0soxv5k.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pwncrfob.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB9B12F80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[496] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0125B750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


ASWMBR results:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-06 13:06:38
-----------------------------
13:06:38.390 OS Version: Windows 5.1.2600 Service Pack 3
13:06:38.390 Number of processors: 2 586 0x401
13:06:38.390 ComputerName: OWNER-971D78994 UserName: Owner
13:06:38.828 Initialize success
13:06:47.406 AVAST engine defs: 12020502
13:06:58.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
13:06:58.125 Disk 0 Vendor: WDC_WD800JD-00MSA1 10.01E01 Size: 76319MB BusType: 3
13:06:58.140 Disk 0 MBR read successfully
13:06:58.140 Disk 0 MBR scan
13:06:58.171 Disk 0 Windows XP default MBR code
13:06:58.171 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
13:06:58.171 Disk 0 scanning sectors +156280320
13:06:58.281 Disk 0 scanning C:\WINDOWS\system32\drivers
13:07:28.890 Service scanning
13:07:29.734 Modules scanning
13:08:13.812 Disk 0 trace - called modules:
13:08:13.843
13:08:14.265 AVAST engine scan C:\WINDOWS
13:08:45.578 AVAST engine scan C:\WINDOWS\system32
13:18:32.375 AVAST engine scan C:\WINDOWS\system32\drivers
13:19:26.265 AVAST engine scan C:\Documents and Settings\Owner
13:37:12.437 AVAST engine scan C:\Documents and Settings\All Users
13:38:45.296 Scan finished successfully
13:58:13.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
13:58:13.312 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


MBAM results:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.05.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: OWNER-971D78994 [administrator]

2/6/2012 1:58:49 PM
mbam-log-2012-02-06 (13-58-49).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234955
Time elapsed: 38 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:01 PM

Posted 06 February 2012 - 10:55 PM

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Press Windows+R key and type

services.msc and click ok

Right click on security center service and start it


Launch TDSSkiller once again ,click on SCAN

Delete TDSSfile system-Do not skip it

Good luck

#5 Kouban

Kouban
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 07 February 2012 - 03:57 PM

ESET results:

C:\Nero_7_Ultra_Edition_Enhanced_version_7-WITH_key\Nero 7 Ultra Edition Enhanced version 7-WITH keygen\Nero-7.7.5.1_eng_trial.exe Win32/Toolbar.AskSBar application deleted - quarantined
C:\TDSSKiller_Quarantine\06.02.2012_11.28.33\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined


After deleting TDSS file system, Security Essentials caught 5 items marked Trojan: Alureon, which I had it remove.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:01 PM

Posted 07 February 2012 - 04:21 PM

If you do not face issues,lets wrap up

Download hosts fix

http://go.microsoft.com/?linkid=9668866

Run the fixit

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Uninstall your java update from add or remove programs and download latest from here

http://www.java.com/en/

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

Edited by narenxp, 07 February 2012 - 04:21 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users